fd03caa5aa9ee7e28bcb2652383286f780b376bea7e59e3d7494c8c86dfa8b96

Sharing

Copy URL Twitter E-mail

General

Target

fd03caa5aa9ee7e28bcb2652383286f780b376bea7e59e3d7494c8c86dfa8b96
Size

15.8MB
MD5

a5f3762d8af4f6505e4e0f860f80e2fd
SHA1

6f76d3f3d30bfd3b89d7b0edf27560e6c32db884
SHA256

fd03caa5aa9ee7e28bcb2652383286f780b376bea7e59e3d7494c8c86dfa8b96
SHA512

00d8b86bfc2b4b46954f7d527f6c520f14725f87cc198190b2067298dd13077db27d7464b7d50ec7141c253ebfb9cd2b6e8977ac42012742375e8ab55f1fecd6
SSDEEP

393216:MSm8lkFA6qgKTav8SqpRYpIfphLfQQRDKat:MSllk1K9YSnLfQ0

Score

3^/10

Malware Config

Signatures

Unsigned PE 55 IoCs

Checks for missing Authenticode signature.

resource
fd03caa5aa9ee7e28bcb2652383286f780b376bea7e59e3d7494c8c86dfa8b96
unpack001/$PLUGINSDIR/BgWorker.dll
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/SkinBtn.dll
unpack001/$PLUGINSDIR/SkinProgress.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/WebCtrl.dll
unpack001/$PLUGINSDIR/WndProc.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsWindows$_37_.dll
unpack001/MSVCR80.dll
unpack001/SharpCompress.3.5.dll
unpack001/System.Data.SQLite.dll
unpack001/ccLoLSkin.exe
unpack001/ccLoLSkin.rsm
unpack001/ccLoLSkinUpdater.exe
unpack001/ccLoLSkinUpdater.rsm
unpack001/gdiplus.dll
unpack001/mscoree.dll
unpack001/msvcm80.dll
unpack001/msvcp80.dll
unpack001/rsdeploy.dll
unpack001/v2.0.50727/assembly/GAC/Microsoft.DirectX.Direct3D/1.0.2902.0__31bf3856ad364e35/Microsoft.DirectX.Direct3D.dll
unpack001/v2.0.50727/assembly/GAC/Microsoft.DirectX.Direct3DX/1.0.2902.0__31bf3856ad364e35/Microsoft.DirectX.Direct3DX.dll
unpack001/v2.0.50727/assembly/GAC/Microsoft.DirectX/1.0.2902.0__31bf3856ad364e35/Microsoft.DirectX.dll
unpack001/v2.0.50727/assembly/GAC_32/CustomMarshalers/2.0.0.0__B03F5F7F11D50A3A/CustomMarshalers.dll
unpack001/v2.0.50727/assembly/GAC_32/System.Data.OracleClient/2.0.0.0__b77a5c561934e089/System.Data.OracleClient.dll
unpack001/v2.0.50727/assembly/GAC_32/System.Data/2.0.0.0__b77a5c561934e089/System.Data.dll
unpack001/v2.0.50727/assembly/GAC_32/System.EnterpriseServices/2.0.0.0__b03f5f7f11d50a3a/System.EnterpriseServices.Wrapper.dll
unpack001/v2.0.50727/assembly/GAC_32/System.EnterpriseServices/2.0.0.0__b03f5f7f11d50a3a/System.EnterpriseServices.dll
unpack001/v2.0.50727/assembly/GAC_32/System.Transactions/2.0.0.0__b77a5c561934e089/System.Transactions.dll
unpack001/v2.0.50727/assembly/GAC_32/System.Web/2.0.0.0__b03f5f7f11d50a3a/System.Web.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/Accessibility/2.0.0.0__b03f5f7f11d50a3a/Accessibility.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/Microsoft.VisualC/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualC.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Configuration.Install/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.Install.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Core/3.5.0.0__b77a5c561934e089/System.Core.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Data.SqlXml/2.0.0.0__b77a5c561934e089/System.Data.SqlXml.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Deployment/2.0.0.0__b03f5f7f11d50a3a/System.Deployment.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Design/2.0.0.0__b03f5f7f11d50a3a/System.Design.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.DirectoryServices.Protocols/2.0.0.0__b03f5f7f11d50a3a/System.DirectoryServices.Protocols.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.DirectoryServices/2.0.0.0__b03f5f7f11d50a3a/System.DirectoryServices.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Drawing.Design/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.Design.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Runtime.Serialization.Formatters.Soap/2.0.0.0__b03f5f7f11d50a3a/System.Runtime.Serialization.Formatters.Soap.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Security/2.0.0.0__b03f5f7f11d50a3a/System.Security.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.ServiceProcess/2.0.0.0__b03f5f7f11d50a3a/System.ServiceProcess.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Web.RegularExpressions/2.0.0.0__b03f5f7f11d50a3a/System.Web.RegularExpressions.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Web.Services/2.0.0.0__b03f5f7f11d50a3a/System.Web.Services.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
unpack001/v2.0.50727/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
unpack001/v2.0.50727/mscorlib.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

fd03caa5aa9ee7e28bcb2652383286f780b376bea7e59e3d7494c8c86dfa8b96
.exe windows:4 windows x86 arch:x86

cad4c96e19ec6e52560b9ccb84edddb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
WideCharToMultiByte
lstrlenA
lstrcpynA
lstrlenW
CompareFileTime
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
CreateProcessA
CreateFileA
GetTempFileNameA
lstrcatA
GetProcAddress
OpenProcess
lstrcpyA
GetVersionExA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
GlobalHandle
GlobalReAlloc
GetSystemDefaultLCID
GetVolumeInformationA
QueryPerformanceFrequency
GlobalMemoryStatusEx
GetSystemInfo
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleA
LoadLibraryExA
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
lstrcpynW
MulDiv

user32

GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharUpperA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
ScreenToClient
IsDlgButtonChecked
GetAsyncKeyState
CheckDlgButton
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
SelectObject
CreateFontIndirectA
SetBkMode
SetTextColor

shell32

SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderLocation
ShellExecuteA

advapi32

RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegEnumKeyA
RegDeleteValueA

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ord17

ole32

OleUninitialize
CoCreateInstance
CoTaskMemFree
OleInitialize

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wininet

InternetConnectA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
InternetSetOptionA

shlwapi

PathFindFileNameA
StrStrIA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 740KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15.8MB - Virtual size: 15.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/BgWorker.dll
.dll windows:4 windows x86 arch:x86

db2755f409b81c4dbfc04f648cfb80b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GetModuleHandleA
CloseHandle
SetThreadPriority
CreateThread

user32

IsWindowUnicode
PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects

Exports

Exports

CallAndWait

Sections

.text
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SkinBtn.dll
.dll windows:4 windows x86 arch:x86

baf2d405231cd43dae48df474a521d01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalAlloc
lstrcpynA
GetModuleHandleA
GlobalFree

user32

InvalidateRect
GetParent
SetWindowLongA
CallWindowProcA
GetPropA
SendMessageA
DrawTextA
DrawStateA
LoadImageA
RemovePropA
GetWindowLongA
SetPropA

gdi32

GetObjectA
CreateCompatibleDC
DeleteObject
SelectObject
DeleteDC
SetBkMode

msimg32

TransparentBlt

comctl32

_TrackMouseEvent

Exports

Exports

Init
Set
onClick

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 947B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SkinProgress.dll
.dll windows:4 windows x86 arch:x86

df38729be926f91d3390389029adf53b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GlobalAlloc
GlobalFree
GetModuleHandleA

user32

GetWindowRect
BeginPaint
GetWindowDC
CallWindowProcA
ReleaseDC
EndPaint
GetWindowLongA
GetPropA
SetPropA
SetWindowLongA
RemovePropA
LoadImageA
SendMessageA

gdi32

DeleteDC
BitBlt
CreateCompatibleBitmap
StretchBlt
SelectObject
CreateCompatibleDC
GetObjectA
DeleteObject

Exports

Exports

Set

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 797B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

aaa34d9251e34ceebd6bf5066471d799

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
GetProcAddress
lstrcatA
lstrlenA
lstrcmpiA
LoadLibraryA
GetModuleHandleA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
MultiByteToWideChar
FreeLibrary

user32

wsprintfA

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 915B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WebCtrl.dll
.dll windows:4 windows x86 arch:x86

edf01e434638f2238a21d45d26ed9a7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GlobalAlloc
MultiByteToWideChar
GlobalFree

user32

DefWindowProcA
GetWindowLongA
GetClientRect
SetWindowLongA

ole32

OleCreate
OleSetContainedObject
OleUninitialize
OleInitialize

oleaut32

VariantInit
VariantClear
SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
SysAllocString

Exports

Exports

ShowWebInCtrl

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WndProc.dll
.dll windows:4 windows x86 arch:x86

b3f659d7637a91b4fec12ff9b930080d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
GlobalAlloc

user32

CallWindowProcA
SetWindowLongA
GetPropA
SetPropA
wsprintfA

Exports

Exports

onCallback

Sections

.text
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 377B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/bg.bmp
$PLUGINSDIR/btn_agreement1.bmp
$PLUGINSDIR/btn_agreement2.bmp
$PLUGINSDIR/btn_cancel.bmp
$PLUGINSDIR/btn_change.bmp
$PLUGINSDIR/btn_close.bmp
$PLUGINSDIR/btn_complete.bmp
$PLUGINSDIR/btn_install.bmp
$PLUGINSDIR/btn_next.bmp
$PLUGINSDIR/btn_quit.bmp
$PLUGINSDIR/checkbox1.bmp
$PLUGINSDIR/checkbox2.bmp
$PLUGINSDIR/index.htm
.html .js polyglot
$PLUGINSDIR/installation.bmp
$PLUGINSDIR/license.rtf
.rtf
$PLUGINSDIR/loading1.bmp
$PLUGINSDIR/loading2.bmp
$PLUGINSDIR/loading_pic1.bmp
$PLUGINSDIR/loading_pic2.bmp
$PLUGINSDIR/loading_pic3.bmp
$PLUGINSDIR/loading_pic4.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

736ca3dd90e5c9ec98156c9f341764fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
lstrcpyA
GetFileAttributesA
lstrcmpiA
GlobalAlloc
MulDiv
lstrlenA
SetCurrentDirectoryA
GetProcessHeap
HeapAlloc
HeapReAlloc
lstrcpynA
HeapFree
GlobalFree

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetClientRect
DrawFocusRect
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharPrevA
MapDialogRect
CharNextA
SendMessageA
RemovePropA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsWindows$_37_.dll
.dll windows:4 windows x86 arch:x86

8baa37b4b9803e205026a5e2d38eebac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapAlloc
lstrcpyA
HeapFree
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetCurrentDirectoryA
GetProcessHeap
SetCurrentDirectoryA

user32

IsIconic
GetDlgItem
RemovePropA
DestroyWindow
DrawFocusRect
GetWindowLongA
DrawTextA
ShowWindow
CallWindowProcA
SetCursor
LoadCursorA
SetWindowPos
MapWindowPoints
CreateWindowExA
RegisterClassA
LoadIconA
GetWindowRect
IsWindow
SetWindowLongA
SetPropA
SetTimer
KillTimer
SetLayeredWindowAttributes
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
wsprintfA
SetForegroundWindow
GetPropA
CharPrevA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
GetWindowTextA

gdi32

SetTextColor
GetStockObject

shell32

DragQueryFileA
DragAcceptFiles
SHGetPathFromIDListA
SHBrowseForFolderA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetTransparent
SetUserData
Show
onDropFiles

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/quit.bmp
$PLUGINSDIR/select.bmp
$PLUGINSDIR/success.bmp
$PLUGINSDIR/welcome.bmp
MSVCR80.dll
.dll windows:4 windows x86 arch:x86

7fecbc4a16a5dc85a5394a1df6217680

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr80.i386.pdb

Imports

msvcrt

_getdrives

kernel32

GetStringTypeA
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetSystemDirectoryW
GetLongPathNameW
GetCurrentThreadId
TlsGetValue
DebugBreak
OutputDebugStringA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
Sleep
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
VirtualAlloc
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
MultiByteToWideChar
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetLocalTime
GetStringTypeW
LoadLibraryW
GetLocaleInfoA
GetLocaleInfoW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
Beep
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
VirtualProtect
GetSystemInfo
VirtualQuery
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetEndOfFile
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1exception@std@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@std@@UBEPBDXZ
@_calloc_crt@8
@_malloc_crt@4
@_realloc_crt@8
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osplatform
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_crt_debugger_hook
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_amblksiz
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_invalid_parameter_handler
_get_osfhandle
_get_osplatform
_get_osver
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_sbh_threshold
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_winmajor
_get_winminor
_get_winver
_get_wpgmptr
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp

Sections

.text
Size: 396KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft.VC80.CRT.manifest
.xml
SharpCompress.3.5.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Code\sharpcompress\SharpCompress\obj\Release\SharpCompress.3.5.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System.Data.SQLite.dll
.dll windows:5 windows x86 arch:x86

2eb25e53c06c81f6dbba492e20f41fbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dev\sqlite\dotnet\bin\2008\Win32\Release\System.Data.SQLite.pdb

Imports

kernel32

SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
UnmapViewOfFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
GetFullPathNameW
MapViewOfFile
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
ReadFile
GetCurrentThreadId
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedExchange

advapi32

CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptDuplicateKey
CryptDeriveKey

msvcr90

_errno
tolower
strncpy
isalpha
toupper
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
strerror
_localtime64_s
qsort
calloc
free
ceil
strncmp
memmove
memcpy
memset
_CItanh
_CItan
_CIlog
_CIsqrt
floor
_CIatan2
_CIpow
_CIexp
_CIlog10
_CIcosh
_CIsinh
_CIcos
_CIsin
_CIatan
_CIasin
_CIacos

mscoree

_CorDllMain

Exports

Exports

_interop_compileoption_get@4
_interop_compileoption_used@4
_interop_libversion@0
_interop_sourceid@0
_sqlite3_backup_finish_interop@4
_sqlite3_bind_double_interop@12
_sqlite3_bind_int64_interop@12
_sqlite3_bind_parameter_name_interop@12
_sqlite3_changes_interop@4
_sqlite3_close_interop@4
_sqlite3_column_database_name16_interop@12
_sqlite3_column_database_name_interop@12
_sqlite3_column_decltype16_interop@12
_sqlite3_column_decltype_interop@12
_sqlite3_column_double_interop@12
_sqlite3_column_int64_interop@12
_sqlite3_column_name16_interop@12
_sqlite3_column_name_interop@12
_sqlite3_column_origin_name16_interop@12
_sqlite3_column_origin_name_interop@12
_sqlite3_column_table_name16_interop@12
_sqlite3_column_table_name_interop@12
_sqlite3_column_text16_interop@12
_sqlite3_column_text_interop@12
_sqlite3_context_collcompare_interop@20
_sqlite3_context_collseq_interop@16
_sqlite3_create_disposable_module_interop@112
_sqlite3_create_function_interop@36
_sqlite3_cursor_rowid_interop@12
_sqlite3_errmsg_interop@8
_sqlite3_finalize_interop@4
_sqlite3_index_column_info_interop@32
_sqlite3_last_insert_rowid_interop@8
_sqlite3_malloc_size_interop@4
_sqlite3_memory_highwater_interop@8
_sqlite3_memory_used_interop@4
_sqlite3_open16_interop@12
_sqlite3_open_interop@12
_sqlite3_prepare16_interop@24
_sqlite3_prepare_interop@24
_sqlite3_reset_interop@4
_sqlite3_result_double_interop@8
_sqlite3_result_int64_interop@8
_sqlite3_table_column_metadata_interop@44
_sqlite3_table_cursor_interop@12
_sqlite3_value_double_interop@8
_sqlite3_value_int64_interop@8
_sqlite3_value_text16_interop@8
_sqlite3_value_text_interop@8
sqlite3_activate_see
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_disposable_module
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_dispose_module
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_key
sqlite3_key_v2
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_percentile_init
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_regexp_init
sqlite3_rekey
sqlite3_rekey_v2
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_totype_init
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_vtshim_init
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_compact_heap
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_reset_heap
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ccLoLSkin.exe
.exe windows:4 windows x86 arch:x86

925b5b6ab55c2b01631127097a6fbabd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rsdeploy

Reloc
Initialize
ResolveImportDLL

mscoree

GetCORSystemDirectory

kernel32

VirtualProtect
GetModuleFileNameA
LoadLibraryExA
LoadLibraryA
GetProcAddress
GetVersionExA
FreeLibrary

Sections

.text
Size: 4KB - Virtual size: 790B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ccLoLSkin.rsm
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ccLoLSkinUpdater.exe
.exe windows:4 windows x86 arch:x86

925b5b6ab55c2b01631127097a6fbabd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rsdeploy

Reloc
Initialize
ResolveImportDLL

mscoree

GetCORSystemDirectory

kernel32

VirtualProtect
GetModuleFileNameA
LoadLibraryExA
LoadLibraryA
GetProcAddress
GetVersionExA
FreeLibrary

Sections

.text
Size: 4KB - Virtual size: 790B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ccLoLSkinUpdater.rsm
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gdiplus.dll
.dll windows:6 windows x86 arch:x86

2f8788153edc3bff3c95610aae8c96d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gdiplus.pdb

Imports

msvcrt

malloc
_amsg_exit
_XcptFilter
_vsnprintf
wcsnlen
_wcsdup
free
wcscpy_s
_wcsupr_s
_vsnwprintf
wcsncpy_s
memcpy
memcmp
floor
_finite
memmove
memcpy_s
wcsstr
wcsncmp
_wtoi
_initterm
_purecall
_except_handler4_common
_resetstkoflw
_CIatan
_CIatan2
_CIcos
_CIexp
_CIfmod
_CIlog
_CIsin
_CIsqrt
_ftol2
_ftol2_sse
memset

api-ms-win-core-heap-l1-2-0

HeapReAlloc
HeapAlloc
HeapCreate
HeapDestroy
HeapFree

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite

api-ms-win-core-synch-l1-2-0

LeaveCriticalSection
Sleep
DeleteCriticalSection
CreateEventA
EnterCriticalSection
SetEvent
InitializeCriticalSection
WaitForSingleObject

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcessId
OpenProcessToken
IsProcessorFeaturePresent
CreateThread
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetModuleFileNameA
LoadResource
LockResource
LoadLibraryExA
FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-memory-l1-1-2

VirtualAlloc
UnmapViewOfFile
MapViewOfFile
VirtualFree

api-ms-win-core-com-l1-1-1

CreateStreamOnHGlobal
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-security-base-l1-2-0

GetTokenInformation

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount
GetVersionExA
GetSystemInfo

api-ms-win-core-localization-l1-2-1

IsValidLocale
GetLocaleInfoW
IsDBCSLeadByteEx
LocaleNameToLCID
GetSystemDefaultLCID
GetACP
ConvertDefaultLocale

api-ms-win-core-file-l1-2-1

CreateFileW
UnlockFile
WriteFile
ReadFile
GetFileTime
SetFilePointer
GetFileInformationByHandle
LockFile
FlushFileBuffers
SetEndOfFile
GetFileSize
CreateFileA

api-ms-win-core-processenvironment-l1-2-0

SearchPathW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-1

MulDiv
FindResourceW
FindResourceExA
CreateFileMappingA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalAlloc
LocalAlloc
GlobalFree
LocalReAlloc
GlobalSize
LocalFree
GlobalLock
GlobalUnlock

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpiW

user32

ClientToScreen
GetWindowRect
WindowFromDC
GetClientRect
GetDesktopWindow
SystemParametersInfoA
GetClassLongA
GetWindowLongA
GetDCEx
DispatchMessageA
TranslateMessage
IntersectRect
IsRectEmpty
MsgWaitForMultipleObjects
UnregisterClassA
DestroyWindow
SetWindowPos
CreateWindowExA
RegisterWindowMessageA
RegisterClassA
DefWindowProcA
GetSysColor
GetSystemMetrics
CreateIconIndirect
GetIconInfo
GetDC
ReleaseDC
LoadImageW
PeekMessageA
OffsetRect
UnionRect
SetRectEmpty
InflateRect

gdi32

GetObjectW
GetTextCharset
GetCurrentPositionEx
ArcTo
SetArcDirection
GetPath
AbortPath
FlattenPath
WidenPath
RoundRect
Ellipse
Pie
Chord
Arc
AngleArc
PolyDraw
ExcludeClipRect
GetRgnBox
OffsetClipRgn
SetPaletteEntries
ResizePalette
GetWinMetaFileBits
PlayEnhMetaFile
PlgBlt
BitBlt
OffsetViewportOrgEx
SetMapperFlags
CombineTransform
ScaleViewportExtEx
ScaleWindowExtEx
CreatePen
CreateDIBitmap
CreatePatternBrush
GetClipRgn
ExtCreateRegion
SelectClipPath
PolyPolyline
Polyline
StrokeAndFillPath
FillPath
PolyBezier
SetPolyFillMode
LineTo
ModifyWorldTransform
GetGraphicsMode
StrokePath
EndPath
CloseFigure
PolylineTo
PolyBezierTo
MoveToEx
BeginPath
ExtTextOutA
CreateSolidBrush
SetMiterLimit
ExtSelectClipRgn
GetPixel
FillRgn
GetNearestPaletteIndex
StretchBlt
CreateCompatibleBitmap
GetNearestColor
SetStretchBltMode
PolyPolygon
PlayMetaFileRecord
SetTextJustification
SetTextAlign
Polygon
IntersectClipRect
CreatePenIndirect
ExtCreatePen
DPtoLP
CreateDIBPatternBrushPt
Rectangle
SetROP2
GetROP2
GetWorldTransform
CombineRgn
StretchDIBits
GetPolyFillMode
GetArcDirection
GetTextAlign
GetBkMode
GetMiterLimit
GetWindowExtEx
GetViewportExtEx
GetWindowOrgEx
GetMapMode
SelectClipRgn
SetBrushOrgEx
GetTextColor
GetBkColor
TranslateCharsetInfo
GetTextCharsetInfo
ExtTextOutW
SetDIBColorTable
CreateDCA
SetBitmapBits
CreateEnhMetaFileW
GdiComment
Escape
GetViewportOrgEx
GetRandomRgn
LPtoDP
GetDCOrgEx
SetICMMode
GetEnhMetaFileBits
CopyMetaFileA
CopyEnhMetaFileA
GetEnhMetaFileW
GetMetaFileW
GetObjectType
GetEnhMetaFileHeader
GetMetaFileBitsEx
SetMetaFileBitsEx
CloseEnhMetaFile
PlayMetaFile
CreateEnhMetaFileA
SetEnhMetaFileBits
DeleteMetaFile
DeleteEnhMetaFile
SetWorldTransform
SetGraphicsMode
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
SaveDC
SetMetaRgn
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
RestoreDC
GetRegionData
DrawEscape
CreateICA
CreateRectRgn
RealizePalette
SelectPalette
GetPaletteEntries
GetCurrentObject
SetDIBits
SetBkMode
SetBkColor
SetTextColor
CreateBitmap
PatBlt
CreateBrushIndirect
ExtEscape
GdiFlush
CreateDIBSection
GetStockObject
GetDIBColorTable
GetObjectA
DeleteDC
GetDIBits
CreateCompatibleDC
EnumFontFamiliesExW
GetTextFaceW
GetTextMetricsW
CreateFontIndirectA
DeleteObject
SelectObject
CreateFontIndirectW
GetDeviceCaps
CreatePalette
GetSystemPaletteEntries
GetSystemPaletteUse

kernel32

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapApplyEffect
GdipBitmapConvertFormat
GdipBitmapCreateApplyEffect
GdipBitmapGetHistogram
GdipBitmapGetHistogramSize
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipConvertToEmfPlus
GdipConvertToEmfPlusToFile
GdipConvertToEmfPlusToStream
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateEffect
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteEffect
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageFX
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFindFirstImageItem
GdipFindNextImageItem
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEffectParameterSize
GdipGetEffectParameters
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImageItemData
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipGraphicsSetAbort
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipImageSetAbort
GdipInitializePalette
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPlayTSClientRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mdeploy.registry
mscoree.dll
.dll regsvr32 windows:6 windows x86 arch:x86

cf7cefc63a5d10cae2438336176a185e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mscoree.pdb

Imports

kernel32

FreeLibrary
InitializeCriticalSection
GetVersionExW
LeaveCriticalSection
GetProcAddress
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameW
GetLastError
GetEnvironmentVariableW
GetModuleFileNameW
GetFileAttributesW
SetErrorMode
GetModuleHandleW
CreateFileW
SetLastError
GetFileSize
CreateFileMappingW
MapViewOfFile
LoadLibraryW
GetWindowsDirectoryW
GlobalMemoryStatus
VirtualQuery
VirtualAlloc
GetSystemInfo
LoadLibraryExW
DisableThreadLibraryCalls
ExitProcess
VirtualProtect
CreateMutexW
CloseHandle
WaitForSingleObject
ReleaseMutex
UnmapViewOfFile
GetCurrentProcess
CreateToolhelp32Snapshot
GetSystemDirectoryW
ReadProcessMemory
HeapCreate
HeapDestroy
ReadFile
WriteFile
GetLocalTime
GetTimeFormatW
GetDateFormatW
FindFirstFileW
FindClose
GetFileAttributesExW
GetStringTypeW
IsDBCSLeadByteEx
RaiseException
TerminateProcess
OutputDebugStringW
TlsGetValue
FormatMessageW
lstrlenW
LocalFree
GetACP
GetCPInfo
IsDBCSLeadByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
TlsSetValue
TlsAlloc
TlsFree
HeapAlloc
GetProcessHeap
HeapFree
WaitForSingleObjectEx
SleepEx
VirtualFree
HeapValidate
GetCurrentProcessId
GetSystemDefaultLCID
LCMapStringW
EncodePointer
DecodePointer
GetCommandLineA
GetVersionExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
GetStdHandle
GetFileType
SetHandleCount
GetStartupInfoA
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStrings
FreeEnvironmentStringsA
OutputDebugStringA
IsValidCodePage
GetOEMCP
HeapReAlloc
HeapSize
Sleep
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
RtlUnwind
GetLocaleInfoA
GetStringTypeA
LCMapStringA
GetConsoleCP
GetConsoleMode
SetFilePointer
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
WriteConsoleW
ReadConsoleW
CreateFileA
FlushFileBuffers
LocalAlloc

Exports

Exports

CLRCreateInstance
CallFunctionShim
CloseCtrs
ClrCreateManagedInstance
CoEEShutDownCOM
CoInitializeCor
CoInitializeEE
CoUninitializeCor
CoUninitializeEE
CollectCtrs
CorBindToCurrentRuntime
CorBindToRuntime
CorBindToRuntimeByCfg
CorBindToRuntimeByPath
CorBindToRuntimeByPathEx
CorBindToRuntimeEx
CorBindToRuntimeHost
CorDllMainWorker
CorExitProcess
CorGetSvc
CorIsLatestSvc
CorMarkThreadInThreadPool
CorTickleSvc
CreateConfigStream
CreateDebuggingInterfaceFromVersion
CreateInterface
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EEDllGetClassObjectFromClass
EEDllRegisterServer
EEDllUnregisterServer
GetAssemblyMDImport
GetCLRMetaHost
GetCORRequiredVersion
GetCORRootDirectory
GetCORSystemDirectory
GetCORVersion
GetCompileInfo
GetFileVersion
GetHashFromAssemblyFile
GetHashFromAssemblyFileW
GetHashFromBlob
GetHashFromFile
GetHashFromFileW
GetHashFromHandle
GetHostConfigurationFile
GetMetaDataInternalInterface
GetMetaDataInternalInterfaceFromPublic
GetMetaDataPublicInterfaceFromInternal
GetPermissionRequests
GetPrivateContextsPerfCounters
GetProcessExecutableHeap
GetRealProcAddress
GetRequestedRuntimeInfo
GetRequestedRuntimeVersion
GetRequestedRuntimeVersionForCLSID
GetStartupFlags
GetTargetForVTableEntry
GetTokenForVTableEntry
GetVersionFromProcess
GetXMLElement
GetXMLElementAttribute
GetXMLObject
IEE
InitErrors
InitSSAutoEnterThread
LoadLibraryShim
LoadLibraryWithPolicyShim
LoadStringRC
LoadStringRCEx
LockClrVersion
LogHelp_LogAssert
LogHelp_NoGuiOnAssert
LogHelp_TerminateOnAssert
MetaDataGetDispenser
ND_CopyObjDst
ND_CopyObjSrc
ND_RI2
ND_RI4
ND_RI8
ND_RU1
ND_WI2
ND_WI4
ND_WI8
ND_WU1
OpenCtrs
PostError
ReOpenMetaDataWithMemory
ReOpenMetaDataWithMemoryEx
RunDll32ShimW
RuntimeOSHandle
RuntimeOpenImage
RuntimeReleaseHandle
SetTargetForVTableEntry
StrongNameCompareAssemblies
StrongNameErrorInfo
StrongNameFreeBuffer
StrongNameGetBlob
StrongNameGetBlobFromImage
StrongNameGetPublicKey
StrongNameHashSize
StrongNameKeyDelete
StrongNameKeyGen
StrongNameKeyGenEx
StrongNameKeyInstall
StrongNameSignatureGeneration
StrongNameSignatureGenerationEx
StrongNameSignatureSize
StrongNameSignatureVerification
StrongNameSignatureVerificationEx
StrongNameSignatureVerificationFromImage
StrongNameTokenFromAssembly
StrongNameTokenFromAssemblyEx
StrongNameTokenFromPublicKey
TranslateSecurityAttributes
UpdateError
_CorDllMain
_CorExeMain
_CorExeMain2
_CorImageUnloading
_CorValidateImage

Sections

.text
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcm80.dll
.dll windows:4 windows x86 arch:x86

83e6ecedcb8a69cca8d85e1481140fa0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcm80.i386.pdb

Imports

msvcr80

__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
__setusermatherr
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_query_new_handler@@YAP6AHI@ZXZ
signal
_invalid_parameter
_errno
_set_invalid_parameter_handler
_get_invalid_parameter_handler
?set_terminate@@YAP6AXXZP6AXXZ@Z
_get_terminate
_set_purecall_handler
_get_purecall_handler
?set_unexpected@@YAP6AXXZP6AXXZ@Z
_get_unexpected
_fpieee_flt
_cexit
strcpy_s
strlen
_exit
_XcptFilter
_endthread
_freefls
___fls_setvalue@8
___fls_getvalue@4
__get_flsindex
__set_flsgetvalue
_dosmaperr
_initptd
calloc
_endthreadex
memcpy_s
wcslen
memcmp
memchr
memmove_s
memset
??_V@YAXPAX@Z
_malloc_crt
_invoke_watson
_CxxThrowException
??2@YAPAXI@Z
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
abort
fgetc
fputc
ungetc
fflush
setvbuf
fwrite
fgetpos
fseek
fsetpos
fclose
__iob_func
fgetwc
fputwc
ungetwc
localeconv
??_U@YAPAXI@Z
realloc
setlocale
strcspn
_strtoi64
_strtoui64
sprintf_s
_Gettnames
_Strftime
_Getdays
_Getmonths
___lc_handle_func
strtod
__crtGetStringTypeW
__pctype_func
___mb_cur_max_l_func
___lc_codepage_func
__crtLCMapStringW
__crtCompareStringA
___lc_collate_cp_func
__crtLCMapStringA
memcpy
__crtCompareStringW
_fsopen
wcstombs_s
_wfsopen
_get_osplatform
mbstowcs_s
fputs
__uncaught_exception
isupper
islower
towlower
towupper
strcmp
__FrameUnwindFilter
tolower
isspace
isdigit
isalnum
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
??3@YAXPAX@Z
_ui64toa_s
_create_locale
malloc
_free_locale
_invalid_parameter_noinfo
free

kernel32

DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
GetLocaleInfoA
CreateThread
ResumeThread
GetLastError
ExitThread
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId

ole32

CoCreateInstance

mscoree

CorBindToRuntimeEx
_CorDllMain

Exports

Exports

?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?_Addstd@ios_base@std@@SAXPAV12@@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF_func@std@@YAABJXZ
?_Cerr_func@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@XZ
?_Cin_func@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@XZ
?_Clocptr_func@_Locimp@locale@std@@CAAAPAV123@XZ
?_Clog_func@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@XZ
?_Cosh@@YANNN@Z
?_Cout_func@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@XZ
?_Debug_message@std@@YAXPBD0@Z
?_Dnorm@@YAFPAG@Z
?_Dscale@@YAFPANJ@Z
?_Dtentox@@YANNJPAH@Z
?_Dtest@@YAFPAN@Z
?_Dunscale@@YAFPAFPAN@Z
?_Exp@@YAFPANNF@Z
?_FCosh@@YAMMM@Z
?_FDnorm@@YAFPAG@Z
?_FDscale@@YAFPAMJ@Z
?_FDtentox@@YAMMJPAH@Z
?_FDtest@@YAFPAM@Z
?_FDunscale@@YAFPAFPAM@Z
?_FExp@@YAFPAMMF@Z
?_FSinh@@YAMMM@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Fpz_func@std@@YAAA_JXZ
?_Getcoll@@YA?AU_Collvec@@XZ
?_Getctype@@YA?AU_Ctypevec@@XZ
?_Getcvt@@YA?AU_Cvtvec@@XZ
?_Getdateorder@@YAHXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Getwctype@@YAFGPBU_Ctypevec@@@Z
?_Getwctype@@YAF_WPBU_Ctypevec@@@Z
?_Getwctypes@@YAPBGPBG0PAFPBU_Ctypevec@@@Z
?_Getwctypes@@YAPB_WPB_W0PAFPBU_Ctypevec@@@Z
?_Id_cnt_func@id@locale@std@@CAAAHXZ
?_Id_func@?$codecvt@GDH@std@@SAAAVid@locale@2@XZ
?_Id_func@?$codecvt@_WDH@std@@SAAAVid@locale@2@XZ
?_Id_func@?$ctype@D@std@@SAAAVid@locale@2@XZ
?_Id_func@?$ctype@G@std@@SAAAVid@locale@2@XZ
?_Id_func@?$ctype@_W@std@@SAAAVid@locale@2@XZ
?_Index_func@ios_base@std@@CAAAHXZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Init_cnt_func@Init@ios_base@std@@CAAAHXZ
?_Init_ctor@Init@ios_base@std@@CAXPAV123@@Z
?_Init_dtor@Init@ios_base@std@@CAXPAV123@@Z
?_Init_locks_ctor@_Init_locks@std@@CAXPAV12@@Z
?_Init_locks_dtor@_Init_locks@std@@CAXPAV12@@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_LCosh@@YAOOO@Z
?_LDscale@@YAFPAOJ@Z
?_LDtentox@@YAOOJPAH@Z
?_LDtest@@YAFPAO@Z
?_LDunscale@@YAFPAFPAO@Z
?_LExp@@YAFPAOOF@Z
?_LPoly@@YAOOPBOH@Z
?_LSinh@@YAOOO@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Locimp_ctor@_Locimp@locale@std@@CAXPAV123@ABV123@@Z
?_Locimp_dtor@_Locimp@locale@std@@CAXPAV123@@Z
?_Locinfo_Addcats@_Locinfo@std@@SAAAV12@PAV12@HPBD@Z
?_Locinfo_ctor@_Locinfo@std@@SAXPAV12@HPBD@Z
?_Locinfo_ctor@_Locinfo@std@@SAXPAV12@PBD@Z
?_Locinfo_dtor@_Locinfo@std@@SAXPAV12@@Z
?_Lockit_ctor@_Lockit@std@@CAXPAV12@@Z
?_Lockit_ctor@_Lockit@std@@CAXPAV12@H@Z
?_Lockit_ctor@_Lockit@std@@SAXH@Z
?_Lockit_dtor@_Lockit@std@@CAXPAV12@@Z
?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_Makeushloc@_Locimp@locale@std@@CAXABV_Locinfo@3@HPAV123@PBV23@@Z
?_Makewloc@_Locimp@locale@std@@CAXABV_Locinfo@3@HPAV123@PBV23@@Z
?_Makexloc@_Locimp@locale@std@@CAXABV_Locinfo@3@HPAV123@PBV23@@Z
?_Mbrtowc@@YAHPAGPBDIPAHPBU_Cvtvec@@@Z
?_Mbrtowc@@YAHPA_WPBDIPAHPBU_Cvtvec@@@Z
?_Mtxdst@@YAXPAU_RTL_CRITICAL_SECTION@@@Z
?_Mtxinit@@YAXPAU_RTL_CRITICAL_SECTION@@@Z
?_Mtxlock@@YAXPAU_RTL_CRITICAL_SECTION@@@Z
?_Mtxunlock@@YAXPAU_RTL_CRITICAL_SECTION@@@Z
?_Mutex_Lock@_Mutex@std@@CAXPAV12@@Z
?_Mutex_Unlock@_Mutex@std@@CAXPAV12@@Z
?_Mutex_ctor@_Mutex@std@@CAXPAV12@@Z
?_Mutex_dtor@_Mutex@std@@CAXPAV12@@Z
?_Nomemory@std@@YAXXZ
?_Once@@YAXPAJP6AXXZ@Z
?_Poly@@YANNPBNH@Z
?_Setgloballocale@locale@std@@CAXPAX@Z
?_Sinh@@YANNN@Z
?_Stod@@YANPBDPAPADJ@Z
?_Stodx@@YANPBDPAPADJPAH@Z
?_Stof@@YAMPBDPAPADJPAH@Z
?_Stoflt@@YAHPBD0PAPADQAJH@Z
?_Stofx@@YAMPBDPAPADJPAH@Z
?_Stold@@YAOPBDPAPADJPAH@Z
?_Stoldx@@YAOPBDPAPADJPAH@Z
?_Stolx@@YAJPBDPAPADHPAH@Z
?_Stopfx@@YAHPAPBDPAPAD@Z
?_Stoul@@YAKPBDPAPADH@Z
?_Stoulx@@YAKPBDPAPADHPAH@Z
?_Stoxflt@@YAHPBD0PAPADQAJH@Z
?_Strcoll@@YAHPBD000PBU_Collvec@@@Z
?_Strxfrm@@YAIPAD0PBD1PBU_Collvec@@@Z
?_Sync_func@ios_base@std@@CAAA_NXZ
?_Throw@std@@YAXABVexception@stdext@@@Z
?_Tolower@@YAHHPBU_Ctypevec@@@Z
?_Toupper@@YAHHPBU_Ctypevec@@@Z
?_Towlower@@YAGGPBU_Ctypevec@@@Z
?_Towlower@@YA_W_WPBU_Ctypevec@@@Z
?_Towupper@@YAGGPBU_Ctypevec@@@Z
?_Towupper@@YA_W_WPBU_Ctypevec@@@Z
?_Wcerr_func@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@XZ
?_Wcerr_func@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@XZ
?_Wcin_func@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@1@XZ
?_Wcin_func@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@1@XZ
?_Wclog_func@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@XZ
?_Wclog_func@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@XZ
?_Wcout_func@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@XZ
?_Wcout_func@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@XZ
?_Wcrtomb@@YAHPADGPAHPBU_Cvtvec@@@Z
?_Wcrtomb@@YAHPAD_WPAHPBU_Cvtvec@@@Z
?_Wcscoll@@YAHPBG000PBU_Collvec@@@Z
?_Wcscoll@@YAHPB_W000PBU_Collvec@@@Z
?_Wcsxfrm@@YAIPAG0PBG1PBU_Collvec@@@Z
?_Wcsxfrm@@YAIPA_W0PB_W1PBU_Collvec@@@Z
?_Xfsopen@std@@YAPAU_iobuf@@PB_W0H@Z
?_Xinvarg@_String_base@std@@SAXXZ
?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ
?__Stodx@@YANPBDPAPADJPAH@Z
?__Stofx@@YAMPBDPAPADJPAH@Z
?__Stoldx@@YAOPBDPAPADJPAH@Z
?__Wcrtomb_lk@@YAHPAD_WPAHPBU_Cvtvec@@@Z
?__get_default_appdomain@@YAJPAPAUIUnknown@@@Z
?__query_new_handler_m@@YAP6MHI@ZXZ
?__release_appdomain@@YAXPAUIUnknown@@@Z
?_beginthread@@YAIP6MXPAX@ZI0@Z
?_beginthreadex@@YAIPAXIP6MI0@Z0IPAI@Z
?_fpieee_flt@@YAHKPAU_EXCEPTION_POINTERS@@P6MHPAU_FPIEEE_RECORD@@@Z@Z
?_set_invalid_parameter_handler@@YAP6AXPB_W00II@ZH@Z
?_set_invalid_parameter_handler@@YAP6MXPB_W00II@ZP6MX000II@Z@Z
?_set_new_handler@@YAP6MHI@ZP6MHI@Z@Z
?_set_purecall_handler@@YAP6AXXZH@Z
?_set_purecall_handler@@YAP6MXXZP6MXXZ@Z
?_uncaught_exception_m@std@@YA_NXZ
?classic@locale@std@@SAABV12@XZ
?empty@locale@std@@SA?AV12@XZ
?facet_Register@facet@locale@std@@CAXPAV123@@Z
?global@locale@std@@SA?AV12@ABV12@@Z
?resetiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?set_new_handler@std@@YAP6MXXZP6MXXZ@Z
?set_terminate@@YAP6MXXZP6MXXZ@Z
?set_unexpected@@YAP6MXXZP6MXXZ@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?setprecision@std@@YA?AU?$_Smanip@H@1@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?signal@@YAP6MXH@ZHH@Z
?signal@@YAP6MXH@ZHP6MXH@Z@Z
__setusermatherr_m
towctrans
wctrans
wctype

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcp80.dll
.dll windows:4 windows x86 arch:x86

6488997e312be12f8300ea7b1c34d497

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcp80.i386.pdb

Imports

msvcr80

setvbuf
fwrite
??0exception@std@@QAE@XZ
_Getdays
_Getmonths
fgetpos
fseek
fsetpos
fclose
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
__iob_func
_invoke_watson
_fsopen
wcstombs_s
_wfsopen
_get_osplatform
mbstowcs_s
atan2
cos
exp
ldexp
log
pow
sin
sqrt
tan
fgetwc
fputwc
ungetwc
_Strftime
strcspn
_strtoi64
_strtoui64
sprintf_s
abort
??0exception@std@@QAE@ABQBDH@Z
_realloc_crt
setlocale
_malloc_crt
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
fputs
fflush
towlower
towupper
strcmp
_create_locale
_ui64toa_s
_free_locale
__pctype_func
_errno
___mb_cur_max_l_func
___lc_codepage_func
___lc_handle_func
__crtCompareStringA
___lc_collate_cp_func
__crtLCMapStringA
memcpy
isupper
_calloc_crt
islower
__crtGetStringTypeW
__crtLCMapStringW
__crtCompareStringW
isspace
tolower
strtod
isdigit
isalnum
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
ungetc
fputc
fgetc
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
_invalid_parameter_noinfo
??_V@YAXPAX@Z
_Gettnames
localeconv
free
memset
memchr
strlen
memcmp
wcslen
memmove_s
memcpy_s
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
__uncaught_exception
??0exception@std@@QAE@ABQBD@Z

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime

Exports

Exports

??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??$?5GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?5MDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5MGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5NDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5NGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5ODU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5OGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AA_W@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@PA_W@Z
??$?5_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?6MDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6MGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6NDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6NGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6ODU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6OGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@_W@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8M@std@@YA_NABMABV?$complex@M@0@@Z
??$?8M@std@@YA_NABV?$complex@M@0@0@Z
??$?8M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?8N@std@@YA_NABNABV?$complex@N@0@@Z
??$?8N@std@@YA_NABV?$complex@N@0@0@Z
??$?8N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?8O@std@@YA_NABOABV?$complex@O@0@@Z
??$?8O@std@@YA_NABV?$complex@O@0@0@Z
??$?8O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?9M@std@@YA_NABMABV?$complex@M@0@@Z
??$?9M@std@@YA_NABV?$complex@M@0@0@Z
??$?9M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?9N@std@@YA_NABNABV?$complex@N@0@@Z
??$?9N@std@@YA_NABV?$complex@N@0@0@Z
??$?9N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?9O@std@@YA_NABOABV?$complex@O@0@@Z
??$?9O@std@@YA_NABV?$complex@O@0@0@Z
??$?9O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?DN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?DO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?GM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?GN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?GO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?HN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?HO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_WABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?KN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?KO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$_Fabs@M@std@@YAMABV?$complex@M@0@PAH@Z
??$_Fabs@N@std@@YANABV?$complex@N@0@PAH@Z
??$_Fabs@O@std@@YAOABV?$complex@O@0@PAH@Z
??$abs@M@std@@YAMABV?$complex@M@0@@Z
??$abs@N@std@@YANABV?$complex@N@0@@Z
??$abs@O@std@@YAOABV?$complex@O@0@@Z
??$arg@M@std@@YAMABV?$complex@M@0@@Z
??$arg@N@std@@YANABV?$complex@N@0@@Z
??$arg@O@std@@YAOABV?$complex@O@0@@Z
??$conj@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$conj@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$conj@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cos@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cos@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cos@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cosh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cosh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cosh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$exp@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$exp@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$exp@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@G@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_W@Z
??$imag@M@std@@YAMABV?$complex@M@0@@Z
??$imag@N@std@@YANABV?$complex@N@0@@Z
??$imag@O@std@@YAOABV?$complex@O@0@@Z
??$log10@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log10@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log10@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$log@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$norm@M@std@@YAMABV?$complex@M@0@@Z
??$norm@N@std@@YANABV?$complex@N@0@@Z
??$norm@O@std@@YAOABV?$complex@O@0@@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM0@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN0@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO0@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@H@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@H@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@H@Z
??$real@M@std@@YAMABV?$complex@M@0@@Z
??$real@N@std@@YANABV?$complex@N@0@@Z
??$real@O@std@@YAOABV?$complex@O@0@@Z
??$sin@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sin@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sin@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sinh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sinh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sinh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sqrt@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sqrt@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sqrt@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tan@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tan@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tan@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tanh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tanh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tanh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??0?$_Complex_base@MU_C_float_complex@@@std@@QAE@ABM0@Z
??0?$_Complex_base@NU_C_double_complex@@@std@@QAE@ABN0@Z
??0?$_Complex_base@OU_C_ldouble_complex@@@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@IAE@PBDI_N@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@IAE@PBDI_N@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$_Mpunct@_W@std@@IAE@PBDI_N@Z
??0?$_Mpunct@_W@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@_W@std@@QAE@I_N@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@IAE@V?$allocator@G@1@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@XZ
??0?$allocator@G@std@@QAE@ABV01@@Z
??0?$allocator@G@std@@QAE@XZ
??0?$allocator@X@std@@QAE@ABV01@@Z
??0?$allocator@X@std@@QAE@XZ
??0?$allocator@_W@std@@QAE@ABV01@@Z
??0?$allocator@_W@std@@QAE@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@V?$_String_const_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@1@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@IIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@IAE@PBDI@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
??0?$collate@D@std@@IAE@PBDI@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@IAE@PBDI@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$collate@_W@std@@IAE@PBDI@Z
??0?$collate@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@_W@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABU_C_float_complex@@@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABU_C_double_complex@@@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@IAE@PBDI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$messages@D@std@@IAE@PBDI@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@IAE@PBDI@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$messages@_W@std@@IAE@PBDI@Z
??0?$messages@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@_W@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@IAE@PBDI@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@IAE@PBDI@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$moneypunct@_W$00@std@@IAE@PBDI@Z
??0?$moneypunct@_W$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@_W$00@std@@QAE@I@Z
??0?$moneypunct@_W$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@_W$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@_W$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ndphlpr.vxd
rsdeploy.dll
.dll windows:4 windows x86 arch:x86

3343c25995e0429ad9387536c10f7ac8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imagehlp

ImageNtHeader
ImageRvaToVa

kernel32

ReadFile
CreateFileMappingA
MapViewOfFile
GetFileSize
UnmapViewOfFile
CloseHandle
VirtualQuery
lstrcmpiA
GetLastError
GetWindowsDirectoryW
GetProcAddress
GetSystemDirectoryA
MultiByteToWideChar
GetVersion
GetFileAttributesW
GetFileAttributesA
GetProcessHeap
CreateProcessW
CreateProcessA
CreateFileW
CreateFileA
GetModuleHandleW
GetModuleHandleA
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
LoadLibraryA
GetModuleFileNameA
GetModuleFileNameW
WideCharToMultiByte
SetEnvironmentVariableA
GetVersionExA
VirtualProtect
SetEndOfFile
GetThreadContext
FlushFileBuffers
SetStdHandle
WriteConsoleW
SetThreadContext
FlushInstructionCache
VirtualProtectEx
WriteProcessMemory
SuspendThread
ResumeThread
GetCurrentProcess
SetLastError
ExitProcess
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
WriteFile
GetStdHandle
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
Sleep
RtlUnwind
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RaiseException
HeapSize
GetLocaleInfoA
SetFilePointer
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP

user32

wsprintfW

advapi32

RegOpenKeyExW
RegUnLoadKeyW
RegUnLoadKeyA
RegSaveKeyW
RegSaveKeyA
RegRestoreKeyW
RegRestoreKeyA
RegReplaceKeyW
RegReplaceKeyA
RegNotifyChangeKeyValue
RegLoadKeyW
RegLoadKeyA
RegSetKeySecurity
RegGetKeySecurity
RegFlushKey
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegSetValueExW
RegSetValueExA
RegSetValueW
RegSetValueA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegEnumKeyExW
RegEnumKeyExA
RegEnumKeyW
RegEnumKeyA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegEnumValueW
RegEnumValueA
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegOpenKeyA
RegOpenKeyW
RegOpenKeyExA
RegQueryValueA
RegQueryValueW

ole32

CoCreateInstance
CoInitialize

Exports

Exports

Initialize
Reloc
ResolveImportDLL

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/CONFIG/machine.config
.xml
v2.0.50727/Culture.dll
.dll windows:5 windows x86 arch:x86

104e17c81d918d1c093da532dc4f4dbe

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:83:04:03:d5:d4:f3:18:91:c9:86:a0:51:0c:56:1e:18:b6:e0:c5
Signer

Actual PE Digest

f9:83:04:03:d5:d4:f3:18:91:c9:86:a0:51:0c:56:1e:18:b6:e0:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

culture.pdb

Imports

msvcr80

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
qsort
??2@YAPAXI@Z
bsearch
??3@YAXPAX@Z

kernel32

DeleteCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
InterlockedExchange
SetLastError
InitializeCriticalSection
EnterCriticalSection
EnumSystemLocalesW
LeaveCriticalSection
GetVersionExA
GetLocaleInfoW
LCMapStringW
GetLocaleInfoA
InterlockedCompareExchange

Exports

Exports

ConvertLangIdToCultureName

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/Microsoft.VC80.CRT.manifest
.xml
v2.0.50727/XPThemes.manifest
.xml
v2.0.50727/aspnet_state.exe
.exe windows:5 windows x86 arch:x86

cdb75c28ccc393d6f776f7a7fdd66205

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:b8:c9:e4:84:3e:64:a4:1c:24:8d:c5:dc:af:32:4b:55:e7:74:4a
Signer

Actual PE Digest

78:b8:c9:e4:84:3e:64:a4:1c:24:8d:c5:dc:af:32:4b:55:e7:74:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

aspnet_state.pdb

Imports

kernel32

SetWaitableTimer
CloseHandle
CreateThread
CreateWaitableTimerW
CreateEventW
SetConsoleCtrlHandler
FormatMessageW
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
lstrlenW
WideCharToMultiByte
FileTimeToSystemTime
FileTimeToLocalFileTime
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemInfo
WaitForSingleObject
SetEvent
GetProcessAffinityMask
SwitchToThread
MultiByteToWideChar
GetLastError
GetVersionExW
GetSystemDirectoryW
LoadLibraryW
HeapReAlloc
InterlockedCompareExchange
InterlockedExchange
HeapFree
HeapAlloc
HeapDestroy
GetProcAddress
HeapCreate
FreeLibrary
GetCurrentProcess

msvcr80

__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_invoke_watson
_controlfp_s
_unlock
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
_purecall
strncmp
memcpy
_vsnwprintf_s
memset
_itoa_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
strtol
strstr
strchr

advapi32

RegQueryValueExW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegCloseKey
RegOpenKeyExW
SetServiceStatus

mswsock

AcceptEx
GetAcceptExSockaddrs

ole32

CoUninitialize
CoInitializeEx

ws2_32

recv
WSASend
WSAGetOverlappedResult
WSAAddressToStringA
inet_ntoa
gethostbyname
ntohs
WSACleanup
WSARecv
closesocket
WSASocketW
WSAGetLastError
setsockopt
htons
htonl
bind
listen
select
WSAStartup

mscoree

ClrCreateManagedInstance

webengine

InitializeLibrary
PrintResourceString
XspLogEvent
AttachHandleToThreadPool
PerfCounterInitialize
AspnetLoadResourceDLL
LoadLibraryUsingFullPath
GetXSPHeap

Exports

Exports

_STWNDCloseConnection@4
_STWNDDeleteStateItem@4
_STWNDEndOfRequest@4
_STWNDGetLocalAddress@8
_STWNDGetLocalPort@4
_STWNDGetRemoteAddress@8
_STWNDGetRemotePort@4
_STWNDIsClientConnected@4
_STWNDSendResponse@24

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
v2.0.50727/aspnet_wp.exe
.exe windows:5 windows x86 arch:x86

a420d7e0ba99ceb4900bedfc75869ccd

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:54:35:39:7d:de:6a:cb:ae:a6:16:c8:95:0c:3c:83:dc:0c:3a:ab
Signer

Actual PE Digest

50:54:35:39:7d:de:6a:cb:ae:a6:16:c8:95:0c:3c:83:dc:0c:3a:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

aspnet_wp.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetLastError
ReadFile
WriteFile
SetNamedPipeHandleState
GetHandleInformation
Sleep
DebugBreak
GetOverlappedResult
lstrlenA
lstrlenW
SetEvent
ResetEvent
WaitForSingleObject
ExitProcess
OpenEventW
SetProcessAffinityMask
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryA
LocalAlloc
GetProcAddress
CreateFileW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
GetProcessAffinityMask
GetVersionExW
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
HeapFree
HeapAlloc
SwitchToThread
InterlockedExchange
TryEnterCriticalSection
CloseHandle
RaiseException
TerminateProcess
InitializeCriticalSection

msvcr80

_controlfp_s
_invoke_watson
_except_handler4_common
_onexit
_lock
__dllonexit
memset
memcpy
_itow_s
_vsnwprintf_s
_beginthread
_wtoi
wcstoul
printf
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
?terminate@@YAXXZ
_decode_pointer

advapi32

RegCloseKey
RegOpenKeyExW
SetThreadToken
CryptReleaseContext
RegQueryValueExW

webengine

EtwTraceAspNetRegister
InitializeManagedCode
ReleaseWmiEventManager
EtwTraceAspNetUnregister
MonitorGlobalConfigFile
IsManagedDebuggerConnectedIndirect
XspLogEvent
DisposeAppDomainsIndirect
PerfCounterInitialize
IsConfigFileName
GetGlobalConfigFullPathW
GetConfigurationFromNativeCode
ClrQueueUserWorkItem
PerfDecrementGlobalCounter
PerfIncrementGlobalCounter
TraceEnabled
TraceRaiseEvent
GetAppDomainIndirect
UnInitializeManagedCode
InitializeLibrary
DrainThreadPool
GetXSPHeap
AttachHandleToThreadPool
LoadLibraryUsingFullPath
GetProcessMemoryInformation

Exports

Exports

PMAppendLogParameter
PMCallISAPI
PMCloseConnection
PMDoneWithSession
PMEmptyResponse
PMFlushCore
PMGetAdditionalPostedContent
PMGetAllServerVariables
PMGetBasics
PMGetClientCertificate
PMGetCurrentProcessInfo
PMGetHistoryTable
PMGetImpersonationToken
PMGetMemoryLimitInMB
PMGetPreloadedPostedContent
PMGetQueryString
PMGetQueryStringRawBytes
PMGetServerVariable
PMGetStartTimeStamp
PMGetTraceContextId
PMGetVirtualPathToken
PMIsClientConnected
PMMapUrlToPath
PMTraceRaiseEvent
PMWriteBytes
PMWriteHeaders

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC/Microsoft.DirectX.Direct3D/1.0.2902.0__31bf3856ad364e35/Microsoft.DirectX.Direct3D.dll
.dll windows:5 windows x86 arch:x86

cc3ca07defb48d2a38605fc9ea19b7ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.DirectX.Direct3D.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls

mscoree

_CorDllMain

msvcrt

memcmp
??3@YAXPAX@Z
??2@YAPAXI@Z

user32

GetIconInfo
GetDC
ReleaseDC

gdi32

GetDIBits
DeleteDC
CreateCompatibleDC
GetObjectA
DeleteObject
SelectObject

d3d9

Direct3DCreate9

Sections

.text
Size: 459KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC/Microsoft.DirectX.Direct3DX/1.0.2902.0__31bf3856ad364e35/Microsoft.DirectX.Direct3DX.dll
.dll windows:5 windows x86 arch:x86

4b91b76742a6ba2da063220d98a85991

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.DirectX.Direct3DX.pdb

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
DeleteFileA
CloseHandle
ReadFile
CreateFileA
WriteFile
WideCharToMultiByte
GetVersionExA
OutputDebugStringA
IsDBCSLeadByte
GetProcAddress
LoadLibraryA
GetModuleHandleA
CompareStringA
FreeResource
SizeofResource
GetTempPathA
LoadResource
FindResourceA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileW
DeleteFileW
SetFilePointer
GetSystemInfo
IsProcessorFeaturePresent
EnterCriticalSection
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
LeaveCriticalSection
GetFullPathNameA
GetLastError
MultiByteToWideChar
VirtualFree
VirtualAlloc
lstrcmpiA
MoveFileA
MoveFileW
GetTempFileNameW
IsBadWritePtr
GlobalMemoryStatus
FreeLibrary
SetEndOfFile
HeapAlloc
GetProcessHeap
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTempFileNameA
SetLastError
InterlockedExchange
Sleep
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LockResource

mscoree

_CorDllMain

msvcrt

wcslen
atoi
isdigit
tolower
_purecall
_CIfmod
memmove
_stricmp
_CIasin
fclose
fwrite
_wfopen
__CxxFrameHandler
fread
floor
vsprintf
wcstombs
isalnum
isspace
atof
isalpha
isxdigit
_fpclass
_isnan
_CItanh
_CIsinh
_CIexp
_CIcosh
iswpunct
iswdigit
iswalpha
iswspace
modf
toupper
calloc
longjmp
_setjmp3
sscanf
frexp
_strdate
_strtime
ldexp
rand
_ultoa
atol
_except_handler3
exit
fseek
tmpfile
?terminate@@YAXXZ
strncpy
wcsncpy
_CIpow
_snprintf
_vsnprintf
ceil
_controlfp
qsort
_ftol
_finite
_CIacos
realloc
setlocale
_strdup
_adjust_fdiv
malloc
_initterm
free
memcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
strchr
_CIsqrt
sprintf

user32

ReleaseDC
GetDC

gdi32

CreateFontIndirectA
GetObjectA
GetCurrentObject
MoveToEx
ExtTextOutA
GetOutlineTextMetricsA
GetGlyphOutlineA
GetGlyphOutlineW
GetTextMetricsA
ExtTextOutW
CreateCompatibleDC
SetMapMode
SetTextAlign
CreateFontIndirectW
GetFontLanguageInfo
GetTextMetricsW
SetBkMode
SetBkColor
SetTextColor
GetCharacterPlacementW
GetCharacterPlacementA
DeleteDC
CreateDIBSection
GetObjectW
GetDeviceCaps
DeleteObject
SelectObject

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC/Microsoft.DirectX/1.0.2902.0__31bf3856ad364e35/Microsoft.DirectX.dll
.dll windows:5 windows x86 arch:x86

272e9f998b44bd5348f4d46d5b74bed2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.DirectX.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLastError
SetLastError
GetCurrentProcessId
OutputDebugStringA
IsProcessorFeaturePresent
DisableThreadLibraryCalls

mscoree

_CorDllMain

msvcrt

_ftol
??2@YAPAXI@Z
_finite
__CxxFrameHandler
_CIacos
memcmp
??3@YAXPAX@Z

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_32/CustomMarshalers/2.0.0.0__B03F5F7F11D50A3A/CustomMarshalers.dll
.dll windows:4 windows x86 arch:x86

6158ba7cc8abe8f855a2af17a6d4b2c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CustomMarshalers.pdb

Imports

msvcr80

_encode_pointer
_cexit
_decode_pointer
_encoded_null
_amsg_exit
__FrameUnwindFilter

ole32

CoCreateInstance

kernel32

Sleep
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId

mscoree

CorBindToRuntimeEx
_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_32/CustomMarshalers/2.0.0.0__B03F5F7F11D50A3A/Microsoft.VC80.CRT.manifest
.xml
v2.0.50727/assembly/GAC_32/System.Data.OracleClient/2.0.0.0__b77a5c561934e089/Microsoft.VC80.CRT.manifest
.xml
v2.0.50727/assembly/GAC_32/System.Data.OracleClient/2.0.0.0__b77a5c561934e089/System.Data.OracleClient.dll
.dll windows:5 windows x86 arch:x86

d85ce73c1de1ead24bc94e61d8a830fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Data.OracleClient.pdb

Imports

msvcr80

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
InterlockedIncrement
Sleep
InterlockedExchange
VirtualQuery
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpynA
InterlockedDecrement
GetFullPathNameA
GetDriveTypeA
SearchPathA
lstrlenA
OutputDebugStringA
GetModuleFileNameA
ExpandEnvironmentStringsA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

mscoree

_CorDllMain

Exports

Exports

DllBidScopeEnterCW
DllBidTraceCW
_DllBidAssert@12
_DllBidCtlProc@24
_DllBidEnabledW@16
_DllBidEntryPoint@36
_DllBidFinalize@0
_DllBidIndent@8
_DllBidInitialize@0
_DllBidPutStrW@16
_DllBidScopeLeave@16
_DllBidSnap@16
_DllBidTouch@20

Sections

.text
Size: 469KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_32/System.Data/2.0.0.0__b77a5c561934e089/Microsoft.VC80.CRT.manifest
.xml
v2.0.50727/assembly/GAC_32/System.Data/2.0.0.0__b77a5c561934e089/System.Data.dll
.dll windows:5 windows x86 arch:x86

432def252835648e0bb5a238b4ff78f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Data.pdb

Imports

msvcr80

_cexit
__FrameUnwindFilter
_crt_debugger_hook
__clean_type_info_names_internal
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_callnewh
malloc
strtok_s
srand
_time64
strstr
strcat_s
sprintf_s
strtoul
calloc
strcpy_s
memmove
wcsncmp
strncpy_s
wcsncpy_s
_vsnwprintf_s
memmove_s
_atoi_l
free
_dupenv_s
_stricmp
atoi
_wcsnicmp
strncmp
_stricmp_l
strchr
_strnicmp_l
_purecall
_vsnprintf_s
memset
memcpy
??3@YAXPAX@Z

mscoree

CorBindToRuntimeEx
_CorDllMain

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
DisableThreadLibraryCalls
GlobalAlloc
CreateEventA
CloseHandle
PostQueuedCompletionStatus
Sleep
InterlockedExchange
SetLastError
GetLastError
VirtualQuery
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpynA
ExpandEnvironmentStringsA
GetFullPathNameA
GetDriveTypeA
SearchPathA
lstrlenA
OutputDebugStringA
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
GetSystemInfo
HeapSize
HeapAlloc
GetProcessHeap
HeapFree
CreateSemaphoreA
ReleaseSemaphore
GetCurrentThreadId
SetEvent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcess
DisconnectNamedPipe
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
GetTickCount
GetOverlappedResult
WaitForSingleObject
WriteFile
ReadFile
PeekNamedPipe
GetVersionExA
CompareStringA
LCMapStringA
WideCharToMultiByte
InterlockedCompareExchange
MultiByteToWideChar
WaitForMultipleObjects
GetSystemTimeAsFileTime
SetHandleInformation
GetQueuedCompletionStatus
CreateThread
GetComputerNameA
GetSystemDirectoryA
TlsFree
TlsGetValue
TlsSetValue
FormatMessageA
TlsAlloc
FormatMessageW
LCMapStringW
CreateIoCompletionPort

advapi32

CryptDestroyKey
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
CryptReleaseContext
RevertToSelf
ImpersonateNamedPipeClient

ws2_32

WSAStartup
WSAIoctl
shutdown
bind
connect
getsockname
WSASend
WSARecv
ioctlsocket
WSAStringToAddressA
WSACleanup
getservbyport
socket
setsockopt
ntohs
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
select
__WSAFDIsSet
recv
sendto
closesocket
WSASetLastError
getpeername

crypt32

CertGetNameStringW
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFreeCertificateContext

user32

CharNextExA

ole32

CoCreateInstance

Exports

Exports

DllBidScopeEnterCW
DllBidTraceCW
_DllBidAssert@12
_DllBidCtlProc@24
_DllBidEnabledW@16
_DllBidEntryPoint@36
_DllBidFinalize@0
_DllBidIndent@8
_DllBidInitialize@0
_DllBidPutStrW@16
_DllBidScopeLeave@16
_DllBidSnap@16
_DllBidTouch@20

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdbid
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_32/System.EnterpriseServices/2.0.0.0__b03f5f7f11d50a3a/Microsoft.VC80.CRT.manifest
.xml
v2.0.50727/assembly/GAC_32/System.EnterpriseServices/2.0.0.0__b03f5f7f11d50a3a/System.EnterpriseServices.Wrapper.dll
.dll windows:4 windows x86 arch:x86

ba6a2bdeb4b05c693ce709fd0114a489

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.EnterpriseServices.Wrapper.pdb

Imports

kernel32

GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
FreeLibrary
InterlockedCompareExchange
LoadLibraryW
CloseHandle
GetCurrentThread
GetSystemTimeAsFileTime
GetModuleHandleA
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
InterlockedExchange
GetProcAddress
GetModuleHandleW
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
DeleteCriticalSection

msvcr80

_lock
_onexit
__dllonexit
_unlock
_resetstkoflw
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_except_handler4_common
??3@YAXPAX@Z
memcpy
__CxxFrameHandler3
_crt_debugger_hook
__CxxUnregisterExceptionObject
__CxxDetectRethrow
_CxxThrowException
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
_cexit
__FrameUnwindFilter

ole32

CoGetMarshalSizeMax
StringFromGUID2
CoTaskMemAlloc
CoMarshalInterface
CoUnmarshalInterface
CoReleaseMarshalData
CoInitializeEx
CoCreateInstanceEx
CoGetStandardMarshal
CoTaskMemFree
CoCreateInstance

oleaut32

LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserSize
SafeArrayDestroy
SysFreeString
SafeArrayGetElement
VariantClear
VariantInit
BSTR_UserMarshal
BSTR_UserUnmarshal
LPSAFEARRAY_UserMarshal
BSTR_UserFree

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
LookupAccountSidW
RegSetValueExA

mscoree

CorBindToRuntimeEx
_CorDllMain

rpcrt4

CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 249B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_32/System.EnterpriseServices/2.0.0.0__b03f5f7f11d50a3a/System.EnterpriseServices.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.EnterpriseServices.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_32/System.Transactions/2.0.0.0__b77a5c561934e089/Microsoft.VC80.CRT.manifest
.xml
v2.0.50727/assembly/GAC_32/System.Transactions/2.0.0.0__b77a5c561934e089/System.Transactions.dll
.dll windows:5 windows x86 arch:x86

7469780bb6fda5f25da4408eda0b3bb8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Transactions.pdb

Imports

msvcr80

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetLastError
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
GetSystemDirectoryW
LoadLibraryExW
GetProcAddress
CloseHandle
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetCurrentProcess
DuplicateHandle
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

ole32

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree

mscoree

_CorDllMain

Exports

Exports

_GetNotificationFactory@8

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_32/System.Web/2.0.0.0__b03f5f7f11d50a3a/System.Web.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Web.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 460KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/Accessibility/2.0.0.0__b03f5f7f11d50a3a/Accessibility.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Accessibility.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/Microsoft.VisualC/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualC.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.VisualC.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Configuration.Install/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.Install.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Configuration.Install.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Configuration.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Core/3.5.0.0__b77a5c561934e089/System.Core.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 640KB - Virtual size: 637KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Data.SqlXml/2.0.0.0__b77a5c561934e089/System.Data.SqlXml.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Data.SqlXml.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 696KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Deployment/2.0.0.0__b03f5f7f11d50a3a/System.Deployment.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Deployment.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 936KB - Virtual size: 935KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Design/2.0.0.0__b03f5f7f11d50a3a/System.Design.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Design.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.DirectoryServices.Protocols/2.0.0.0__b03f5f7f11d50a3a/System.DirectoryServices.Protocols.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.DirectoryServices.Protocols.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.DirectoryServices/2.0.0.0__b03f5f7f11d50a3a/System.DirectoryServices.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.DirectoryServices.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Drawing.Design/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.Design.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Drawing.Design.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Drawing.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 544KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Runtime.Remoting.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 280KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Runtime.Serialization.Formatters.Soap/2.0.0.0__b03f5f7f11d50a3a/System.Runtime.Serialization.Formatters.Soap.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Runtime.Serialization.Formatters.Soap.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Security/2.0.0.0__b03f5f7f11d50a3a/System.Security.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Security.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 244KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.ServiceProcess/2.0.0.0__b03f5f7f11d50a3a/System.ServiceProcess.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.ServiceProcess.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Web.RegularExpressions/2.0.0.0__b03f5f7f11d50a3a/System.Web.RegularExpressions.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Web.RegularExpressions.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Web.Services/2.0.0.0__b03f5f7f11d50a3a/System.Web.Services.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Web.Services.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 808KB - Virtual size: 805KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/Microsoft.VC80.CRT.manifest
.xml
v2.0.50727/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Windows.Forms.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 312KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Xml.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 336KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/big5.nlp
v2.0.50727/bopomofo.nlp
v2.0.50727/fusion.dll
.dll windows:5 windows x86 arch:x86

1051efecb362e0de4aaa7e06eddb2c1e

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:84:2d:19:85:4c:bc:29:f7:d6:85:a4:7e:08:1c:1a:73:43:db:ca
Signer

Actual PE Digest

29:84:2d:19:85:4c:bc:29:f7:d6:85:a4:7e:08:1c:1a:73:43:db:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

fusion.pdb

Imports

mscoree

GetRealProcAddress

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
DisableThreadLibraryCalls
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
UnhandledExceptionFilter

msvcr80

__CppXcptFilter
_adjust_fdiv
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
__clean_type_info_names_internal

Exports

Exports

ClearDownloadCache
CopyPDBs
CreateApplicationContext
CreateAssemblyCache
CreateAssemblyEnum
CreateAssemblyNameObject
CreateHistoryReader
CreateInstallReferenceEnum
GetCachePath
GetHistoryFileDirectory
InitializeFusion
InstallCustomAssembly
InstallCustomModule
LookupHistoryAssembly
NukeDownloadedCache
PreBindAssembly
PreBindAssemblyEx

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/fusion.localgac
v2.0.50727/ksc.nlp
v2.0.50727/mscorjit.dll
.dll windows:5 windows x86 arch:x86

458ae5b7483d2b3344ceeb01eb67e386

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:52:08:7c:21:7b:c9:67:17:4a:16:82:27:47:99:c5:32:01:a9:56
Signer

Actual PE Digest

3c:52:08:7c:21:7b:c9:67:17:4a:16:82:27:47:99:c5:32:01:a9:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mscorjit.pdb

Imports

kernel32

InterlockedExchange
DisableThreadLibraryCalls
RaiseException
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
IsDebuggerPresent

msvcr80

_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
_decode_pointer
_except_handler4_common
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
_encoded_null
free
_malloc_crt
_encode_pointer
_finite
_isnan
memcpy
qsort
memset
__CppXcptFilter

Exports

Exports

getJit

Sections

.text
Size: 341KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/mscorlib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mscorlib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/mscorpe.dll
.dll windows:5 windows x86 arch:x86

3a344f14752e8499197747aebebcaf95

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:aa:d4:ca:6e:76:65:3f:60:d3:af:97:16:11:b8:13:8f:9b:b3:0a
Signer

Actual PE Digest

47:aa:d4:ca:6e:76:65:3f:60:d3:af:97:16:11:b8:13:8f:9b:b3:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mscorpe.pdb

Imports

mscoree

GetRequestedRuntimeInfo

msvcr80

fclose
fwrite
fopen_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_vsnprintf
_purecall
_vsnwprintf_s
_vsnprintf_s
_errno
wcsncpy_s
_CxxThrowException
_snwprintf_s
memmove
strchr
sprintf_s
strncpy_s
isdigit
wcscat_s
strncmp
qsort
_time64
__CxxFrameHandler3
memcpy
strcpy_s
memset
wcscpy_s
printf
strcat_s

oleaut32

SetErrorInfo
CreateErrorInfo

kernel32

LoadLibraryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
Sleep
InterlockedExchange
GetSystemTimeAsFileTime
lstrlenW
DisableThreadLibraryCalls
SetLastError
GetLastError
GetFileSize
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
ReadFile
UnmapViewOfFile
MapViewOfFile
GetCurrentThread
SetFilePointer
WriteFile
TlsGetValue
InterlockedCompareExchange
GetModuleHandleA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetVersionExA
MultiByteToWideChar
GetCPInfo
GetModuleHandleW
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
RaiseException
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
GetVersionExW
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetEnvironmentVariableA
GetEnvironmentVariableW
CreateFileMappingA
CreateFileMappingW
FreeLibrary
GetCurrentProcessId
LocalFree
LocalAlloc
FormatMessageA
FormatMessageW
CreateProcessW
FlushInstructionCache
GetCurrentThreadId
QueryPerformanceCounter

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegCloseKey
OpenThreadToken
RevertToSelf
SetThreadToken

user32

LoadStringA
LoadStringW

Exports

Exports

CreateICeeFileGen
DestroyICeeFileGen

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/mscorrc.dll
.dll windows:5 windows x86 arch:x86

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:2a:5b:b5:5b:e6:10:89:aa:74:9f:53:39:35:b9:85:8e:cb:3d:55
Signer

Actual PE Digest

eb:2a:5b:b5:5b:e6:10:89:aa:74:9f:53:39:35:b9:85:8e:cb:3d:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mscorrc.pdb

Sections

.text
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/mscorsec.dll
.dll regsvr32 windows:5 windows x86 arch:x86

07335eddf27a4231f6118462dc9d24d4

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:6e:6c:72:19:c1:89:46:c2:e5:78:dd:a7:3c:31:04:80:87:4d:83
Signer

Actual PE Digest

0e:6e:6c:72:19:c1:89:46:c2:e5:78:dd:a7:3c:31:04:80:87:4d:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mscorsec.pdb

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_vsnprintf
_vsnwprintf_s
_vsnprintf_s
_errno
wcsncpy_s
strcpy_s
memmove
_CxxThrowException
_snwprintf_s
wcsnlen
strchr
printf
memset
wcschr
_purecall
wcscat_s
memcpy
wcscpy_s
__CxxFrameHandler3

kernel32

DisableThreadLibraryCalls
WideCharToMultiByte
lstrlenW
TlsGetValue
InterlockedCompareExchange
SetLastError
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
GetVersionExA
GetCPInfo
TerminateProcess
GetCurrentProcess
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
RaiseException
LoadLibraryA
GetLastError
GetVersionExW
MultiByteToWideChar
GetCurrentProcessId
LocalAlloc
FormatMessageA
FormatMessageW
GetSystemDefaultLangID
InterlockedExchange
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LocalFree
GetProcAddress
FreeLibrary

user32

DialogBoxParamA
DialogBoxParamW
LoadCursorA
LoadCursorW
SendDlgItemMessageW
LoadStringA
LoadStringW
SendMessageW
SetDlgItemTextW
SetDlgItemTextA
SetWindowTextW
PostMessageW
GetWindowTextW
GetWindowTextA
SystemParametersInfoA
CallWindowProcA
GetWindowLongW
GetWindowLongA
SetWindowLongW
SetWindowLongA
GetSysColor
CreateWindowExA
ShowWindow
SendDlgItemMessageA
GetSystemMetrics
GetFocus
InvalidateRect
UpdateWindow
SendMessageA
SetWindowTextA
GetDC
DrawFocusRect
ReleaseDC
SetCursor
SetWindowPos
GetWindowRect
GetDlgItem
EndDialog
GetClientRect
GetParent
GetWindow
MapWindowPoints
PostMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyExW

wintrust

WintrustAddActionID
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust
WintrustLoadFunctionPointers
WintrustRemoveActionID

crypt32

CertFindAttribute
CryptEncodeObject

shlwapi

UrlGetPartW

comctl32

ord17

gdi32

GetTextExtentPoint32W
SelectObject
GetTextMetricsW

Exports

Exports

CORPolicyEE
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetPublisher

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/mscorsn.dll
.dll windows:5 windows x86 arch:x86

a7670aa8ab20ac4171ecb19e6d4a0fa3

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:2c:3f:60:d8:00:5b:c1:31:e6:9d:ef:1a:00:c7:76:d5:08:f5:51
Signer

Actual PE Digest

f6:2c:3f:60:d8:00:5b:c1:31:e6:9d:ef:1a:00:c7:76:d5:08:f5:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mscorsn.pdb

Imports

kernel32

OutputDebugStringA
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent

msvcr80

_lock
__dllonexit
_except_handler4_common
_crt_debugger_hook
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_onexit

Exports

Exports

GetHashFromAssemblyFile
GetHashFromAssemblyFileW
GetHashFromBlob
GetHashFromFile
GetHashFromFileW
GetHashFromHandle
StrongNameCompareAssemblies
StrongNameErrorInfo
StrongNameFreeBuffer
StrongNameGetBlob
StrongNameGetBlobFromImage
StrongNameGetPublicKey
StrongNameHashSize
StrongNameKeyDelete
StrongNameKeyGen
StrongNameKeyGenEx
StrongNameKeyInstall
StrongNameSignatureGeneration
StrongNameSignatureGenerationEx
StrongNameSignatureSize
StrongNameSignatureVerification
StrongNameSignatureVerificationEx
StrongNameSignatureVerificationFromImage
StrongNameTokenFromAssembly
StrongNameTokenFromAssemblyEx
StrongNameTokenFromPublicKey

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/mscorwks.dll
.dll windows:5 windows x86 arch:x86

178d7e72f91a6c5c70441b06520098c4

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:92:2e:b6:d6:dc:94:3e:c1:17:44:c4:a8:45:3c:e9:30:ad:ac:a9
Signer

Actual PE Digest

e4:92:2e:b6:d6:dc:94:3e:c1:17:44:c4:a8:45:3c:e9:30:ad:ac:a9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mscorwks.pdb

Imports

mscoree

GetCORSystemDirectory
CreateConfigStream
GetCORRequiredVersion
GetCORVersion
GetRequestedRuntimeInfo
LoadLibraryShim

msvcr80

_snprintf_s
_vswprintf_c_l
memset
_stricmp
wcscpy_s
_CxxThrowException
swscanf_s
fwrite
_isnan
_CIexp
_CIlog10
_CIlog
modf
_CItanh
_CIcosh
_CIsinh
_CIasin
_CIacos
ceil
floor
fprintf
fopen_s
fclose
_time64
strlen
_snwprintf_s
strtoul
printf
_vsnprintf_s
memcpy
wcscat_s
srand
_snprintf
strchr
wcsstr
wcsncpy_s
strcmp
memcmp
sprintf_s
wcsrchr
memmove
qsort
strcat_s
mbstowcs
wcschr
fflush
__iob_func
_itow_s
_wtoi
wcsncat_s
iswascii
_wcslwr_s
memchr
strncmp
strcpy_s
wcscmp
towupper
wcstoul
_errno
strncpy_s
wcsncmp
_vsnwprintf_s
towlower
iswupper
swprintf_s
atol
_ltow_s
_controlfp_s
iswdigit
iswxdigit
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_crt_debugger_hook
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_wcsnicmp
bsearch
atoi
malloc
free
rand
toupper
_strupr_s
_putws
_flushall
wcstok_s
strncat_s
strrchr
wprintf
_CIpow
_vsnprintf
_vswprintf_p
iswspace
__CxxFrameHandler3

ntdll

RtlNtStatusToDosError
RtlUnwind

kernel32

AllocConsole
ReadProcessMemory
SetConsoleTitleW
FreeConsole
ExitThread
EnumSystemLocalesW
EnumTimeFormatsW
ExitProcess
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsSetValue
FreeLibrary
GetLastError
SetLastError
GetSystemInfo
InterlockedExchange
WriteFile
CloseHandle
LocalFree
GetCurrentProcess
GetEnvironmentVariableA
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObject
ReleaseMutex
SetEvent
GetTickCount
GetUserDefaultLangID
FlushFileBuffers
SetFilePointer
CreateThread
GetCurrentProcessId
DebugBreak
SetConsoleCtrlHandler
RaiseException
InterlockedIncrement
InterlockedDecrement
FlushInstructionCache
InterlockedCompareExchange
GetProcessTimes
ReadFile
SetErrorMode
FindClose
MultiByteToWideChar
GetCurrentThreadId
IsDebuggerPresent
OpenProcess
GetCurrentThread
GetUserDefaultLCID
GetSystemDefaultLCID
TlsAlloc
TlsFree
GetFileSize
GlobalMemoryStatus
HeapFree
GetProcessHeap
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
TryEnterCriticalSection
GetSystemTimeAsFileTime
GetStringTypeExW
GetStringTypeExA
IsBadReadPtr
IsBadStringPtrA
VirtualAlloc
VirtualFree
VirtualQuery
VirtualProtect
HeapCreate
HeapDestroy
HeapValidate
SleepEx
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
lstrlenW
GetThreadLocale
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
GetProcessAffinityMask
SetThreadIdealProcessor
ResumeThread
SetThreadAffinityMask
GetStdHandle
GetFileInformationByHandle
SetProcessAffinityMask
SetThreadLocale
MapViewOfFileEx
UnmapViewOfFile
GetConsoleOutputCP
FreeLibraryAndExitThread
DeviceIoControl
Sleep
GetThreadContext
SetThreadContext
CreateFileA
SuspendThread
GetThreadPriority
QueueUserAPC
DuplicateHandle
WaitForMultipleObjectsEx
WaitForSingleObjectEx
SignalObjectAndWait
FlushViewOfFile
ResetEvent
GetQueuedCompletionStatus
CompareFileTime
GetFileTime
GetVersion
GetVersionExA
GetCPInfo
GetSystemDirectoryA
GetSystemDirectoryW
GetWindowsDirectoryA
GetWindowsDirectoryW
FindNextFileA
FindNextFileW
GetModuleHandleW
GetCommandLineW
WideCharToMultiByte
LoadLibraryExA
LoadLibraryExW
FindResourceA
FindResourceW
GetFullPathNameA
GetFullPathNameW
GetShortPathNameA
GetShortPathNameW
GetLongPathNameA
GetLongPathNameW
SearchPathA
SearchPathW
GetModuleFileNameA
GetModuleFileNameW
GetPrivateProfileIntA
GetPrivateProfileIntW
WritePrivateProfileStringA
WritePrivateProfileStringW
CreateFileW
CopyFileA
CopyFileW
MoveFileA
MoveFileW
DeleteFileA
MoveFileExW
DeleteFileW
GetDriveTypeA
GetDriveTypeW
GetVolumeInformationA
GetVolumeInformationW
CreateSemaphoreA
CreateSemaphoreW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
GetCalendarInfoA
GetCalendarInfoW
GetDateFormatA
GetDateFormatW
GetTimeFormatA
GetTimeFormatW
LCMapStringA
LCMapStringW
FindFirstFileA
FindFirstFileW
GetVersionExW
OutputDebugStringA
OutputDebugStringW
CreateMutexA
CreateMutexW
CreateEventA
CreateEventW
OpenEventA
OpenEventW
OpenMutexA
OpenMutexW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExA
GetFileAttributesExW
SetFileAttributesA
SetFileAttributesW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableA
SetEnvironmentVariableW
CreateFileMappingA
CreateFileMappingW
OpenFileMappingA
OpenFileMappingW
GetDiskFreeSpaceA
LocalAlloc
FormatMessageA
FormatMessageW
CreateProcessA
CreateProcessW
IsDBCSLeadByte
GetACP
SwitchToThread
SizeofResource
LockResource
LoadResource
GetSystemDefaultLangID
LoadLibraryA
VirtualQueryEx
FreeResource
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrlenA
SystemTimeToFileTime
GetLocalTime
GetSystemTime
HeapReAlloc
MapViewOfFile
GetOEMCP
AreFileApisANSI
SetEndOfFile
LoadLibraryW
SetPriorityClass
SetFilePointerEx
GetStringTypeW
IsDBCSLeadByteEx
IsValidLocale
GetTimeZoneInformation
GetLocaleInfoW
GetLocaleInfoA
CompareStringW
EnumCalendarInfoW
EnumDateFormatsExW

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
MessageBoxW
GetClassNameA
GetClassNameW
LoadStringA
LoadStringW
GetDesktopWindow
wsprintfW
PostMessageW
PostMessageA
DispatchMessageW
DispatchMessageA
PeekMessageW
PeekMessageA
EnumThreadWindows
MsgWaitForMultipleObjectsEx
TranslateMessage
CharNextExA
InSendMessage

advapi32

GetKernelObjectSecurity
GetSecurityDescriptorOwner
CryptEncrypt
CryptDecrypt
CryptDeriveKey
CryptSetProvParam
CryptSetKeyParam
CryptGenKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
AddAccessAllowedAce
DeleteAce
CryptVerifySignatureA
CryptSetHashParam
CryptSignHashA
GetLengthSid
CopySid
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
CryptImportKey
CryptGetKeyParam
CryptGetProvParam
CryptEnumProvidersA
CryptGetUserKey
CryptDestroyKey
CryptExportKey
CryptGenRandom
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptAcquireContextW
LookupAccountSidW
LookupAccountSidA
RegQueryValueExW
RegEnumValueW
RegEnumValueA
RegDeleteValueW
RegDeleteValueA
RegQueryValueW
RegQueryValueA
RegCreateKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegDeleteKeyW
RegDeleteKeyA
DuplicateToken
GetUserNameW
GetUserNameA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegEnumKeyExW
RegEnumKeyExA
RegOpenKeyExW
GetSecurityInfo
EqualSid
RegOpenKeyExA
RegQueryValueExA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
GetSecurityDescriptorDacl
SetKernelObjectSecurity
InitializeAcl
GetAce
OpenThreadToken
SetThreadToken
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
OpenProcessToken
GetTokenInformation
FreeSid

shlwapi

UrlCanonicalizeW
UrlUnescapeW
StrCmpNW
StrCmpW
StrCmpNIW
StrCmpIW
PathCreateFromUrlW
StrStrW
PathIsURLW
UrlCombineW
UrlEscapeW
UrlGetPartW
StrToIntW
UrlIsW
PathSkipRootW
PathIsUNCW
PathRemoveExtensionW
PathRemoveFileSpecW
StrRChrW
PathAddBackslashW
StrChrW
PathFindExtensionW
PathIsRelativeW
PathRemoveBackslashW
PathFindFileNameW
PathCanonicalizeW
PathCombineW

Exports

Exports

CertCreateAuthenticodeLicense
CertFreeAuthenticodeSignerInfo
CertFreeAuthenticodeTimestamperInfo
CertTimestampAuthenticodeLicense
CertVerifyAuthenticodeLicense
ClearDownloadCache
ClrCreateManagedInstance
CoEEShutDownCOM
CoInitializeCor
CoInitializeEE
CoUninitializeCor
CoUninitializeEE
CompareAssemblyIdentity
CopyPDBs
CorDllMainForThunk
CorExitProcess
CorLaunchApplication
CorMarkThreadInThreadPool
CreateActContext
CreateActContextInternal
CreateApplicationContext
CreateAssemblyCache
CreateAssemblyEnum
CreateAssemblyNameObject
CreateCMSFromXml
CreateCMSFromXmlInternal
CreateHistoryReader
CreateInstallReferenceEnum
DeleteShadowCache
DllCanUnloadNowInternal
DllGetClassObjectInternal
DllRegisterServerInternal
DllUnregisterServerInternal
EEDllRegisterServer
EEDllUnregisterServer
GetAddrOfContractShutoffFlag
GetAppIdAuthority
GetAssemblyIdentityFromFile
GetAssemblyMDImport
GetCLRFunction
GetCLRIdentityManager
GetCachePath
GetHashFromAssemblyFile
GetHashFromAssemblyFileW
GetHashFromBlob
GetHashFromFile
GetHashFromFileW
GetHashFromHandle
GetHistoryFileDirectory
GetIdentityAuthority
GetMetaDataInternalInterface
GetMetaDataInternalInterfaceFromPublic
GetMetaDataPublicInterfaceFromInternal
GetPermissionRequests
GetPrivateContextsPerfCounters
GetUserStateManager
GetUserStateManagerInternal
GetUserStore
GetUserStoreInternal
IEE
InitializeFusion
InstallCustomAssembly
InstallCustomModule
LegacyNGenCompile
LegacyNGenCreateZapper
LegacyNGenFreeZapper
LegacyNGenTryEnumerateFusionCache
LoadStringRC
LoadStringRCEx
LogHelp_LogAssert
LogHelp_NoGuiOnAssert
LogHelp_TerminateOnAssert
LookupHistoryAssembly
MetaDataGetDispenser
NGenCreateNGenWorker
NukeDownloadedCache
ParseManifest
ParseManifestInternal
PostErrorVA
PreBindAssembly
PreBindAssemblyEx
ReOpenMetaDataWithMemory
ReOpenMetaDataWithMemoryEx
StrongNameCompareAssemblies
StrongNameErrorInfo
StrongNameFreeBuffer
StrongNameGetBlob
StrongNameGetBlobFromImage
StrongNameGetPublicKey
StrongNameHashSize
StrongNameKeyDelete
StrongNameKeyGen
StrongNameKeyGenEx
StrongNameKeyInstall
StrongNameSignatureGeneration
StrongNameSignatureGenerationEx
StrongNameSignatureSize
StrongNameSignatureVerification
StrongNameSignatureVerificationEx
StrongNameSignatureVerificationFromImage
StrongNameTokenFromAssembly
StrongNameTokenFromAssemblyEx
StrongNameTokenFromPublicKey
TranslateSecurityAttributes
_AxlGetIssuerPublicKeyHash
_AxlPublicKeyBlobToPublicKeyToken
_AxlRSAKeyValueToPublicKeyToken
_CorDllMain
_CorExeMain
_CorExeMain2

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CLR_UEF
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/normidna.nlp
v2.0.50727/normnfc.nlp
v2.0.50727/normnfd.nlp
v2.0.50727/normnfkc.nlp
v2.0.50727/normnfkd.nlp
v2.0.50727/perfcounter.dll
.dll windows:5 windows x86 arch:x86

39bba1f42319f1b5ace86f1e78e154cc

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2013, 20:08

Not After

27/06/2014, 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:d1:df:5a:23:b8:95:dc:62:14:45:34:f8:d7:71:48:bf:e3:3a:5a
Signer

Actual PE Digest

18:d1:df:5a:23:b8:95:dc:62:14:45:34:f8:d7:71:48:bf:e3:3a:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

perfcounter.pdb

Imports

mscoree

GetRequestedRuntimeInfo

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
wcscat_s
_vsnprintf
_vsnwprintf_s
_vsnprintf_s
_errno
strcpy_s
memmove
_purecall
memcpy
strchr
wcscpy_s
wcsncpy_s
iswspace
wcstol
wcsncpy
towlower
_wcsicmp
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
memset
_CxxThrowException
_snwprintf_s
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
memmove_s
memcpy_s

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
DisableThreadLibraryCalls
Sleep
InterlockedExchange
CloseHandle
GetProcessTimes
GetLastError
OpenProcess
UnmapViewOfFile
VirtualQuery
MapViewOfFile
WaitForSingleObject
ReleaseMutex
QueryPerformanceCounter
QueryPerformanceFrequency
TlsGetValue
InterlockedCompareExchange
SetLastError
GetModuleHandleA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetVersionExA
MultiByteToWideChar
GetCPInfo
WideCharToMultiByte
lstrlenW
TerminateProcess
GetCurrentProcess
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
GetVersionExW
OutputDebugStringA
OutputDebugStringW
CreateMutexA
CreateMutexW
OpenMutexA
OpenMutexW
GetSystemTimeAsFileTime
OpenFileMappingA
OpenFileMappingW
FreeLibrary
GetCurrentProcessId
LocalFree
LocalAlloc
FormatMessageA
FormatMessageW
GetCurrentThreadId

user32

LoadStringA
LoadStringW

advapi32

FreeSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegEnumKeyExA
RegEnumKeyExW
RegQueryValueExA
RegSetValueExA
RegSetValueExW
RegCreateKeyExA
RegCreateKeyExW
RegQueryValueExW

pdh

PdhFormatFromRawValue

Exports

Exports

ClosePerformanceData
CollectPerformanceData
FormatFromRawValue
OpenPerformanceData

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/prc.nlp
v2.0.50727/prcp.nlp
v2.0.50727/sortkey.nlp
v2.0.50727/sorttbls.nlp
v2.0.50727/webengine.dll
.dll regsvr32 windows:5 windows x86 arch:x86

78160a6a84b2d2de6f5d597f7ff45d8e

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:09:b4:75:fd:ab:89:ce:53:5d:5f:cf:ed:87:fd:ae:95:b7:e2:96
Signer

Actual PE Digest

54:09:b4:75:fd:ab:89:ce:53:5d:5f:cf:ed:87:fd:ae:95:b7:e2:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

webengine.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
CloseHandle
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
GetLastError
WriteFile
CreateNamedPipeW
lstrlenW
ReadFile
GetOverlappedResult
Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
HeapFree
HeapCreate
HeapAlloc
SwitchToThread
lstrlenA
WideCharToMultiByte
FormatMessageW
GetFileAttributesExW
GetTickCount
CreateFileW
OutputDebugStringW
GetCurrentThreadId
WaitForSingleObject
CreateThread
InterlockedExchange
ReadDirectoryChangesW
GetLongPathNameW
GetSystemTimeAsFileTime
LocalFree
DuplicateHandle
GetModuleFileNameW
GetModuleHandleW
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetFileSize
FormatMessageA
AddAtomW
FindAtomW
FreeLibrary
GetProcAddress
LoadLibraryW
SetLastError
CreateMutexW
WaitForSingleObjectEx
ReleaseMutex
GlobalFree
GlobalAlloc
InitializeCriticalSectionAndSpinCount
TlsAlloc
GetProcessHeap
DisableThreadLibraryCalls
GetLocaleInfoW
GetConsoleOutputCP
GetUserDefaultUILanguage
GetStdHandle
LoadLibraryExW
GetSystemDefaultUILanguage
FindClose
FindFirstFileW
InterlockedExchangeAdd
FindNextFileW
FindFirstFileExW
DisconnectNamedPipe
ConnectNamedPipe
GetVersionExW
CreateEventW
GetExitCodeProcess
WaitForMultipleObjects
CreateProcessW
TerminateProcess
GetSystemInfo
OpenProcess
SetEvent
ResetEvent
GetEnvironmentVariableW
DebugBreak
GlobalMemoryStatus
GetFileAttributesW
GetComputerNameW
GetSystemWindowsDirectoryW
CreateDirectoryW
LocalAlloc
DeleteFileW
LockResource
LoadResource
SizeofResource
FindResourceW
GetTempFileNameW
GetWindowsDirectoryW
GetTempPathW
WritePrivateProfileStringW
CopyFileW
GetTimeFormatA
GetDateFormatA
FlushFileBuffers
RemoveDirectoryW
lstrcmpW
CompareFileTime
LoadLibraryA
GetSystemDirectoryA
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
CreateRemoteThread
GetModuleHandleA
ReadProcessMemory
GetSystemDirectoryW
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateTimerQueueTimer
DeleteTimerQueueTimer
VirtualFree
VirtualAlloc
ExpandEnvironmentStringsW
TlsFree
GetFileSizeEx
CreateSemaphoreA
CompareStringW
LocalReAlloc
GetSystemDefaultLangID
ReleaseSemaphore
CreateSemaphoreW
OutputDebugStringA
GetProcessAffinityMask
HeapSize
HeapReAlloc
GetFileType
GetConsoleMode
WriteConsoleW
RaiseException

msvcr80

_wcsnicmp
swscanf
_vsnprintf_s
_ultoa_s
strstr
strcpy_s
calloc
free
strncpy_s
strtoul
sprintf_s
strcat_s
_itoa_s
isdigit
_atoi64
sscanf
strtol
towlower
strncmp
memmove
_wcslwr
_wtol
strrchr
_CxxThrowException
isxdigit
iswxdigit
_errno
wcstol
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
__clean_type_info_names_internal
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wcschr
memcpy
memset
_itow_s
_wcsicmp
_purecall
_wtoi
wcsstr
wcsncmp
_vsnwprintf_s
strchr
memchr
atoi
_strnicmp
_stricmp
wcstoul
iswalnum
iswspace
_set_error_mode
wcsrchr
_beginthread
bsearch
wcstok

ntdll

NtQueryInformationThread
NtQuerySystemInformation
RtlCaptureStackBackTrace
NtQueryInformationProcess

user32

CharNextA
MessageBoxW
PeekMessageW
LoadStringA
CharNextExA
CharPrevW
GetUserObjectSecurity
SetUserObjectSecurity

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
LoadUserProfileW

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

Exports

Exports

??0BUFFER@@QAE@I@Z
??0BUFFER@@QAE@PAEI@Z
??0BUFFER_CHAIN@@QAE@XZ
??0BUFFER_CHAIN_ITEM@@QAE@I@Z
??0CCritSec@@QAE@XZ
??0CFakeLock@@QAE@XZ
??0CReaderWriterLock2@@QAE@XZ
??0CReaderWriterLock3@@QAE@XZ
??0CReaderWriterLock@@QAE@XZ
??0CRtlResource@@QAE@XZ
??0CShareLock@@QAE@XZ
??0CSharelock@@QAE@HH@Z
??0CSmallSpinLock@@QAE@XZ
??0CSpinLock@@QAE@XZ
??0STRA@@AAE@ABV0@@Z
??0STRA@@AAE@PAD@Z
??0STRA@@AAE@PBD@Z
??0STRA@@QAE@PADK@Z
??0STRA@@QAE@XZ
??0STRAU@@QAE@AAV0@@Z
??0STRAU@@QAE@PBD@Z
??0STRAU@@QAE@PBDH@Z
??0STRAU@@QAE@PBG@Z
??0STRAU@@QAE@XZ
??0STRU@@AAE@ABV0@@Z
??0STRU@@AAE@PAG@Z
??0STRU@@AAE@PBG@Z
??0STRU@@QAE@PAGK@Z
??0STRU@@QAE@XZ
??0TS_RESOURCE@@QAE@XZ
??1BUFFER@@QAE@XZ
??1BUFFER_CHAIN@@QAE@XZ
??1BUFFER_CHAIN_ITEM@@QAE@XZ
??1CCritSec@@QAE@XZ
??1CFakeLock@@QAE@XZ
??1CReaderWriterLock2@@QAE@XZ
??1CReaderWriterLock3@@QAE@XZ
??1CReaderWriterLock@@QAE@XZ
??1CRtlResource@@QAE@XZ
??1CShareLock@@QAE@XZ
??1CSharelock@@QAE@XZ
??1CSmallSpinLock@@QAE@XZ
??1CSpinLock@@QAE@XZ
??1STRA@@QAE@XZ
??1STRAU@@QAE@XZ
??1STRU@@QAE@XZ
??1TS_RESOURCE@@QAE@XZ
??2BUFFER_CHAIN_ITEM@@SGPAXI@Z
??3BUFFER_CHAIN_ITEM@@SGXPAX@Z
??4?$CLockBase@$00$00$02$00$02$01@@QAEAAV0@ABV0@@Z
??4?$CLockBase@$01$00$00$00$02$01@@QAEAAV0@ABV0@@Z
??4?$CLockBase@$02$00$00$00$00$00@@QAEAAV0@ABV0@@Z
??4?$CLockBase@$03$00$00$01$02$02@@QAEAAV0@ABV0@@Z
??4?$CLockBase@$04$01$00$01$02$02@@QAEAAV0@ABV0@@Z
??4?$CLockBase@$05$01$00$01$02$02@@QAEAAV0@ABV0@@Z
??4?$CLockBase@$06$01$01$00$02$01@@QAEAAV0@ABV0@@Z
??4?$CLockBase@$07$01$01$00$02$01@@QAEAAV0@ABV0@@Z
??4?$CLockBase@$08$01$00$00$02$01@@QAEAAV0@ABV0@@Z
??4BUFFER@@QAEAAV0@ABV0@@Z
??4BUFFER_CHAIN@@QAEAAV0@ABV0@@Z
??4BUFFER_CHAIN_ITEM@@QAEAAV0@ABV0@@Z
??4CCritSec@@QAEAAV0@ABV0@@Z
??4CFakeLock@@QAEAAV0@ABV0@@Z
??4CReaderWriterLock2@@QAEAAV0@ABV0@@Z
??4CReaderWriterLock3@@QAEAAV0@ABV0@@Z
??4CReaderWriterLock@@QAEAAV0@ABV0@@Z
??4CRtlResource@@QAEAAV0@ABV0@@Z
??4CSmallSpinLock@@QAEAAV0@ABV0@@Z
??4CSpinLock@@QAEAAV0@ABV0@@Z
??4STRA@@AAEAAV0@ABV0@@Z
??4STRAU@@QAEAAV0@ABV0@@Z
??4STRU@@AAEAAV0@ABV0@@Z
??4TS_RESOURCE@@QAEAAV0@ABV0@@Z
??_FBUFFER@@QAEXXZ
??_FBUFFER_CHAIN_ITEM@@QAEXXZ
??_FCSharelock@@QAEXXZ
?ActiveUsers@CSharelock@@QAEHXZ
?Append@STRA@@QAEJABV1@@Z
?Append@STRA@@QAEJPBD@Z
?Append@STRA@@QAEJPBDK@Z
?Append@STRAU@@QAEHAAV1@@Z
?Append@STRAU@@QAEHPBD@Z
?Append@STRAU@@QAEHPBDK@Z
?Append@STRAU@@QAEHPBG@Z
?Append@STRAU@@QAEHPBGK@Z
?Append@STRU@@QAEJABV1@@Z
?Append@STRU@@QAEJG@Z
?Append@STRU@@QAEJPBG@Z
?Append@STRU@@QAEJPBGK@Z
?AppendA@STRU@@QAEJPBD@Z
?AppendA@STRU@@QAEJPBDK@Z
?AppendBuffer@BUFFER_CHAIN@@QAEHPAVBUFFER_CHAIN_ITEM@@@Z
?AppendW@STRA@@QAEJPBG@Z
?AppendW@STRA@@QAEJPBGK@Z
?AppendWTruncate@STRA@@QAEJPBG@Z
?AppendWTruncate@STRA@@QAEJPBGK@Z
?AuxAppend@STRA@@AAEJPBEKKH@Z
?AuxAppend@STRAU@@AAEHPBDIH@Z
?AuxAppend@STRAU@@AAEHPBGIH@Z
?AuxAppend@STRU@@AAEJPBEKKH@Z
?AuxAppendA@STRU@@AAEJPBEKKH@Z
?AuxAppendW@STRA@@AAEJPBGKKH@Z
?AuxAppendWTruncate@STRA@@AAEJPBGKKH@Z
?AuxInit@STRAU@@AAEXPBD@Z
?AuxInit@STRAU@@AAEXPBG@Z
?CalcTotalSize@BUFFER_CHAIN@@QBEKH@Z
?ChangeExclusiveLockToSharedLock@CSharelock@@QAEXXZ
?ChangeSharedLockToExclusiveLock@CSharelock@@QAEEH@Z
?ClaimExclusiveLock@CSharelock@@QAEEH@Z
?ClaimShareLock@CSharelock@@QAEEH@Z
?ClassName@CCritSec@@SGPBGXZ
?ClassName@CFakeLock@@SGPBGXZ
?ClassName@CReaderWriterLock2@@SGPBGXZ
?ClassName@CReaderWriterLock3@@SGPBGXZ
?ClassName@CReaderWriterLock@@SGPBGXZ
?ClassName@CRtlResource@@SGPBDXZ
?ClassName@CShareLock@@SGPBDXZ
?ClassName@CSmallSpinLock@@SGPBGXZ
?ClassName@CSpinLock@@SGPBGXZ
?Clone@STRA@@QBEJPAV1@@Z
?Convert@TS_RESOURCE@@QAEXW4TSRES_CONV_TYPE@@@Z
?ConvertExclusiveToShared@CCritSec@@QAEXXZ
?ConvertExclusiveToShared@CFakeLock@@QAEXXZ
?ConvertExclusiveToShared@CReaderWriterLock2@@QAEXXZ
?ConvertExclusiveToShared@CReaderWriterLock3@@QAEXXZ
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
?ConvertExclusiveToShared@CRtlResource@@QAEXXZ
?ConvertExclusiveToShared@CShareLock@@QAEXXZ
?ConvertExclusiveToShared@CSmallSpinLock@@QAEXXZ
?ConvertExclusiveToShared@CSpinLock@@QAEXXZ
?ConvertSharedToExclusive@CCritSec@@QAEXXZ
?ConvertSharedToExclusive@CFakeLock@@QAEXXZ
?ConvertSharedToExclusive@CReaderWriterLock2@@QAEXXZ
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
?ConvertSharedToExclusive@CRtlResource@@QAEXXZ
?ConvertSharedToExclusive@CShareLock@@QAEXXZ
?ConvertSharedToExclusive@CSmallSpinLock@@QAEXXZ
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ
?Copy@STRA@@QAEJABV1@@Z
?Copy@STRA@@QAEJPBD@Z
?Copy@STRA@@QAEJPBDK@Z
?Copy@STRAU@@QAEHAAV1@@Z
?Copy@STRAU@@QAEHPBD@Z
?Copy@STRAU@@QAEHPBDK@Z
?Copy@STRAU@@QAEHPBG@Z
?Copy@STRAU@@QAEHPBGK@Z
?Copy@STRU@@QAEJABV1@@Z
?Copy@STRU@@QAEJPBG@Z
?Copy@STRU@@QAEJPBGK@Z
?Copy@STRU@@QAEJPBV1@@Z
?CopyA@STRU@@QAEJPBD@Z
?CopyA@STRU@@QAEJPBDK@Z
?CopyBinary@STRA@@QAEJPAXK@Z
?CopyToBuffer@STRA@@QBEJPADPAK@Z
?CopyToBuffer@STRU@@QBEJPAGPAK@Z
?CopyW@STRA@@QAEJPBG@Z
?CopyW@STRA@@QAEJPBGK@Z
?CopyWToUTF8Escaped@STRA@@QAEJABVSTRU@@@Z
?CopyWToUTF8Escaped@STRA@@QAEJPBG@Z
?CopyWToUTF8Escaped@STRA@@QAEJPBGK@Z
?CopyWToUTF8Unescaped@STRA@@QAEJABVSTRU@@@Z
?CopyWToUTF8Unescaped@STRA@@QAEJPBG@Z
?CopyWToUTF8Unescaped@STRA@@QAEJPBGK@Z
?CopyWTruncate@STRA@@QAEJPBG@Z
?CopyWTruncate@STRA@@QAEJPBGK@Z
?DeleteChain@BUFFER_CHAIN@@QAEKXZ
?Equals@STRA@@QBEHABV1@@Z
?Equals@STRA@@QBEHPBD@Z
?Equals@STRU@@QBEHABV1@@Z
?Equals@STRU@@QBEHPBG@Z
?EqualsNoCase@STRA@@QBEHABV1@@Z
?EqualsNoCase@STRA@@QBEHPBD@Z
?EqualsNoCase@STRU@@QBEHABV1@@Z
?EqualsNoCase@STRU@@QBEHPBG@Z
?Escape@STRA@@QAEJHH@Z
?Escape@STRU@@QAEJXZ
?FormatString@STRA@@QAEJKQAPBDPBDK@Z
?FreeMemory@BUFFER@@QAEXXZ
?GetDefaultSpinAdjustmentFactor@CCritSec@@SGNXZ
?GetDefaultSpinAdjustmentFactor@CFakeLock@@SGNXZ
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGNXZ
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGNXZ
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock@@SGNXZ
?GetDefaultSpinAdjustmentFactor@CRtlResource@@SGNXZ
?GetDefaultSpinAdjustmentFactor@CShareLock@@SGNXZ
?GetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGNXZ
?GetDefaultSpinAdjustmentFactor@CSpinLock@@SGNXZ
?GetDefaultSpinCount@CCritSec@@SGGXZ
?GetDefaultSpinCount@CFakeLock@@SGGXZ
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ
?GetDefaultSpinCount@CReaderWriterLock3@@SGGXZ
?GetDefaultSpinCount@CReaderWriterLock@@SGGXZ
?GetDefaultSpinCount@CRtlResource@@SGGXZ
?GetDefaultSpinCount@CShareLock@@SGGXZ
?GetDefaultSpinCount@CSmallSpinLock@@SGGXZ
?GetDefaultSpinCount@CSpinLock@@SGGXZ
?GetNewStorage@BUFFER@@AAEHI@Z
?GetSpinCount@CCritSec@@QBEGXZ
?GetSpinCount@CFakeLock@@QBEGXZ
?GetSpinCount@CReaderWriterLock2@@QBEGXZ
?GetSpinCount@CReaderWriterLock3@@QBEGXZ
?GetSpinCount@CReaderWriterLock@@QBEGXZ
?GetSpinCount@CRtlResource@@QBEGXZ
?GetSpinCount@CShareLock@@QBEGXZ
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?GetSpinCount@CSpinLock@@QBEGXZ
?HTMLEncode@STRA@@QAEJXZ
?HTMLEncode@STRU@@QAEJXZ
?IsCurrentUnicode@STRAU@@QAEHXZ
?IsDynAlloced@BUFFER@@ABEHXZ
?IsEmpty@STRA@@QBEHXZ
?IsEmpty@STRAU@@QAEHXZ
?IsEmpty@STRU@@QBEHXZ
?IsReadLocked@CCritSec@@QBE_NXZ
?IsReadLocked@CFakeLock@@QBE_NXZ
?IsReadLocked@CReaderWriterLock2@@QBE_NXZ
?IsReadLocked@CReaderWriterLock3@@QBE_NXZ
?IsReadLocked@CReaderWriterLock@@QBE_NXZ
?IsReadLocked@CRtlResource@@QBE_NXZ
?IsReadLocked@CShareLock@@QBE_NXZ
?IsReadLocked@CSmallSpinLock@@QBE_NXZ
?IsReadLocked@CSpinLock@@QBE_NXZ
?IsReadUnlocked@CCritSec@@QBE_NXZ
?IsReadUnlocked@CFakeLock@@QBE_NXZ
?IsReadUnlocked@CReaderWriterLock2@@QBE_NXZ
?IsReadUnlocked@CReaderWriterLock3@@QBE_NXZ
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?IsReadUnlocked@CRtlResource@@QBE_NXZ
?IsReadUnlocked@CShareLock@@QBE_NXZ
?IsReadUnlocked@CSmallSpinLock@@QBE_NXZ
?IsReadUnlocked@CSpinLock@@QBE_NXZ
?IsValid@BUFFER@@QBEHXZ
?IsValid@STRA@@QBEHXZ
?IsValid@STRAU@@QAEHXZ
?IsWriteLocked@CCritSec@@QBE_NXZ
?IsWriteLocked@CFakeLock@@QBE_NXZ
?IsWriteLocked@CReaderWriterLock2@@QBE_NXZ
?IsWriteLocked@CReaderWriterLock3@@QBE_NXZ
?IsWriteLocked@CReaderWriterLock@@QBE_NXZ
?IsWriteLocked@CRtlResource@@QBE_NXZ
?IsWriteLocked@CShareLock@@QBE_NXZ
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
?IsWriteLocked@CSpinLock@@QBE_NXZ
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?IsWriteUnlocked@CFakeLock@@QBE_NXZ
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?IsWriteUnlocked@CReaderWriterLock@@QBE_NXZ
?IsWriteUnlocked@CRtlResource@@QBE_NXZ
?IsWriteUnlocked@CShareLock@@QBE_NXZ
?IsWriteUnlocked@CSmallSpinLock@@QBE_NXZ
?IsWriteUnlocked@CSpinLock@@QBE_NXZ
?LoadStringW@STRA@@QAEJKPAUHINSTANCE__@@@Z
?LoadStringW@STRA@@QAEJKPBDK@Z
?Lock@TS_RESOURCE@@QAEXW4TSRES_LOCK_TYPE@@@Z
?LockType@?$CLockBase@$00$00$02$00$02$01@@SG?AW4LOCK_LOCKTYPE@@XZ
?LockType@?$CLockBase@$01$00$00$00$02$01@@SG?AW4LOCK_LOCKTYPE@@XZ
?LockType@?$CLockBase@$02$00$00$00$00$00@@SG?AW4LOCK_LOCKTYPE@@XZ
?LockType@?$CLockBase@$03$00$00$01$02$02@@SG?AW4LOCK_LOCKTYPE@@XZ
?LockType@?$CLockBase@$04$01$00$01$02$02@@SG?AW4LOCK_LOCKTYPE@@XZ
?LockType@?$CLockBase@$05$01$00$01$02$02@@SG?AW4LOCK_LOCKTYPE@@XZ
?LockType@?$CLockBase@$06$01$01$00$02$01@@SG?AW4LOCK_LOCKTYPE@@XZ
?LockType@?$CLockBase@$07$01$01$00$02$01@@SG?AW4LOCK_LOCKTYPE@@XZ
?LockType@?$CLockBase@$08$01$00$00$02$01@@SG?AW4LOCK_LOCKTYPE@@XZ
?MutexType@?$CLockBase@$00$00$02$00$02$01@@SG?AW4LOCK_RW_MUTEX@@XZ
?MutexType@?$CLockBase@$01$00$00$00$02$01@@SG?AW4LOCK_RW_MUTEX@@XZ
?MutexType@?$CLockBase@$02$00$00$00$00$00@@SG?AW4LOCK_RW_MUTEX@@XZ
?MutexType@?$CLockBase@$03$00$00$01$02$02@@SG?AW4LOCK_RW_MUTEX@@XZ
?MutexType@?$CLockBase@$04$01$00$01$02$02@@SG?AW4LOCK_RW_MUTEX@@XZ
?MutexType@?$CLockBase@$05$01$00$01$02$02@@SG?AW4LOCK_RW_MUTEX@@XZ
?MutexType@?$CLockBase@$06$01$01$00$02$01@@SG?AW4LOCK_RW_MUTEX@@XZ
?MutexType@?$CLockBase@$07$01$01$00$02$01@@SG?AW4LOCK_RW_MUTEX@@XZ
?MutexType@?$CLockBase@$08$01$00$00$02$01@@SG?AW4LOCK_RW_MUTEX@@XZ
?NextBuffer@BUFFER_CHAIN@@QAEPAVBUFFER_CHAIN_ITEM@@PAV2@@Z
?PerLockSpin@?$CLockBase@$00$00$02$00$02$01@@SG?AW4LOCK_PERLOCK_SPIN@@XZ
?PerLockSpin@?$CLockBase@$01$00$00$00$02$01@@SG?AW4LOCK_PERLOCK_SPIN@@XZ
?PerLockSpin@?$CLockBase@$02$00$00$00$00$00@@SG?AW4LOCK_PERLOCK_SPIN@@XZ
?PerLockSpin@?$CLockBase@$03$00$00$01$02$02@@SG?AW4LOCK_PERLOCK_SPIN@@XZ
?PerLockSpin@?$CLockBase@$04$01$00$01$02$02@@SG?AW4LOCK_PERLOCK_SPIN@@XZ
?PerLockSpin@?$CLockBase@$05$01$00$01$02$02@@SG?AW4LOCK_PERLOCK_SPIN@@XZ
?PerLockSpin@?$CLockBase@$06$01$01$00$02$01@@SG?AW4LOCK_PERLOCK_SPIN@@XZ
?PerLockSpin@?$CLockBase@$07$01$01$00$02$01@@SG?AW4LOCK_PERLOCK_SPIN@@XZ
?PerLockSpin@?$CLockBase@$08$01$00$00$02$01@@SG?AW4LOCK_PERLOCK_SPIN@@XZ
?PrivateQueryStr@STRAU@@AAEPAGH@Z
?QueryBuffer@STRU@@QAEPAVBUFFER@@XZ
?QueryCB@STRA@@QBEIXZ
?QueryCB@STRAU@@QAEIH@Z
?QueryCB@STRU@@QBEIXZ
?QueryCBA@STRAU@@QAEIXZ
?QueryCBW@STRAU@@QAEIXZ
?QueryCCH@STRA@@QBEIXZ
?QueryCCH@STRAU@@QAEIXZ
?QueryCCH@STRU@@QBEIXZ
?QueryPtr@BUFFER@@QBEPAXXZ
?QuerySize@BUFFER@@QBEIXZ
?QuerySize@STRA@@QBEIXZ
?QuerySizeCCH@STRA@@QBEIXZ
?QuerySizeCCH@STRU@@QBEIXZ
?QueryStr@STRA@@QAEPADXZ
?QueryStr@STRA@@QBEPBDXZ
?QueryStr@STRAU@@QAEPAGH@Z
?QueryStr@STRU@@QAEPAGXZ
?QueryStr@STRU@@QBEPBGXZ
?QueryStrA@STRAU@@QAEPADXZ
?QueryStrW@STRAU@@QAEPAGXZ
?QueryUsed@BUFFER_CHAIN_ITEM@@QBEKXZ
?QueueType@?$CLockBase@$00$00$02$00$02$01@@SG?AW4LOCK_QUEUE_TYPE@@XZ
?QueueType@?$CLockBase@$01$00$00$00$02$01@@SG?AW4LOCK_QUEUE_TYPE@@XZ
?QueueType@?$CLockBase@$02$00$00$00$00$00@@SG?AW4LOCK_QUEUE_TYPE@@XZ
?QueueType@?$CLockBase@$03$00$00$01$02$02@@SG?AW4LOCK_QUEUE_TYPE@@XZ
?QueueType@?$CLockBase@$04$01$00$01$02$02@@SG?AW4LOCK_QUEUE_TYPE@@XZ
?QueueType@?$CLockBase@$05$01$00$01$02$02@@SG?AW4LOCK_QUEUE_TYPE@@XZ
?QueueType@?$CLockBase@$06$01$01$00$02$01@@SG?AW4LOCK_QUEUE_TYPE@@XZ
?QueueType@?$CLockBase@$07$01$01$00$02$01@@SG?AW4LOCK_QUEUE_TYPE@@XZ
?QueueType@?$CLockBase@$08$01$00$00$02$01@@SG?AW4LOCK_QUEUE_TYPE@@XZ
?ReadLock@CCritSec@@QAEXXZ
?ReadLock@CFakeLock@@QAEXXZ
?ReadLock@CReaderWriterLock2@@QAEXXZ
?ReadLock@CReaderWriterLock3@@QAEXXZ
?ReadLock@CReaderWriterLock@@QAEXXZ
?ReadLock@CRtlResource@@QAEXXZ
?ReadLock@CShareLock@@QAEXXZ
?ReadLock@CSmallSpinLock@@QAEXXZ
?ReadLock@CSpinLock@@QAEXXZ
?ReadOrWriteLock@CCritSec@@QAE_NXZ
?ReadOrWriteLock@CFakeLock@@QAE_NXZ
?ReadOrWriteLock@CReaderWriterLock3@@QAE_NXZ
?ReadOrWriteLock@CSpinLock@@QAE_NXZ
?ReadOrWriteUnlock@CCritSec@@QAEX_N@Z
?ReadOrWriteUnlock@CFakeLock@@QAEX_N@Z
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?ReadUnlock@CCritSec@@QAEXXZ
?ReadUnlock@CFakeLock@@QAEXXZ
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
?ReadUnlock@CReaderWriterLock3@@QAEXXZ
?ReadUnlock@CReaderWriterLock@@QAEXXZ
?ReadUnlock@CRtlResource@@QAEXXZ
?ReadUnlock@CShareLock@@QAEXXZ
?ReadUnlock@CSmallSpinLock@@QAEXXZ
?ReadUnlock@CSpinLock@@QAEXXZ
?ReallocStorage@BUFFER@@AAEHI@Z
?Recursion@?$CLockBase@$00$00$02$00$02$01@@SG?AW4LOCK_RECURSION@@XZ
?Recursion@?$CLockBase@$01$00$00$00$02$01@@SG?AW4LOCK_RECURSION@@XZ
?Recursion@?$CLockBase@$02$00$00$00$00$00@@SG?AW4LOCK_RECURSION@@XZ
?Recursion@?$CLockBase@$03$00$00$01$02$02@@SG?AW4LOCK_RECURSION@@XZ
?Recursion@?$CLockBase@$04$01$00$01$02$02@@SG?AW4LOCK_RECURSION@@XZ
?Recursion@?$CLockBase@$05$01$00$01$02$02@@SG?AW4LOCK_RECURSION@@XZ
?Recursion@?$CLockBase@$06$01$01$00$02$01@@SG?AW4LOCK_RECURSION@@XZ
?Recursion@?$CLockBase@$07$01$01$00$02$01@@SG?AW4LOCK_RECURSION@@XZ
?Recursion@?$CLockBase@$08$01$00$00$02$01@@SG?AW4LOCK_RECURSION@@XZ
?ReleaseExclusiveLock@CSharelock@@QAEXXZ
?ReleaseShareLock@CSharelock@@QAEXXZ
?Reset@STRA@@QAEXXZ
?Reset@STRAU@@QAEXXZ
?Reset@STRU@@QAEXXZ
?Resize@BUFFER@@QAEHI@Z
?Resize@BUFFER@@QAEHII@Z
?Resize@STRA@@QAEJK@Z
?Resize@STRU@@QAEJK@Z
?ResizeW@STRAU@@QAEHK@Z
?SAFE_snwprintf@@YAJPAVSTRU@@PBGZZ
?SafeCopy@STRAU@@QAEHPBD@Z
?SafeCopy@STRAU@@QAEHPBG@Z
?SetDefaultSpinAdjustmentFactor@CCritSec@@SGXN@Z
?SetDefaultSpinAdjustmentFactor@CFakeLock@@SGXN@Z
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGXN@Z
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock@@SGXN@Z
?SetDefaultSpinAdjustmentFactor@CRtlResource@@SGXN@Z
?SetDefaultSpinAdjustmentFactor@CShareLock@@SGXN@Z
?SetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGXN@Z
?SetDefaultSpinAdjustmentFactor@CSpinLock@@SGXN@Z
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?SetDefaultSpinCount@CFakeLock@@SGXG@Z
?SetDefaultSpinCount@CReaderWriterLock2@@SGXG@Z
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?SetDefaultSpinCount@CReaderWriterLock@@SGXG@Z
?SetDefaultSpinCount@CRtlResource@@SGXG@Z
?SetDefaultSpinCount@CShareLock@@SGXG@Z
?SetDefaultSpinCount@CSmallSpinLock@@SGXG@Z
?SetDefaultSpinCount@CSpinLock@@SGXG@Z
?SetLen@STRA@@QAEHK@Z
?SetLen@STRAU@@QAEHK@Z
?SetLen@STRU@@QAEHK@Z
?SetSpinCount@CCritSec@@QAE_NG@Z
?SetSpinCount@CCritSec@@SGKPAU_RTL_CRITICAL_SECTION@@K@Z
?SetSpinCount@CFakeLock@@QAE_NG@Z
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?SetSpinCount@CRtlResource@@QAE_NG@Z
?SetSpinCount@CShareLock@@QAE_NG@Z
?SetSpinCount@CSmallSpinLock@@QAE_NG@Z
?SetSpinCount@CSpinLock@@QAE_NG@Z
?SetUsed@BUFFER_CHAIN_ITEM@@QAEXK@Z
?SetValid@BUFFER@@QAEXH@Z
?SleepWaitingForLock@CSharelock@@AAEEH@Z
?SyncWithBuffer@STRA@@QAEXXZ
?SyncWithBuffer@STRU@@QAEXXZ
?TryConvertSharedToExclusive@CReaderWriterLock3@@QAE_NXZ
?TryReadLock@CCritSec@@QAE_NXZ
?TryReadLock@CFakeLock@@QAE_NXZ
?TryReadLock@CReaderWriterLock2@@QAE_NXZ
?TryReadLock@CReaderWriterLock3@@QAE_NXZ
?TryReadLock@CReaderWriterLock@@QAE_NXZ
?TryReadLock@CRtlResource@@QAE_NXZ
?TryReadLock@CShareLock@@QAE_NXZ
?TryReadLock@CSmallSpinLock@@QAE_NXZ
?TryReadLock@CSpinLock@@QAE_NXZ
?TryReadOrWriteLock@CReaderWriterLock3@@QAE_NAA_N@Z
?TryWriteLock@CCritSec@@QAE_NXZ
?TryWriteLock@CFakeLock@@QAE_NXZ
?TryWriteLock@CReaderWriterLock2@@QAE_NXZ
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?TryWriteLock@CReaderWriterLock@@QAE_NXZ
?TryWriteLock@CRtlResource@@QAE_NXZ
?TryWriteLock@CShareLock@@QAE_NXZ
?TryWriteLock@CSmallSpinLock@@QAE_NXZ
?TryWriteLock@CSpinLock@@QAE_NXZ
?Unescape@STRA@@QAEJXZ
?Unescape@STRU@@QAEJXZ
?Unlock@TS_RESOURCE@@QAEXXZ
?UpdateMaxSpins@CSharelock@@QAEEH@Z
?UpdateMaxUsers@CSharelock@@QAEEH@Z
?VerifyState@BUFFER@@ABEXXZ
?WaitForExclusiveLock@CSharelock@@AAEEH@Z
?WaitForShareLock@CSharelock@@AAEEH@Z
?WaitType@?$CLockBase@$00$00$02$00$02$01@@SG?AW4LOCK_WAIT_TYPE@@XZ
?WaitType@?$CLockBase@$01$00$00$00$02$01@@SG?AW4LOCK_WAIT_TYPE@@XZ
?WaitType@?$CLockBase@$02$00$00$00$00$00@@SG?AW4LOCK_WAIT_TYPE@@XZ
?WaitType@?$CLockBase@$03$00$00$01$02$02@@SG?AW4LOCK_WAIT_TYPE@@XZ
?WaitType@?$CLockBase@$04$01$00$01$02$02@@SG?AW4LOCK_WAIT_TYPE@@XZ
?WaitType@?$CLockBase@$05$01$00$01$02$02@@SG?AW4LOCK_WAIT_TYPE@@XZ
?WaitType@?$CLockBase@$06$01$01$00$02$01@@SG?AW4LOCK_WAIT_TYPE@@XZ
?WaitType@?$CLockBase@$07$01$01$00$02$01@@SG?AW4LOCK_WAIT_TYPE@@XZ
?WaitType@?$CLockBase@$08$01$00$00$02$01@@SG?AW4LOCK_WAIT_TYPE@@XZ
?WakeAllSleepers@CSharelock@@AAEXXZ
?WriteLock@CCritSec@@QAEXXZ
?WriteLock@CFakeLock@@QAEXXZ
?WriteLock@CReaderWriterLock2@@QAEXXZ
?WriteLock@CReaderWriterLock3@@QAEXXZ
?WriteLock@CReaderWriterLock@@QAEXXZ
?WriteLock@CRtlResource@@QAEXXZ
?WriteLock@CShareLock@@QAEXXZ
?WriteLock@CSmallSpinLock@@QAEXXZ
?WriteLock@CSpinLock@@QAEXXZ
?WriteUnlock@CCritSec@@QAEXXZ
?WriteUnlock@CFakeLock@@QAEXXZ
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?WriteUnlock@CReaderWriterLock@@QAEXXZ
?WriteUnlock@CRtlResource@@QAEXXZ
?WriteUnlock@CShareLock@@QAEXXZ
?WriteUnlock@CSmallSpinLock@@QAEXXZ
?WriteUnlock@CSpinLock@@QAEXXZ
?_CmpExch@CReaderWriterLock2@@AAE_NJJ@Z
?_CmpExch@CReaderWriterLock3@@AAE_NJJ@Z
?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
?_CurrentThreadId@CReaderWriterLock3@@CGJXZ
?_CurrentThreadId@CSmallSpinLock@@CGJXZ
?_CurrentThreadId@CSpinLock@@CGJXZ
?_IsLocked@CSpinLock@@ABE_NXZ
?_Lock@CSpinLock@@AAEXXZ
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
?_LockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?_LockSpin@CReaderWriterLock@@AAEX_N@Z
?_LockSpin@CSmallSpinLock@@AAEXXZ
?_LockSpin@CSpinLock@@AAEXXZ
?_ReadLockSpin@CReaderWriterLock2@@AAEXXZ
?_ReadLockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?_TryLock@CSmallSpinLock@@AAE_NXZ
?_TryLock@CSpinLock@@AAE_NXZ
?_TryReadLock@CReaderWriterLock2@@AAE_NXZ
?_TryReadLock@CReaderWriterLock3@@AAE_NXZ
?_TryReadLock@CReaderWriterLock@@AAE_NXZ
?_TryReadLockRecursive@CReaderWriterLock3@@AAE_NXZ
?_TryWriteLock2@CReaderWriterLock3@@AAE_NXZ
?_TryWriteLock@CReaderWriterLock2@@AAE_NJ@Z
?_TryWriteLock@CReaderWriterLock3@@AAE_NJ@Z
?_TryWriteLock@CReaderWriterLock@@AAE_NXZ
?_Unlock@CSpinLock@@AAEXXZ
?_WriteLockSpin@CReaderWriterLock2@@AAEXXZ
?_WriteLockSpin@CReaderWriterLock3@@AAEXXZ
?_WriteLockSpin@CReaderWriterLock@@AAEXXZ
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
?sm_dblDfltSpinAdjFctr@CFakeLock@@1NA
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
?sm_dblDfltSpinAdjFctr@CReaderWriterLock3@@1NA
?sm_dblDfltSpinAdjFctr@CReaderWriterLock@@1NA
?sm_dblDfltSpinAdjFctr@CRtlResource@@1NA
?sm_dblDfltSpinAdjFctr@CShareLock@@1NA
?sm_dblDfltSpinAdjFctr@CSmallSpinLock@@1NA
?sm_dblDfltSpinAdjFctr@CSpinLock@@1NA
?sm_wDefaultSpinCount@CCritSec@@1GA
?sm_wDefaultSpinCount@CFakeLock@@1GA
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA
?sm_wDefaultSpinCount@CReaderWriterLock3@@1GA

Sections

.text
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2.0.50727/xjis.nlp
־.txt
ܳֵ⼰.txt

Sharing

General

Malware Config

Signatures

Files

cad4c96e19ec6e52560b9ccb84edddb4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

wininet

shlwapi

iphlpapi

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 250KB

.ndata Size: - Virtual size: 740KB

.rsrc Size: 15.8MB - Virtual size: 15.8MB

db2755f409b81c4dbfc04f648cfb80b9

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 987B

.reloc Size: 512B - Virtual size: 66B

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 104B

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

baf2d405231cd43dae48df474a521d01

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comctl32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 947B

.data Size: - Virtual size: 24B

.reloc Size: 512B - Virtual size: 284B

df38729be926f91d3390389029adf53b

Headers

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 250KB

.ndata
Size: - Virtual size: 740KB

.rsrc
Size: 15.8MB - Virtual size: 15.8MB

.text
Size: 1024B - Virtual size: 987B

.reloc
Size: 512B - Virtual size: 66B

.text
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 947B

.data
Size: - Virtual size: 24B

.reloc
Size: 512B - Virtual size: 284B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 797B

.data
Size: - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 254B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 915B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 582B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 828B

.data
Size: 512B - Virtual size: 336B

.reloc
Size: 512B - Virtual size: 348B

.text
Size: 1024B - Virtual size: 934B

.rdata
Size: 512B - Virtual size: 377B

.data
Size: - Virtual size: 20B

.reloc
Size: 512B - Virtual size: 284B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB