bb6fd94d088d1205ae5fe6f1b45c3a366490a1286741c0eb71f517997182f2be

Sharing

Copy URL Twitter E-mail

General

Target

bb6fd94d088d1205ae5fe6f1b45c3a366490a1286741c0eb71f517997182f2be
Size

5.2MB
MD5

8934b92a1d075aae29e2ab5ea5189c49
SHA1

8129c3d444561ec6864d7583131f443d6fdf69cc
SHA256

bb6fd94d088d1205ae5fe6f1b45c3a366490a1286741c0eb71f517997182f2be
SHA512

5523c60979b88938910d46c871ba2103f8f46d06a1017d01bb34a83fd46b105fc7a9f5c9a8879d0be54215bec943d71579dc57ba2a0c879b13e1b772a44c9c95
SSDEEP

98304:/+pmqu8JVd/7u7kxm+YcTjlKOxbqZcZkHOus1DgAtZRixAHAILz1IimEMh:+g7kKcToOYIku1DtbbgIHDmEMh

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PROGRAMFILES/RF_L/TC_EZH32.dll
unpack001/$PROGRAMFILES/RF_L/TCxEZH32.dll
unpack001/$PROGRAMFILES/RF_L/mfcm90.dll
unpack001/$PROGRAMFILES/RF_L/msvcm90.dll
unpack001/$PROGRAMFILES64/RF_L/TC_EZH64.dll
unpack001/$PROGRAMFILES64/RF_L/TCxEZH64.dll
unpack001/$PROGRAMFILES64/RF_L/mfcm90.dll
unpack001/$PROGRAMFILES64/RF_L/msvcm90.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

bb6fd94d088d1205ae5fe6f1b45c3a366490a1286741c0eb71f517997182f2be
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:8f:6c:0e:52:6b:b0:93:ba:54:b7:d9:25:53:c9:f2:57:e4:11:c6
Signer

Actual PE Digest

74:8f:6c:0e:52:6b:b0:93:ba:54:b7:d9:25:53:c9:f2:57:e4:11:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

610235b90207a63ccf481f0d4375d329

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock

user32

MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA

gdi32

DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 606B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

cce05dea98cbac3a9d486b233588f528

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PROGRAMFILES/RF_L/MFC90KOR.dll
.dll windows:5 windows x86 arch:x86

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:6f:54:d3:c0:6d:81:c3:35:14:82:0e:53:31:6b:a0:5e:40:d7:8f
Signer

Actual PE Digest

52:6f:54:d3:c0:6d:81:c3:35:14:82:0e:53:31:6b:a0:5e:40:d7:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/Microsoft.VC90.CRT.manifest
.xml
$PROGRAMFILES/RF_L/Microsoft.VC90.MFC.manifest
.xml
$PROGRAMFILES/RF_L/Microsoft.VC90.MFCLOC.manifest
$PROGRAMFILES/RF_L/RF.exe
.exe windows:5 windows x86 arch:x86

421fe8a8767ea6f1ecc1c8add180520d

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e8:7d:4a:6d:c0:7e:80:ac:e8:29:2f:4f:c1:3b:06:51:f7:6a:a4:b1:85:88:86:55:47:d3:64:4e:71:5c:56:2f
Signer

Actual PE Digest

e8:7d:4a:6d:c0:7e:80:ac:e8:29:2f:4f:c1:3b:06:51:f7:6a:a4:b1:85:88:86:55:47:d3:64:4e:71:5c:56:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tccr

ReadWhiteFile
WriteWhiteFile

mfc90

ord2566
ord6802
ord262
ord5761
ord3579
ord4507
ord4222
ord4727
ord2896
ord4116
ord2481
ord6335
ord3148
ord3731
ord4032
ord4502
ord5963
ord2364
ord405
ord3351
ord2209
ord664
ord3390
ord6154
ord6153
ord6333
ord6330
ord6291
ord6473
ord4384
ord2097
ord590
ord794
ord6494
ord4115
ord5997
ord6559
ord1108
ord2588
ord6456
ord2360
ord1490
ord4248
ord2587
ord6048
ord2899
ord5924
ord1938
ord2280
ord4644
ord1782
ord1717
ord3638
ord3479
ord580
ord781
ord772
ord4431
ord6152
ord1252
ord1166
ord398
ord662
ord1607
ord2084
ord6493
ord4311
ord1062
ord3620
ord553
ord757
ord6707
ord571
ord3491
ord582
ord783
ord945
ord941
ord306
ord3920
ord4801
ord4513
ord2141
ord3730
ord3764
ord4640
ord1670
ord4496
ord1604
ord2103
ord2691
ord3175
ord615
ord3487
ord2277
ord3940
ord1042
ord581
ord782
ord2122
ord3413
ord6810
ord4516
ord2591
ord4953
ord2672
ord613
ord337
ord3779
ord1677
ord6452
ord633
ord3502
ord3831
ord6616
ord4481
ord2082
ord4506
ord5720
ord6098
ord5538
ord3066
ord2038
ord1918
ord942
ord6793
ord4477
ord5876
ord6148
ord767
ord3632
ord1716
ord333
ord6077
ord3663
ord1222
ord2966
ord3391
ord1612
ord1259
ord1220
ord6787
ord1536
ord3762
ord614
ord1177
ord338
ord4890
ord3227
ord3110
ord4029
ord793
ord589
ord3659
ord6001
ord5646
ord5663
ord4981
ord4333
ord5659
ord5657
ord3209
ord2087
ord4199
ord5813
ord6721
ord5533
ord1046
ord4165
ord6018
ord2206
ord2251
ord4733
ord1709
ord4159
ord6783
ord4409
ord4434
ord321
ord1087
ord2447
ord6462
ord1098
ord4197
ord943
ord301
ord5869
ord5167
ord3705
ord665
ord1556
ord4308
ord2501
ord2490
ord406
ord5923
ord5892
ord600
ord908
ord812
ord296
ord6532
ord1758
ord819
ord1039
ord5891
ord3621
ord758
ord554
ord6740
ord2057
ord3783
ord266
ord2592
ord3553
ord1492
ord6771
ord2105
ord1605
ord4497
ord2279
ord1698
ord4643
ord692
ord3830
ord820
ord2753
ord6046
ord6552
ord6043
ord6546
ord4565
ord6549
ord6352
ord6166
ord6084
ord5957
ord6023
ord5846
ord5833
ord6398
ord6157
ord3504
ord3612
ord2470
ord6079
ord6170
ord6527
ord525
ord6078
ord4527
ord4396
ord4030
ord3277
ord3538
ord595
ord796
ord3528
ord2278
ord1771
ord1685
ord3346
ord6391
ord1497
ord4642
ord5585
ord5647
ord4667
ord677
ord3815
ord1603
ord6613
ord3213
ord305
ord1611
ord300
ord1361
ord2130
ord4498
ord2282
ord3568
ord3056
ord3676
ord6646
ord2372
ord1137
ord1387
ord2590
ord3157
ord6188
ord4153
ord310
ord1254
ord1258
ord3674
ord3997
ord5232
ord265
ord314
ord817
ord3178
ord4392
ord899
ord4654
ord4695
ord6102
ord5795
ord1616
ord4570
ord5162
ord5285
ord6086
ord5792
ord1547
ord960
ord3476
ord329
ord1667
ord610
ord6074
ord1357
ord367
ord636
ord524
ord744
ord2069
ord1144
ord3627
ord4993
ord800
ord639
ord374
ord3506
ord4668
ord4895
ord4334
ord2886
ord801
ord4529
ord6584
ord6788
ord6557
ord4760
ord5636
ord316
ord2539
ord910
ord1183
ord259
ord6791
ord1247
ord5750
ord750
ord777
ord3643
ord4646
ord1720
ord2283
ord3617
ord1710
ord1779
ord654
ord611
ord693
ord3480
ord4638
ord1668
ord2274
ord3519
ord3244
ord3554
ord1937
ord2327
ord5878
ord3045
ord441
ord1555
ord5753
ord3179
ord5535
ord663
ord5520
ord404
ord6781
ord6225
ord601
ord3534
ord3477
ord798
ord1358
ord2106
ord3987
ord5615
ord4617
ord5152
ord5309
ord2208
ord1810
ord1809
ord1678
ord3344
ord6388
ord1755
ord1752
ord4331
ord1496
ord4650
ord2074
ord5497
ord6780
ord4589
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord2480
ord1041
ord5870
ord2485
ord5851
ord3005
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord322
ord1145
ord1233
ord947
ord605
ord1278
ord1276

msvcr90

strncpy
memcmp
fclose
strlen
qsort
fopen
_localtime64
_time64
fseek
atoi
_mbsrchr
_mbstok
_purecall
_beginthreadex
_strdup
realloc
malloc
sprintf
calloc
strcpy
__CxxFrameHandler3
memcpy
memset
_mbscmp
free
fgets
strftime
_localtime64_s
strrchr
strcat
fflush
fputs
_splitpath
_mktime64
strchr
strcmp
memcpy_s
memmove_s
_atoi64
fopen_s
fwrite
_access
strstr
_gmtime64_s
rand
vsprintf
swscanf
wcslen
wcscmp
memmove
strcspn
strspn
_mkdir
toupper
_itoa
_wcsicmp
isalpha
strcpy_s
vsprintf_s
_CxxThrowException
_mbsnbcpy
isdigit
sqrt
feof
_strupr
__argv
__argc
_strnicmp
_strlwr
_strnset
_setmbcp
getenv
atol
_stricmp
srand
fputws
fgetws
_stat64i32
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_recalloc
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_except_handler4_common
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
strtoul

kernel32

GetExitCodeProcess
TerminateProcess
DeviceIoControl
GetCurrentProcessId
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrcpyW
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
GetFileSize
GetLocalTime
DuplicateHandle
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentDirectoryA
lstrcmpiA
SystemTimeToFileTime
lstrcpyA
LocalFileTimeToFileTime
lstrcmpA
SetFilePointer
IsBadReadPtr
CreateFileW
WriteFile
SetFileTime
CreateDirectoryW
ReadFile
GetDiskFreeSpaceExA
GlobalFree
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
SetFileAttributesA
lstrlenA
GetTickCount
GetSystemDirectoryA
GetFileAttributesExA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CreateProcessA
CopyFileW
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
CopyFileA
CreateDirectoryA
Sleep
GetQueuedCompletionStatus
ReadDirectoryChangesW
GetCurrentThread
GetThreadPriority
SetThreadPriority
PostQueuedCompletionStatus
GetFileAttributesA
SetLastError
CreateFileA
CreateIoCompletionPort
CompareStringA
VirtualAlloc
LocalFree
FileTimeToLocalFileTime
GetModuleHandleW
WaitForMultipleObjects
SetCurrentDirectoryA
GlobalMemoryStatusEx
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
ResetEvent
CreateEventA
SetEvent
CloseHandle
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
GetUserDefaultLangID
lstrlenW
WideCharToMultiByte
GetLastError
RaiseException
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
VirtualFree
GetVersionExA
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetFileSizeEx
VerLanguageNameA
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameW
GetLongPathNameA
CompareFileTime
GetDateFormatA
GetTimeFormatA
MoveFileA
SetSystemTime
CreateThread
TerminateThread
GlobalAddAtomA
ExitProcess
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
OutputDebugStringA
GetDriveTypeA
QueryDosDeviceA
SetLocalTime
Module32First
Module32Next
GetTimeZoneInformation
GetComputerNameExA
SetPriorityClass
GetComputerNameA
SetUnhandledExceptionFilter
GetSystemInfo
CreateMutexA
ReleaseMutex
MoveFileExA
GetTempPathA
GetModuleFileNameA
RemoveDirectoryA
GetCurrentThreadId
GetSystemTime
GlobalLock
GlobalUnlock
ReadProcessMemory
CreateToolhelp32Snapshot
Process32First
Process32Next
GetWindowsDirectoryA
GetProcessTimes
LocalAlloc
FormatMessageA

user32

LoadBitmapA
keybd_event
SendInput
OpenDesktopA
GetMenuItemCount
GetMenuStringA
SetWindowPos
DeleteMenu
UnregisterHotKey
GetThreadDesktop
OpenInputDesktop
CreateDesktopA
SetThreadDesktop
CloseDesktop
EnumDesktopWindows
EnumWindows
GetClassNameA
CopyIcon
SetSystemCursor
DestroyCursor
CopyImage
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetActiveWindow
GetKeyNameTextA
GetKeyboardState
ToAscii
BringWindowToTop
RegisterWindowMessageA
RegisterHotKey
RegisterDeviceNotificationA
CreateIconIndirect
LoadMenuA
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
WindowFromPoint
ClientToScreen
GetCapture
GetClassInfoA
DrawEdge
LoadCursorA
SetClassLongA
GetWindowThreadProcessId
GetWindow
CallWindowProcA
GetScrollInfo
SetWindowLongA
ReleaseCapture
SetCapture
ReleaseDC
GetDC
IsRectEmpty
FillRect
OffsetRect
OpenClipboard
EmptyClipboard
CloseClipboard
GetTopWindow
MapDialogRect
GetIconInfo
SetForegroundWindow
GetSystemMenu
EnableMenuItem
DestroyIcon
IsWindowEnabled
IsWindowVisible
GetDesktopWindow
EnumChildWindows
LoadStringW
RedrawWindow
GetCursorPos
GetSysColor
IsZoomed
CopyRect
GetWindowTextA
SetRect
FindWindowA
FindWindowExA
SendMessageTimeoutA
MessageBoxA
wsprintfA
SystemParametersInfoA
LoadStringA
UpdateWindow
SetParent
GetFocus
SetScrollPos
DrawIconEx
LoadIconA
GetWindowDC
InflateRect
MoveWindow
GetWindowLongA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBeep
GetMessageA
PostThreadMessageA
CreateWindowExA
DefWindowProcA
RegisterClassA
DestroyWindow
IsWindow
GetParent
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ScreenToClient
InsertMenuA
CreatePopupMenu
InvalidateRect
GetWindowRect
PtInRect
SendMessageA
GetClientRect
PostMessageA
AnimateWindow
KillTimer
SetTimer
SetWindowRgn
GetSystemMetrics
GetKeyState
LoadImageA
EnableWindow

gdi32

DeleteDC
DPtoLP
SetMapMode
GetMapMode
GetDeviceCaps
GetTextMetricsA
CreatePatternBrush
SetDIBits
GetTextExtentPoint32A
CreateDCA
GetTextColor
GetBkColor
Rectangle
SelectObject
CreateSolidBrush
CreateFontIndirectA
GetStockObject
CreateFontA
BitBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
DeleteObject
GetDIBits
RoundRect
CreateRoundRectRgn
StretchBlt
CreateCompatibleDC
GetObjectA
SetStretchBltMode

advapi32

ChangeServiceConfigA
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
AllocateAndInitializeSid
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CreateServiceA
CreateProcessWithLogonW
GetNamedSecurityInfoA
ConvertStringSidToSidA
SetEntriesInAclA
SetNamedSecurityInfoA
GetUserNameA
DeleteService
GetTokenInformation
CryptAcquireContextW
EnumDependentServicesA
CryptDestroyKey
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
LookupAccountSidA
AddAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetSecurityDescriptorControl
SetFileSecurityA
LookupAccountNameA
AddAccessDeniedAce
AddAccessAllowedAce
ControlService
RegDeleteValueA
CryptGenKey
OpenServiceA
RegDeleteKeyA
RegOpenKeyA
CryptAcquireContextA
CryptCreateHash
CryptHashData
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
StartServiceA
QueryServiceStatusEx
CloseServiceHandle
OpenSCManagerA
RegEnumValueA
RegRestoreKeyA
RegCreateKeyExA
RegSaveKeyA
RegCreateKeyA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptDuplicateHash

shell32

SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteExA
SHFileOperationA
SHGetDiskFreeSpaceExA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathMatchSpecA
SHDeleteKeyA
SHCopyKeyA
SHDeleteValueA
StrStrIA

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoInitialize
StringFromGUID2
CoCreateGuid

oleaut32

SafeArrayGetLBound
VariantClear
SafeArrayGetUBound
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
SafeArrayGetElement
VariantInit

wsock32

htonl
bind
select
recvfrom
sendto
gethostname
WSAStartup
socket
ioctlsocket
gethostbyaddr
gethostbyname
htons
connect
recv
send
closesocket
WSACleanup
inet_ntoa
WSAGetLastError
getpeername
inet_addr
getsockname

wininet

HttpSendRequestA
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetQueryDataAvailable
InternetReadFile
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
HttpOpenRequestA

msvcp90

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z

mpr

WNetGetConnectionA
WNetOpenEnumA
WNetEnumResourceA
WNetDisconnectDialog1A
WNetCloseEnum
WNetGetUniversalNameA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses
GetProcessMemoryInfo
GetModuleFileNameExA

setupapi

CM_Get_Device_IDA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsA
CM_Get_Parent
CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

netapi32

NetApiBufferFree
NetFileEnum
NetUseAdd
NetGetJoinInformation
NetWkstaTransportEnum
NetShareDel
NetShareEnum
NetUseDel
NetConnectionEnum

imm32

ImmGetConversionStatus
ImmGetContext
ImmSetConversionStatus

activeds

ord3

iphlpapi

GetIpAddrTable
GetIpNetTable
GetAdaptersInfo
SendARP

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

userenv

CreateEnvironmentBlock

crypt32

CertFreeCertificateChain
CertStrToNameW
CertCreateSelfSignCertificate
CryptFindCertificateKeyProvInfo
CertGetNameStringA
CertVerifyTimeValidity
CertGetCertificateChain
CertCloseStore
CertFreeCertificateContext
CertVerifyRevocation

secur32

FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
InitializeSecurityContextA
ApplyControlToken
AcceptSecurityContext
DecryptMessage
QueryContextAttributesA
EncryptMessage
AcquireCredentialsHandleA
GetUserNameExA

pdh

PdhAddCounterA
PdhOpenQueryA
PdhEnumObjectItemsA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhGetCounterInfoA
PdhMakeCounterPathA

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/TCCr.dll
.dll windows:5 windows x86 arch:x86

452c52a42f390241f459669ed5a93a50

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:27:7d:eb:92:21:98:47:12:72:2e:90:cd:28:bf:da:55:30:de:a5:99:d1:27:87:97:00:86:bc:52:31:55:bf
Signer

Actual PE Digest

58:27:7d:eb:92:21:98:47:12:72:2e:90:cd:28:bf:da:55:30:de:a5:99:d1:27:87:97:00:86:bc:52:31:55:bf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc90

ord5997
ord4392
ord2082
ord5963
ord5924
ord800
ord581
ord782
ord2539
ord321
ord945
ord793
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord1603
ord4199
ord2087
ord3209
ord5657
ord5659
ord941
ord4333
ord4981
ord5663
ord5646
ord6001
ord4197
ord2766
ord2978
ord3107
ord4714
ord2961
ord3110
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4890
ord4667
ord3659
ord589
ord4029
ord1087
ord5813
ord899
ord1252
ord5870
ord1041
ord817
ord3213
ord305
ord1611
ord310
ord314
ord300
ord316
ord820
ord2447
ord4481
ord601
ord943
ord605
ord1278
ord1243
ord1241
ord1268
ord1180
ord1233
ord2084
ord391
ord1152
ord1277
ord1275
ord1145
ord1075
ord1137
ord322
ord801

msvcr90

__CxxFrameHandler3
strncpy
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
??2@YAPAXI@Z
fwrite
fopen
feof
fgets
fclose
strstr
strchr
memset
atoi

kernel32

LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalAlloc
CreateDirectoryA
DeleteFileA
GetModuleFileNameW
WideCharToMultiByte
GetLongPathNameA
GetModuleHandleA
GetProcAddress
GetCurrentProcess

user32

SendMessageA

advapi32

RegSetValueExA
RegEnumValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shlwapi

StrStrIA

Exports

Exports

ReadWhiteFile
ReadWhiteFile2
WriteWhiteFile
WriteWhiteFile2

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/TC_AD.DLL
.dll windows:5 windows x86 arch:x86

8c4d43ed2a17925dc31304477e385ef0

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

66:ad:62:ab:e6:f4:3a:42:8d:b5:91:5b:0c:85:ff:07:40:ed:25:b3:06:55:e5:e3:4d:96:a0:81:77:a3:5d:b5
Signer

Actual PE Digest

66:ad:62:ab:e6:f4:3a:42:8d:b5:91:5b:0c:85:ff:07:40:ed:25:b3:06:55:e5:e3:4d:96:a0:81:77:a3:5d:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsFree
FreeLibrary
SetEvent
InitializeCriticalSection
GetWindowsDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
FindFirstFileExW
FindFirstFileExA
FindFirstFileW
FindFirstFileA
FindNextFileW
WriteConsoleA
WriteConsoleW
GetThreadContext
SetThreadContext
LoadLibraryW
WriteFile
SetFilePointer
CopyFileExW
CopyFileExA
MoveFileExA
CopyFileW
CopyFileA
MoveFileW
MoveFileA
MoveFileExW
MoveFileWithProgressW
MoveFileWithProgressA
SuspendThread
TerminateProcess
OpenThread
OpenProcess
DeleteFileW
ReplaceFileW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
DuplicateHandle
GetCurrentThreadId
Thread32First
VirtualAlloc
LocalAlloc
VirtualFreeEx
FindClose
FindNextFileA
VirtualQuery
GetEnvironmentVariableA
lstrcatA
GetShortPathNameA
CreateThread
CreateEventA
GetExitCodeThread
OutputDebugStringA
CompareFileTime
DeleteCriticalSection
ReadProcessMemory
CreateDirectoryA
GetVersion
SystemTimeToFileTime
GetLocalTime
InterlockedIncrement
TlsSetValue
TlsAlloc
SetUnhandledExceptionFilter
GetLongPathNameA
GetUserDefaultLangID
IsBadReadPtr
FlushFileBuffers
GetTempPathA
SetEndOfFile
VirtualProtect
InterlockedCompareExchange
GetEnvironmentVariableW
VirtualProtectEx
VirtualQueryEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetConsoleOutputCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
HeapReAlloc
VirtualFree
HeapDestroy
HeapCreate
GetTimeZoneInformation
LCMapStringW
LCMapStringA
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
GetFileAttributesA
RtlUnwind
RaiseException
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
GetModuleFileNameW
FlushInstructionCache
GetCurrentThread
DeleteFileA
GetCommandLineA
GetProcessTimes
GetCommandLineW
GetModuleFileNameA
lstrlenW
GetModuleHandleW
MulDiv
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
ExitProcess
ExitThread
LoadLibraryA
GetCurrentProcess
GetCurrentDirectoryA
GetFileSize
ReadFile
SetLastError
GetDriveTypeA
QueryDosDeviceA
CreateFileA
DeviceIoControl
TerminateThread
WaitForSingleObject
GetExitCodeProcess
CreateFileW
GetModuleHandleA
GetProcAddress
FormatMessageA
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessA
CreateProcessW
ResumeThread
Module32Next
Module32NextW
Thread32Next
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
lstrlenA
lstrcpyA
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExA
GetLastError
GetTickCount
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
DisableThreadLibraryCalls
GlobalFree

user32

PostMessageW
EnableWindow
GetWindowTextW
UnhookWinEvent
SetWindowTextA
SendMessageA
SendMessageW
GetActiveWindow
EnumDisplaySettingsW
GetFocus
GetDesktopWindow
FillRect
DrawTextA
SetWindowTextW
GetWindowTextA
GetWindowPlacement
FindWindowExA
MessageBoxA
FindWindowA
PostMessageA
GetCursorPos
WindowFromPoint
LoadStringA
EnumWindows
GetDC
GetDCEx
GetWindowDC
ReleaseDC
EnumChildWindows
SendMessageTimeoutA
GetClassNameA
MoveWindow
ExitWindowsEx
DispatchMessageA
TranslateMessage
IsWindow
IsWindowVisible
GetParent
GetWindowLongA
GetWindowThreadProcessId
GetWindowRect
LoadImageA
SendInput
MapVirtualKeyA
keybd_event
GetForegroundWindow
GetTopWindow
GetWindow
SetWinEventHook
MsgWaitForMultipleObjects
OpenClipboard
EmptyClipboard
CloseClipboard
PeekMessageA
ShowWindow

advapi32

CryptHashData
RegEnumValueW
RegOpenKeyExW
LogonUserW
LogonUserA
CreateProcessAsUserW
RegCreateKeyExW
RegSetValueW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
InitiateSystemShutdownW
InitiateSystemShutdownExW
RegCloseKey
RegEnumValueA
RegOpenKeyA
RegEnumKeyExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
RegSaveKeyA
RegQueryValueExA
CryptAcquireContextA
CryptCreateHash
RegFlushKey
CryptGetHashParam
CryptDestroyHash
CryptDeriveKey
CryptEncrypt

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA
SHGetPathFromIDListA
CommandLineToArgvW
SHGetDesktopFolder
SHGetFolderPathA
DragQueryFileW
SHFileOperationA
SHFileOperationW

shlwapi

StrStrA
SHDeleteValueA
StrStrIW
SHDeleteValueW
SHDeleteKeyW
StrStrIA

ws2_32

inet_addr
send
WSASend
htonl
inet_ntoa
gethostbyname
WSASendTo
sendto
getsockopt
getpeername
ntohs
htons
bind
WSAConnect
connect
WSARecv
WSARecvFrom
recvfrom
recv
socket
closesocket
WSAStartup
ntohl

iphlpapi

GetAdaptersInfo

winspool.drv

FindFirstPrinterChangeNotification
StartPagePrinter
StartDocPrinterW
OpenPrinterW
SetJobA
ClosePrinter
EnumPrintersA
EndDocPrinter
FindNextPrinterChangeNotification
EnumJobsA

gdi32

EndPage
StartPage
EndDoc
StartDocW
StretchDIBits
CreateCompatibleDC
CreateDCA
CreateDCW
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetStockObject
CreateFontA
SetTextAlign
SetTextColor
SetBkMode
GetTextExtentPoint32A
TextOutA
BitBlt
StretchBlt
DeleteObject
GetObjectA

mpr

WNetGetConnectionA
WNetGetUniversalNameA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

setupapi

CM_Get_Device_IDA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA

Exports

Exports

FDrv
TC_OL_M_B
TC_OL_M_F
isUSB

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TCSHARE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/TC_AU.exe
.exe windows:5 windows x86 arch:x86

dc59b4e471aa9f6e0db95e96c0868ba4

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:07:e3:39:73:97:a7:08:a5:9e:fa:1d:ca:cf:9e:f8:43:f8:db:10:8b:ee:b9:25:0c:76:b8:0b:74:5d:f8:cf
Signer

Actual PE Digest

30:07:e3:39:73:97:a7:08:a5:9e:fa:1d:ca:cf:9e:f8:43:f8:db:10:8b:ee:b9:25:0c:76:b8:0b:74:5d:f8:cf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
FtpOpenFileA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile
FtpFindFirstFileA

kernel32

GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetSystemTimeAsFileTime
RtlUnwind
GetTimeFormatA
GetDateFormatA
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitProcess
SetEnvironmentVariableA
SetCurrentDirectoryA
GetDriveTypeA
GetCommandLineA
EnterCriticalSection
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
GetTimeZoneInformation
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
VirtualFree
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetFileTime
GetFileSizeEx
GetFileAttributesA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
FreeResource
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
lstrcmpA
InterlockedDecrement
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
MulDiv
lstrlenA
SetLastError
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
SetFilePointer
WriteFile
SetEndOfFile
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocalTime
GetFileAttributesExA
GetFileSize
ReadFile
FreeLibrary
GetModuleHandleW
CreateThread
CreateDirectoryA
DeleteFileA
FindNextFileA
OpenProcess
GetExitCodeProcess
TerminateProcess
SetUnhandledExceptionFilter
GetModuleFileNameA
CopyFileA
CreateMutexA
ReleaseMutex
LoadLibraryA
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
FindFirstFileA
FindClose
GetModuleHandleA
GetProcAddress
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
GetTickCount
Sleep
FormatMessageA
LocalFree
GetModuleFileNameW
WideCharToMultiByte
GetLongPathNameA
GetCurrentProcess
FindResourceA
LoadResource
LockResource
SizeofResource
GetStartupInfoA

user32

UnregisterClassA
LoadCursorA
GetSysColorBrush
CharUpperA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CopyAcceleratorTableA
SetWindowLongA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
GetSysColor
SystemParametersInfoA
DestroyMenu
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
CreateWindowExA
IsRectEmpty
MessageBoxA
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
FindWindowExA
PostQuitMessage
PostThreadMessageA
GetSystemMetrics
LoadIconA
EnableWindow
KillTimer
SetTimer
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon
FindWindowA
PostMessageA
CharNextA
CallWindowProcA
GetMenu
IsChild

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetObjectA
CreateRectRgnIndirect
CreateBitmap
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
GetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
GetUserNameA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueA

shell32

ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA

shlwapi

StrStrIA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleInitialize
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoRevokeClassObject
OleIsCurrentClipboard
StgOpenStorageOnILockBytes
OleUninitialize
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysAllocString
VariantInit
VariantChangeType
SysAllocStringByteLen
SysFreeString
SysStringLen

wsock32

WSAStartup
WSACleanup
closesocket
accept
socket
select
gethostbyname
htonl
htons
ioctlsocket
bind
WSAGetLastError
WSASetLastError
connect
sendto
recvfrom
WSAAsyncSelect
recv
send
listen
inet_ntoa
shutdown

psapi

EnumProcesses
GetModuleFileNameExA

ws2_32

WSAIoctl

Sections

.text
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/TC_EZH32.dll
.dll windows:6 windows x86 arch:x86

4557d7530177a52b9338ffbd3c0273e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\easyhook\Build\netfx3.5-Release\x86\EasyHook32.pdb

Imports

psapi

EnumProcessModules
GetModuleInformation

kernel32

TlsFree
GetCurrentThreadId
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
CloseHandle
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetThreadContext
SetThreadContext
WaitForSingleObject
OpenProcess
Thread32First
ReadProcessMemory
Thread32Next
VirtualAllocEx
OpenThread
CreateEventW
CreateToolhelp32Snapshot
DuplicateHandle
TlsAlloc
SuspendThread
ResumeThread
TlsGetValue
CreateProcessW
CreateRemoteThread
TlsSetValue
WideCharToMultiByte
TerminateProcess
lstrlenW
SetLastError
GetExitCodeThread
Module32FirstW
WaitForMultipleObjects
Module32NextW
GetCurrentProcessId
FatalAppExitW
GetModuleFileNameW
CreateFileW
HeapAlloc
HeapFree
IsBadReadPtr
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
InterlockedExchange
VirtualQuery
SetStdHandle
OutputDebugStringW
LoadLibraryA
HeapCreate
HeapDestroy
FreeLibrary
WriteConsoleW
SetEndOfFile
WriteProcessMemory
GetVersionExW
LCMapStringW
EncodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
GetFileType
GetStartupInfoW
GetProcessHeap
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
RtlUnwind
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
HeapReAlloc
LoadLibraryExW
ReadFile
ReadConsoleW
GetStringTypeW

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
OpenProcessToken

ole32

CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

?GetRemoteModuleExportDirectory@@YGHPAXPAUHINSTANCE__@@PAU_IMAGE_EXPORT_DIRECTORY@@U_IMAGE_DOS_HEADER@@U_IMAGE_NT_HEADERS@@@Z
_DbgAttachDebugger@0
_DbgDetachDebugger@0
_DbgGetProcessIdByHandle@8
_DbgGetThreadIdByHandle@8
_DbgHandleToObjectName@16
_DbgIsAvailable@0
_DbgIsEnabled@0
_GacCreateContext@0
_GacInstallAssembly@16
_GacReleaseContext@4
_GacUninstallAssembly@16
_HookCompleteInjection@4
_LhBarrierBeginStackTrace@4
_LhBarrierCallStackTrace@12
_LhBarrierEndStackTrace@4
_LhBarrierGetAddressOfReturnAddress@4
_LhBarrierGetCallback@4
_LhBarrierGetCallingModule@4
_LhBarrierGetReturnAddress@4
_LhBarrierPointerToModule@8
_LhEnumModules@12
_LhGetHookBypassAddress@8
_LhInstallHook@16
_LhIsThreadIntercepted@12
_LhSetExclusiveACL@12
_LhSetGlobalExclusiveACL@8
_LhSetGlobalInclusiveACL@8
_LhSetInclusiveACL@12
_LhUninstallAllHooks@0
_LhUninstallHook@4
_LhUpdateModuleInformation@0
_LhWaitForPendingRemovals@0
_ReleaseTestFuncHookResults@8
_RhCreateAndInject@36
_RhCreateStealthRemoteThread@16
_RhGetProcessToken@8
_RhInjectLibrary@28
_RhInstallDriver@8
_RhInstallSupportDriver@0
_RhIsAdministrator@0
_RhIsX64Process@8
_RhIsX64System@0
_RhWakeUpProcess@0
_RtlCreateSuspendedProcess@20
_RtlGetLastError@0
_RtlGetLastErrorString@0
_RtlGetLastErrorStringCopy@0
_RtlInstallService@12
_TestFuncHooks@24

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/TC_IO32.exe
.exe windows:5 windows x86 arch:x86

3bba7818ca3c662b5b45b72bd3662769

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:83:d5:36:06:31:f7:f0:26:0a:af:5d:a4:4c:86:10:f9:c3:92:57:10:a8:59:4a:09:76:34:e2:01:d9:22:1e
Signer

Actual PE Digest

49:83:d5:36:06:31:f7:f0:26:0a:af:5d:a4:4c:86:10:f9:c3:92:57:10:a8:59:4a:09:76:34:e2:01:d9:22:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90

ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord2633
ord601
ord310
ord316
ord2616
ord2618
ord2620
ord2614
ord2630
ord2610
ord969
ord965
ord967
ord963
ord958
ord5666
ord5668
ord6446
ord1729
ord4688
ord5139
ord3732
ord4589
ord6780
ord5497
ord2069
ord2074
ord5585
ord4650
ord4331
ord4895
ord1752
ord1755
ord1108
ord1258
ord1137
ord3506
ord374
ord1678
ord1446
ord1810
ord4993
ord5309
ord5152
ord4617
ord5636
ord1644
ord1496
ord6388
ord3344
ord5615
ord5167
ord3987
ord524
ord744
ord1254
ord2208
ord639
ord5646
ord5663
ord4333
ord5657
ord3209
ord2087
ord3659
ord589
ord6462
ord4199
ord5813
ord6721
ord5533
ord1046
ord4165
ord6018
ord2206
ord2251
ord4733
ord6781
ord4159
ord6783
ord4197
ord2447
ord6001
ord4981
ord5659
ord4409
ord793
ord4029
ord3218
ord6356
ord5389
ord3671
ord6782
ord4160
ord1809
ord6784
ord4434
ord4667
ord4890
ord4334
ord2886
ord4057
ord4067
ord4066
ord2759
ord2888
ord2769
ord3110
ord2961
ord4714
ord2368
ord3135
ord2375
ord2607
ord2625
ord2605
ord2623
ord2635
ord2612
ord4668
ord2628
ord3107
ord2978
ord2766
ord1276
ord800

msvcr90

_stricmp
_setmbcp
__CxxFrameHandler3
_access
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_time64
fclose
_localtime64
fwrite
_recalloc
fopen
strncpy
_beginthreadex
strchr
strstr
calloc
free
vsprintf
sprintf
memset

kernel32

ReleaseMutex
CreateMutexA
WriteProcessMemory
lstrlenA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetLastError
LocalFree
CloseHandle
GetModuleHandleA
FindNextFileA
LoadLibraryA
FindClose
VirtualAllocEx
GetLongPathNameA
GetProcAddress
FindFirstFileA
CreateDirectoryA
MultiByteToWideChar
GetModuleFileNameW
TerminateProcess
Sleep
VirtualFreeEx
WideCharToMultiByte
OpenProcess
CreateRemoteThread
GetTickCount
GetModuleHandleW
WaitForSingleObject
GetCurrentProcess

user32

LoadIconA
DrawIcon
GetClientRect
SendMessageA
GetSystemMetrics
EnableWindow
IsIconic

advapi32

RegEnumValueA
SetSecurityDescriptorDacl
OpenProcessToken
SetEntriesInAclA
GetNamedSecurityInfoA
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyA
InitializeSecurityDescriptor
RegOpenKeyExA
LookupPrivilegeValueA
RegQueryValueExA
SetNamedSecurityInfoA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

psapi

GetModuleBaseNameA
EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/TC_KB32.exe
.exe windows:5 windows x86 arch:x86

ff3afc2b16bdbe435eec5c8b80935cd1

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d2:e6:a1:01:95:4c:7c:33:e1:10:77:b3:4f:8a:2f:92:f6:0b:94:18:fa:12:95:b4:40:8d:a4:bf:6b:38:35:0f
Signer

Actual PE Digest

d2:e6:a1:01:95:4c:7c:33:e1:10:77:b3:4f:8a:2f:92:f6:0b:94:18:fa:12:95:b4:40:8d:a4:bf:6b:38:35:0f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
Sleep
GetModuleFileNameW
GetProcAddress
GetLongPathNameA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetCurrentThreadId

user32

FindWindowA

msvcr90

_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
exit
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
strncpy
strchr
strstr
sprintf
__p__commode
memset

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/TC_MH.dll
.dll windows:5 windows x86 arch:x86

be56c3e138cad5e20c21b4785f1ed7e2

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ef:8f:dc:93:15:9e:04:b2:8b:e2:f0:5e:80:a1:60:1c:cc:74:9c:58:c3:22:96:0a:d0:9e:8f:17:a6:f5:93:4e
Signer

Actual PE Digest

ef:8f:dc:93:15:9e:04:b2:8b:e2:f0:5e:80:a1:60:1c:cc:74:9c:58:c3:22:96:0a:d0:9e:8f:17:a6:f5:93:4e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThread
GetThreadContext
VirtualQuery
GetCurrentProcess
GetModuleHandleW
VirtualFree
InitializeCriticalSection
Sleep
LeaveCriticalSection
SetThreadPriority
FlushInstructionCache
GetProcAddress
VirtualAlloc
EnterCriticalSection
VirtualProtectEx
OpenThread
GetSystemInfo
GetThreadPriority
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
SuspendThread
ResumeThread
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
LoadLibraryW
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapCreate
HeapDestroy
HeapReAlloc
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
MultiByteToWideChar
SetFilePointer
SetStdHandle
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CreateFileA

Exports

Exports

CallMe
KillMe

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 193KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/TC_Menu.dll
.dll regsvr32 windows:5 windows x86 arch:x86

8a6fdf37d2551065c2732febe6433be9

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:0c:12:5a:e6:54:d0:06:96:f3:a6:1b
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/07/2019, 08:29

Not After

31/08/2020, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9e:c0:96:7d:59:0e:1a:78:a2:a5:5f:35:6e:8f:ca:2a:c3:4a:c6:ff:40:54:44:92:8e:e5:1f:a2:b2:99:16:82
Signer

Actual PE Digest

9e:c0:96:7d:59:0e:1a:78:a2:a5:5f:35:6e:8f:ca:2a:c3:4a:c6:ff:40:54:44:92:8e:e5:1f:a2:b2:99:16:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GetProcAddress
IsDBCSLeadByte
DisableThreadLibraryCalls
DeleteCriticalSection
RaiseException
GetVersion
GetModuleHandleW
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LoadLibraryExA
GlobalUnlock
GlobalLock
lstrcpynA
lstrcpynW
GetProcessId
GetTickCount
LoadLibraryA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetLastError
lstrlenW
MultiByteToWideChar
GetModuleFileNameA
lstrlenA
LeaveCriticalSection
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
HeapAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualFree
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
HeapSize
SetHandleCount

user32

CharNextW
LoadBitmapA
SetMenuItemBitmaps
InsertMenuA
CharNextA

advapi32

RegOpenKeyA
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA

shell32

ShellExecuteExA
DragQueryFileA

ole32

ReleaseStgMedium
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2

oleaut32

LoadRegTypeLi
SysFreeString
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi

shlwapi

SHDeleteValueA
StrStrIA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/TC_OL.dll
.dll regsvr32 windows:5 windows x86 arch:x86

4cf84636b2c8e1f031f3d8287b6b5462

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e4:d8:c5:4d:f7:d8:ac:8c:b3:5c:35:00:17:13:52:19:0d:ec:cb:a2:51:1b:e8:6f:d0:a2:ed:22:ce:e1:2c:1d
Signer

Actual PE Digest

e4:d8:c5:4d:f7:d8:ac:8c:b3:5c:35:00:17:13:52:19:0d:ec:cb:a2:51:1b:e8:6f:d0:a2:ed:22:ce:e1:2c:1d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
DisableThreadLibraryCalls
DeleteCriticalSection
RaiseException
GetModuleHandleW
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GetLastError
GetModuleHandleA
EnterCriticalSection
GetProcAddress
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
HeapFree
GetProcessHeap
RtlUnwind
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
Sleep
ExitProcess
WriteFile
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter

user32

CharNextW
CharNextA

advapi32

RegSetValueExA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance

oleaut32

DispCallFunc
VariantClear
LoadRegTypeLi
VariantCopy
VariantInit
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
VarUI4FromStr
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/TC_Patch.exe
.exe windows:5 windows x86 arch:x86

91020d7f17e5bdec8bf49837213fed19

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

64:55:3e:51:0c:2f:5f:fb:0b:ce:f9:de:ea:9a:bb:d6:a9:3d:82:61:2b:30:74:2f:f3:35:2a:8e:c1:34:c9:71
Signer

Actual PE Digest

64:55:3e:51:0c:2f:5f:fb:0b:ce:f9:de:ea:9a:bb:d6:a9:3d:82:61:2b:30:74:2f:f3:35:2a:8e:c1:34:c9:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
TerminateProcess
ReadFile
GetModuleFileNameW
CreateDirectoryA
FindFirstFileA
GetLastError
Sleep
CopyFileA
FindClose
Process32Next
FindNextFileA
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcessId
WideCharToMultiByte
OpenProcess
GetTickCount
GetFileAttributesExA
Process32First
GetCurrentProcess
GetFileSize
GetLongPathNameA
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
WriteFile
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
HeapFree
GetModuleHandleW
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
GetProcessHeap
GetFileAttributesA

advapi32

AdjustTokenPrivileges
RegOpenKeyA
LookupPrivilegeValueA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA

shlwapi

StrStrIA

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/TC_RA.exe
.exe windows:5 windows x86 arch:x86

10c68f0523f328f92ea9d1345d7faee1

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

96:0a:3d:d4:8c:ee:d6:4c:4a:86:6e:99:5c:89:7a:f7:a3:06:72:bf:e1:70:ee:8e:8b:c7:3c:74:89:ba:cb:aa
Signer

Actual PE Digest

96:0a:3d:d4:8c:ee:d6:4c:4a:86:6e:99:5c:89:7a:f7:a3:06:72:bf:e1:70:ee:8e:8b:c7:3c:74:89:ba:cb:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcessId

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

shell32

ShellExecuteExA

msvcr90

_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__getmainargs
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_amsg_exit
__argc
_time64
fclose
_localtime64
fwrite
fopen
__argv
vsprintf
sprintf
_access
__setusermatherr
memset

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/TC_Sign.exe
.exe windows:5 windows x86 arch:x86

7c7bd93d8153958f4b679a5c3a66d17f

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

91:73:ce:61:00:32:7b:1b:fd:23:17:f1:9b:e6:23:78:21:33:cb:00:b4:b2:f2:c8:e2:ed:4e:c7:b8:df:a2:dc
Signer

Actual PE Digest

91:73:ce:61:00:32:7b:1b:fd:23:17:f1:9b:e6:23:78:21:33:cb:00:b4:b2:f2:c8:e2:ed:4e:c7:b8:df:a2:dc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
VirtualAlloc
ExitProcess
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetACP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
FreeResource
WritePrivateProfileStringA
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv
SetLastError
LocalFree
GetCurrentProcessId
CloseHandle
CreateToolhelp32Snapshot
GetModuleHandleA
Process32Next
LoadLibraryA
FindClose
VirtualAllocEx
GetLongPathNameA
GetProcAddress
GetLastError
FindFirstFileA
CreateDirectoryA
MultiByteToWideChar
GetModuleFileNameW
TerminateProcess
GetExitCodeProcess
ReadProcessMemory
Sleep
VirtualFreeEx
OpenProcess
GetTickCount
GetModuleHandleW
Process32First
GetCurrentProcess
lstrlenA
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
GetStdHandle
FindResourceA

user32

UnregisterClassA
LoadCursorA
GetSysColorBrush
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
GetWindowPlacement
GetWindowRect
GetWindow
SystemParametersInfoA
DestroyMenu
CopyRect
UnhookWindowsHookEx
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
GetWindowThreadProcessId
FindWindowA
EnableWindow
GetSystemMetrics
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
PostMessageA
IsWindow
AppendMenuA
SendMessageTimeoutA
SendMessageA
GetClientRect
DrawIcon
LoadIconA
KillTimer
IsIconic
SetTimer
GetSystemMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
CheckMenuItem
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
RegisterClassA

gdi32

GetStockObject
Escape
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetDeviceCaps
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
SelectObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
OpenProcessToken
GetNamedSecurityInfoA
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyA
LookupPrivilegeValueA
RegQueryValueExA
SetNamedSecurityInfoA
SetEntriesInAclA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

psapi

GetModuleFileNameExA

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/TCxEZH32.dll
.dll windows:5 windows x86 arch:x86

c04d0fab0a113f80a62a54271beec8b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\codeplex\svn\easyhook\branches\release-2.7\Build\netfx4-Release\x86\EasyHook32.pdb

Imports

psapi

EnumProcessModules
GetModuleInformation

kernel32

TlsFree
GetCurrentThreadId
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
LoadLibraryW
GetModuleHandleA
CloseHandle
GetThreadContext
SetThreadContext
WaitForSingleObject
OpenProcess
Thread32First
ReadProcessMemory
Thread32Next
VirtualAllocEx
OpenThread
CreateEventW
CreateToolhelp32Snapshot
DuplicateHandle
WriteProcessMemory
TlsAlloc
ResumeThread
TlsGetValue
CreateProcessW
CreateRemoteThread
TlsSetValue
TerminateProcess
SetLastError
GetExitCodeThread
WaitForMultipleObjects
GetCurrentProcessId
FatalAppExitW
GetModuleFileNameW
CreateFileW
HeapAlloc
InterlockedIncrement
HeapFree
IsBadReadPtr
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
InterlockedExchange
GetModuleHandleW
GetVersionExW
LoadLibraryA
HeapCreate
HeapDestroy
FreeLibrary
SuspendThread
DeleteCriticalSection
DecodePointer
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
ExitProcess
InterlockedDecrement
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
ReadFile
RtlUnwind
HeapReAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
HeapSize

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
OpenProcessToken

Exports

Exports

_DbgAttachDebugger@0
_DbgDetachDebugger@0
_DbgGetProcessIdByHandle@8
_DbgGetThreadIdByHandle@8
_DbgHandleToObjectName@16
_DbgIsAvailable@0
_DbgIsEnabled@0
_GacCreateContext@0
_GacInstallAssembly@16
_GacReleaseContext@4
_GacUninstallAssembly@16
_HookCompleteInjection@4
_LhBarrierBeginStackTrace@4
_LhBarrierCallStackTrace@12
_LhBarrierEndStackTrace@4
_LhBarrierGetAddressOfReturnAddress@4
_LhBarrierGetCallback@4
_LhBarrierGetCallingModule@4
_LhBarrierGetReturnAddress@4
_LhBarrierPointerToModule@8
_LhEnumModules@12
_LhInstallHook@16
_LhIsThreadIntercepted@12
_LhSetExclusiveACL@12
_LhSetGlobalExclusiveACL@8
_LhSetGlobalInclusiveACL@8
_LhSetInclusiveACL@12
_LhUninstallAllHooks@0
_LhUninstallHook@4
_LhUpdateModuleInformation@0
_LhWaitForPendingRemovals@0
_RhCreateAndInject@36
_RhCreateStealthRemoteThread@16
_RhGetProcessToken@8
_RhInjectLibrary@28
_RhInstallDriver@8
_RhInstallSupportDriver@0
_RhIsAdministrator@0
_RhIsX64Process@8
_RhIsX64System@0
_RhWakeUpProcess@0
_RtlCreateSuspendedProcess@20
_RtlGetLastError@0
_RtlGetLastErrorString@0
_RtlInstallService@12

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/mfc90.dll
.dll windows:5 windows x86 arch:x86

f2d8030f2fb5ae92ea26c320740a673b

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:93:ca:8d:ab:69:c8:4e:f1:95:2b:a2:3e:6b:0f:88:ef:72:74:45
Signer

Actual PE Digest

1c:93:ca:8d:ab:69:c8:4e:f1:95:2b:a2:3e:6b:0f:88:ef:72:74:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mfc90.i386.pdb

Imports

kernel32

GetSystemTime
InterlockedIncrement
GetTickCount
CopyFileA
GetUserDefaultLCID
IsDBCSLeadByte
lstrcpyA
GetModuleHandleW
LoadLibraryExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrcpyW
lstrlenW
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetErrorMode
InterlockedExchange
GetCurrentThread
EnumResourceLanguagesA
ConvertDefaultLocale
GetLocaleInfoA
SuspendThread
ResumeThread
SetThreadPriority
SetEvent
FindNextFileA
FormatMessageA
SearchPathA
GetTempPathA
LocalUnlock
LocalLock
GetTempFileNameA
GetDiskFreeSpaceA
GlobalFlags
RaiseException
FindResourceExA
VirtualProtect
GetProfileIntA
MulDiv
GetCurrentProcessId
GetCurrentThreadId
GlobalAddAtomA
CompareStringA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
lstrcmpW
WaitForMultipleObjects
CreateEventA
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
WaitForSingleObject
TlsSetValue
LocalReAlloc
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GlobalHandle
TlsFree
InitializeCriticalSection
TlsAlloc
LocalFree
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
FreeLibrary
GetOEMCP
GetLastError
GetCPInfo
SetFileTime
SetFileAttributesA
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalAlloc
GlobalSize
GlobalLock
GetShortPathNameA
GetModuleFileNameA
GetStringTypeExA
GetThreadLocale
lstrcmpiA
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
MultiByteToWideChar
GetProcAddress
LoadLibraryA
DeleteFileA
MoveFileA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
lstrcmpA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrlenA
GlobalGetAtomNameA
GetAtomNameA
SetLastError
GetVersion
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA

msvcr90

_CxxThrowException
_strlwr_s
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
wcscspn
wcsspn
iswspace
_wcsrev
_mbscoll
wcspbrk
_wcsicoll
wcsstr
_wcsupr_s
_wcslwr_s
vswprintf_s
_mbsicoll
_mbsrev
wcscoll
memmove
_vscwprintf
wcschr
memcpy
_mbslwr_s
_itoa_s
wcsrchr
__CxxFrameHandler3
wcsncpy_s
_ultoa_s
_ltoa_s
_ismbcdigit
ceil
_snwprintf_s
wcscpy_s
_mbsnbcmp
_mbsupr_s
_mbsstr
_mbsnbicmp
__argv
__argc
_beginthreadex
_endthreadex
_fullpath
atol
_ismbcspace
_mbsdec
_strdup
_mbsspn
_mbscspn
_expand
atoi
_recalloc
_mbsrchr
_mbsicmp
strtod
strtoul
strtol
_resetstkoflw
_wcsicmp
wcscmp
_makepath_s
_splitpath_s
wcsnlen
_vsnprintf_s
_snscanf_s
labs
abs
_ismbblead
calloc
_msize
strcat_s
_mbschr
_snprintf_s
_errno
strncpy_s
_mbscmp
_localtime64_s
_mktime64
realloc
fclose
fflush
ftell
fseek
fgets
fputs
fwrite
clearerr_s
ferror
feof
fread
__doserrno
_fdopen
_open_osfhandle
_fileno
_get_osfhandle
_mbsinc
strcpy_s
wcslen
_vscprintf
vsprintf_s
abort
free
malloc
memcmp
memset
strnlen
strlen
memmove_s
memcpy_s
sprintf_s
_mbsnbcpy_s
_purecall
_mbspbrk

user32

GetKeyNameTextA
LoadBitmapA
DrawFocusRect
FillRect
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GetMenuStringA
GetMenuItemInfoA
GetSysColorBrush
SetWindowTextA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
ModifyMenuA
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
SetWindowRgn
DrawIcon
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassA
ShowOwnedPopups
InsertMenuA
RegisterClipboardFormatA
SendNotifyMessageA
CopyAcceleratorTableA
InSendMessage
PostThreadMessageA
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextA
InvalidateRgn
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
OemToCharBuffA
CharToOemBuffA
AppendMenuA
DeleteMenu
GetSystemMenu
IsRectEmpty
SetParent
IsZoomed
ReleaseDC
GetDC
SetRect
SetTimer
KillTimer
InflateRect
RedrawWindow
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
TranslateMessage
GetMessageA
ClientToScreen
WindowFromPoint
SetCapture
WaitMessage
GetCursorPos
LoadCursorA
MapVirtualKeyA
BringWindowToTop
InsertMenuItemA
CreatePopupMenu
InvalidateRect
ReuseDDElParam
UnpackDDElParam
DestroyMenu
LoadMenuA
GetActiveWindow
GetWindowThreadProcessId
ShowWindow
IsWindowEnabled
GetDesktopWindow
SetCursor
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
EnableWindow
LoadIconA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
DispatchMessageA
PeekMessageA
PtInRect
SetFocus
SetActiveWindow
GetFocus
AdjustWindowRectEx
DeferWindowPos
EqualRect
ScreenToClient
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
ScrollWindow
IsWindowVisible
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetParent
GetCapture
WinHelpA
RegisterClassA
GetClassInfoA
GetMenuItemID
GetSubMenu
GetMenuItemCount
TrackPopupMenuEx
SetWindowPlacement
GetDlgItem
GetWindowTextA
GetWindowTextLengthA
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
CallNextHookEx
RemovePropA
CallWindowProcA
GetPropA
DefWindowProcA
SetMenu
GetMenu
GetMessagePos
GetMessageTime
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
SendMessageA
IsWindow
GetWindow
SetWindowPos
SetWindowLongA
GetWindowLongA
UnionRect
GrayStringA
DrawTextExA
DrawTextA
GetTabbedTextExtentA
GetDCEx
GetMenuBarInfo
LockWindowUpdate
RegisterWindowMessageA
IntersectRect
OffsetRect
SystemParametersInfoA
GetWindowRect
GetWindowPlacement
IsIconic
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetSystemMetrics
CharUpperA
TrackPopupMenu

gdi32

GetClipBox
OffsetRgn
SetBrushOrgEx
GetRgnBox
CreateMetaFileA
CopyMetaFileA
LPtoDP
Ellipse
CreateEllipticRgn
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
DPtoLP
SetRectRgn
CombineRgn
GetMapMode
GetPixel
CreateDIBPatternBrushPt
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
EnumMetaFile
PlayMetaFile
PlayMetaFileRecord
GetObjectType
ExtSelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocA
EnumFontFamiliesExA
CreateDCA
BitBlt
CreateRectRgnIndirect
PatBlt
UnrealizeObject
Rectangle
CreatePen
CreatePatternBrush
CreateBitmap
TextOutA
DeleteMetaFile
CloseMetaFile
RectVisible
PtVisible
IntersectClipRect
SetWindowOrgEx
GetWindowOrgEx
GetViewportOrgEx
GetDeviceCaps
Escape
ExtTextOutA
MoveToEx
GetTextExtentPointA
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetViewportExtEx
GetWindowExtEx
CreateFontIndirectA
GetTextFaceA
GetTextColor
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
RestoreDC
SaveDC
GetStockObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteObject
GetCharWidthA
CreateFontA
DeleteDC
StretchDIBits
SelectObject
GetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkColor
GetObjectA

shlwapi

UrlUnescapeA
PathRemoveExtensionA
PathFindExtensionA
PathRemoveFileSpecW
PathStripToRootA
PathIsUNCA
PathFindFileNameA

Sections

.text
Size: 981KB - Virtual size: 980KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/mfcm90.dll
.dll windows:5 windows x86 arch:x86

7dabdb1d81bc318202cca27aed9c03e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MFCM90.i386.pdb

Imports

msvcr90

_lock
_onexit
_except_handler4_common
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
_purecall
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__FrameUnwindFilter
_cexit
??_V@YAXPAX@Z
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
__dllonexit

mfc90

ord4114
ord2895
ord6558
ord4528
ord6556
ord6583
ord4383
ord2359
ord6289
ord6290
ord2342
ord1391
ord1401
ord5745
ord1866
ord4028
ord391
ord1241
ord1152
ord1137
ord4515
ord4512
ord2965
ord6006
ord6430
ord4279
ord4282
ord2125
ord1744
ord1745
ord2766
ord2978
ord3107
ord4714
ord2961
ord3122
ord2769
ord2888
ord2759
ord3227
ord4066
ord4067
ord4057
ord2886
ord910
ord601
ord274
ord819
ord4334
ord4890
ord4667
ord3485
ord6433
ord1252
ord6252
ord2157
ord1221
ord2246
ord1751
ord3418
ord3728
ord1377
ord721
ord474
ord3935
ord5634
ord3387
ord4040
ord5647
ord5607
ord2069
ord345
ord4679
ord1748
ord5005
ord1728
ord5403
ord4585
ord1144
ord1143
ord599

kernel32

InterlockedExchange
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
SetUnhandledExceptionFilter

msvcm90

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z

user32

GetWindow
GetClientRect
SendMessageA
PostMessageA
CopyRect
SetWindowPos

mscoree

_CorDllMain

Exports

Exports

AfxmReleaseManagedReferences

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/msvcm90.dll
.dll windows:5 windows x86 arch:x86

2e705c0231c4d814c2d2191566905482

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcm90.i386.pdb

Imports

msvcr90

__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
__setusermatherr
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_query_new_handler@@YAP6AHI@ZXZ
signal
_invalid_parameter
_errno
_set_invalid_parameter_handler
_get_invalid_parameter_handler
?set_terminate@@YAP6AXXZP6AXXZ@Z
_get_terminate
_set_purecall_handler
_get_purecall_handler
?set_unexpected@@YAP6AXXZP6AXXZ@Z
_get_unexpected
_fpieee_flt
_cexit
strcpy_s
strlen
_exit
_XcptFilter
_endthread
_getptd
_freefls
___fls_setvalue@8
___fls_getvalue@4
__get_flsindex
__set_flsgetvalue
_dosmaperr
_initptd
calloc
_encode_pointer
memcpy_s
memcmp
memmove_s
memset
??_V@YAXPAX@Z
___mb_cur_max_func
_invalid_parameter_noinfo
_invoke_watson
_CxxThrowException
??2@YAPAXI@Z
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
abort
fgetc
fputc
ungetc
fflush
setvbuf
fwrite
fgetpos
fseek
fsetpos
fclose
__iob_func
fgetwc
fputwc
ungetwc
realloc
setlocale
sprintf_s
memcpy
___lc_handle_func
__crtGetStringTypeW
__pctype_func
___mb_cur_max_l_func
___lc_codepage_func
__crtLCMapStringW
__crtLCMapStringA
_wfsopen
mbstowcs_s
__uncaught_exception
isupper
islower
towlower
towupper
strcmp
__FrameUnwindFilter
__dllonexit
_unlock
??3@YAXPAX@Z
_ui64toa_s
_create_locale
malloc
_free_locale
_endthreadex
free

kernel32

WideCharToMultiByte
CreateThread
ResumeThread
GetLastError
ExitThread
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId

ole32

CoCreateInstance

mscoree

CorBindToRuntimeEx
_CorDllMain

Exports

Exports

?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?_Addstd@ios_base@std@@SAXPAV12@@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF_func@std@@YAABJXZ
?_Cerr_func@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@XZ
?_Cin_func@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@XZ
?_Clocptr_func@_Locimp@locale@std@@CAAAPAV123@XZ
?_Clog_func@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@XZ
?_Cout_func@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Fpz_func@std@@YAAA_JXZ
?_Getcvt@@YA?AU_Cvtvec@@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Id_cnt_func@id@locale@std@@CAAAHXZ
?_Id_func@?$codecvt@GDH@std@@SAAAVid@locale@2@XZ
?_Id_func@?$codecvt@_WDH@std@@SAAAVid@locale@2@XZ
?_Id_func@?$ctype@D@std@@SAAAVid@locale@2@XZ
?_Id_func@?$ctype@G@std@@SAAAVid@locale@2@XZ
?_Id_func@?$ctype@_W@std@@SAAAVid@locale@2@XZ
?_Index_func@ios_base@std@@CAAAHXZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Init_cnt_func@Init@ios_base@std@@CAAAHXZ
?_Init_ctor@Init@ios_base@std@@CAXPAV123@@Z
?_Init_dtor@Init@ios_base@std@@CAXPAV123@@Z
?_Init_locks_ctor@_Init_locks@std@@CAXPAV12@@Z
?_Init_locks_dtor@_Init_locks@std@@CAXPAV12@@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Locimp_dtor@_Locimp@locale@std@@CAXPAV123@@Z
?_Locinfo_Addcats@_Locinfo@std@@SAAAV12@PAV12@HPBD@Z
?_Locinfo_ctor@_Locinfo@std@@SAXPAV12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?_Locinfo_ctor@_Locinfo@std@@SAXPAV12@HPBD@Z
?_Locinfo_ctor@_Locinfo@std@@SAXPAV12@PBD@Z
?_Locinfo_dtor@_Locinfo@std@@SAXPAV12@@Z
?_Lockit_ctor@_Lockit@std@@CAXPAV12@@Z
?_Lockit_ctor@_Lockit@std@@CAXPAV12@H@Z
?_Lockit_ctor@_Lockit@std@@SAXH@Z
?_Lockit_dtor@_Lockit@std@@CAXPAV12@@Z
?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Mbrtowc@@YAHPAGPBDIPAHPBU_Cvtvec@@@Z
?_Mbrtowc@@YAHPA_WPBDIPAHPBU_Cvtvec@@@Z
?_Mtxdst@@YAXPAU_RTL_CRITICAL_SECTION@@@Z
?_Mtxinit@@YAXPAU_RTL_CRITICAL_SECTION@@@Z
?_Mtxlock@@YAXPAU_RTL_CRITICAL_SECTION@@@Z
?_Mtxunlock@@YAXPAU_RTL_CRITICAL_SECTION@@@Z
?_Mutex_Lock@_Mutex@std@@CAXPAV12@@Z
?_Mutex_Unlock@_Mutex@std@@CAXPAV12@@Z
?_Mutex_ctor@_Mutex@std@@CAXPAV12@@Z
?_Mutex_dtor@_Mutex@std@@CAXPAV12@@Z
?_Nomemory@std@@YAXXZ
?_Once@@YAXPAJP6AXXZ@Z
?_Setgloballocale@locale@std@@CAXPAX@Z
?_Sync_func@ios_base@std@@CAAA_NXZ
?_Wcerr_func@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@XZ
?_Wcerr_func@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@XZ
?_Wcin_func@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@1@XZ
?_Wcin_func@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@1@XZ
?_Wclog_func@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@XZ
?_Wclog_func@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@XZ
?_Wcout_func@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@XZ
?_Wcout_func@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@XZ
?_Wcrtomb@@YAHPADGPAHPBU_Cvtvec@@@Z
?_Wcrtomb@@YAHPAD_WPAHPBU_Cvtvec@@@Z
?_Xinvarg@_String_base@std@@SAXXZ
?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ
?__Wcrtomb_lk@@YAHPAD_WPAHPBU_Cvtvec@@@Z
?__get_default_appdomain@@YAJPAPAUIUnknown@@@Z
?__query_new_handler_m@@YAP6MHI@ZXZ
?__release_appdomain@@YAXPAUIUnknown@@@Z
?_beginthread@@YAIP6MXPAX@ZI0@Z
?_beginthreadex@@YAIPAXIP6MI0@Z0IPAI@Z
?_fpieee_flt@@YAHKPAU_EXCEPTION_POINTERS@@P6MHPAU_FPIEEE_RECORD@@@Z@Z
?_set_invalid_parameter_handler@@YAP6AXPB_W00II@ZH@Z
?_set_invalid_parameter_handler@@YAP6MXPB_W00II@ZP6MX000II@Z@Z
?_set_new_handler@@YAP6MHI@ZP6MHI@Z@Z
?_set_purecall_handler@@YAP6AXXZH@Z
?_set_purecall_handler@@YAP6MXXZP6MXXZ@Z
?_uncaught_exception_m@std@@YA_NXZ
?classic@locale@std@@SAABV12@XZ
?empty@locale@std@@SA?AV12@XZ
?global@locale@std@@SA?AV12@ABV12@@Z
?resetiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?set_new_handler@std@@YAP6MXXZP6MXXZ@Z
?set_terminate@@YAP6MXXZP6MXXZ@Z
?set_unexpected@@YAP6MXXZP6MXXZ@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?setprecision@std@@YA?AU?$_Smanip@H@1@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?signal@@YAP6MXH@ZHH@Z
?signal@@YAP6MXH@ZHP6MXH@Z@Z
__setusermatherr_m
towctrans
wctrans
wctype

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/msvcp90.dll
.dll windows:5 windows x86 arch:x86

c2219f463c61f3122c87331837e12c34

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:c4:fe:36:f3:bd:3e:f2:64:2c:75:13:e1:a7:62:07:ef:2f:ea:bf
Signer

Actual PE Digest

e9:c4:fe:36:f3:bd:3e:f2:64:2c:75:13:e1:a7:62:07:ef:2f:ea:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcp90.i386.pdb

Imports

msvcr90

fflush
setvbuf
fwrite
??0exception@std@@QAE@XZ
_Getdays
_Getmonths
fgetpos
fseek
fsetpos
fclose
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
__iob_func
_wfsopen
mbstowcs_s
atan2
cos
exp
ldexp
log
pow
sin
sqrt
tan
fgetwc
fputwc
ungetwc
memcpy
_Strftime
strcspn
sprintf_s
abort
??0exception@std@@QAE@ABQBDH@Z
_realloc_crt
setlocale
_malloc_crt
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
fputs
__uncaught_exception
ungetc
towupper
strcmp
_create_locale
_ui64toa_s
_free_locale
__pctype_func
_errno
___mb_cur_max_l_func
___lc_codepage_func
___lc_handle_func
__crtCompareStringA
___lc_collate_cp_func
__crtLCMapStringA
isupper
_calloc_crt
islower
__crtGetStringTypeW
__crtLCMapStringW
__crtCompareStringW
isspace
tolower
strtod
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
fputc
fgetc
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
_invalid_parameter_noinfo
___mb_cur_max_func
??_V@YAXPAX@Z
_Gettnames
localeconv
free
memset
memchr
strlen
memcmp
wcslen
memmove_s
memcpy_s
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
towlower
??0exception@std@@QAE@ABQBD@Z

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime

Exports

Exports

??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??$?5GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?5MDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5MGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5NDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5NGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5ODU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5OGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AA_W@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@PA_W@Z
??$?5_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?6MDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6MGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6NDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6NGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6ODU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6OGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@_W@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8M@std@@YA_NABMABV?$complex@M@0@@Z
??$?8M@std@@YA_NABV?$complex@M@0@0@Z
??$?8M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?8N@std@@YA_NABNABV?$complex@N@0@@Z
??$?8N@std@@YA_NABV?$complex@N@0@0@Z
??$?8N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?8O@std@@YA_NABOABV?$complex@O@0@@Z
??$?8O@std@@YA_NABV?$complex@O@0@0@Z
??$?8O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?9M@std@@YA_NABMABV?$complex@M@0@@Z
??$?9M@std@@YA_NABV?$complex@M@0@0@Z
??$?9M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?9N@std@@YA_NABNABV?$complex@N@0@@Z
??$?9N@std@@YA_NABV?$complex@N@0@0@Z
??$?9N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?9O@std@@YA_NABOABV?$complex@O@0@@Z
??$?9O@std@@YA_NABV?$complex@O@0@0@Z
??$?9O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?DN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?DO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?GM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?GN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?GO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?HN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?HO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_WABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?KN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?KO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$_Fabs@M@std@@YAMABV?$complex@M@0@PAH@Z
??$_Fabs@N@std@@YANABV?$complex@N@0@PAH@Z
??$_Fabs@O@std@@YAOABV?$complex@O@0@PAH@Z
??$abs@M@std@@YAMABV?$complex@M@0@@Z
??$abs@N@std@@YANABV?$complex@N@0@@Z
??$abs@O@std@@YAOABV?$complex@O@0@@Z
??$arg@M@std@@YAMABV?$complex@M@0@@Z
??$arg@N@std@@YANABV?$complex@N@0@@Z
??$arg@O@std@@YAOABV?$complex@O@0@@Z
??$conj@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$conj@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$conj@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cos@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cos@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cos@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cosh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cosh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cosh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$exp@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$exp@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$exp@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@G@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_W@Z
??$imag@M@std@@YAMABV?$complex@M@0@@Z
??$imag@N@std@@YANABV?$complex@N@0@@Z
??$imag@O@std@@YAOABV?$complex@O@0@@Z
??$log10@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log10@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log10@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$log@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$norm@M@std@@YAMABV?$complex@M@0@@Z
??$norm@N@std@@YANABV?$complex@N@0@@Z
??$norm@O@std@@YAOABV?$complex@O@0@@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM0@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN0@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO0@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@H@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@H@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@H@Z
??$real@M@std@@YAMABV?$complex@M@0@@Z
??$real@N@std@@YANABV?$complex@N@0@@Z
??$real@O@std@@YAOABV?$complex@O@0@@Z
??$sin@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sin@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sin@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sinh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sinh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sinh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sqrt@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sqrt@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sqrt@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tan@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tan@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tan@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tanh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tanh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tanh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??0?$_Complex_base@MU_C_float_complex@@@std@@QAE@ABM0@Z
??0?$_Complex_base@NU_C_double_complex@@@std@@QAE@ABN0@Z
??0?$_Complex_base@OU_C_ldouble_complex@@@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@IAE@PBDI_N1@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N1@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@IAE@PBDI_N1@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N1@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$_Mpunct@_W@std@@IAE@PBDI_N1@Z
??0?$_Mpunct@_W@std@@QAE@ABV_Locinfo@1@I_N1@Z
??0?$_Mpunct@_W@std@@QAE@I_N@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@IAE@V?$allocator@G@1@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@XZ
??0?$allocator@G@std@@QAE@ABV01@@Z
??0?$allocator@G@std@@QAE@XZ
??0?$allocator@X@std@@QAE@ABV01@@Z
??0?$allocator@X@std@@QAE@XZ
??0?$allocator@_W@std@@QAE@ABV01@@Z
??0?$allocator@_W@std@@QAE@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@V?$_String_const_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@1@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@IIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@IAE@PBDI@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
??0?$collate@D@std@@IAE@PBDI@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@IAE@PBDI@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$collate@_W@std@@IAE@PBDI@Z
??0?$collate@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@_W@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABU_C_double_complex@@@Z
??0?$complex@M@std@@QAE@ABU_C_float_complex@@@Z
??0?$complex@M@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABU_C_double_complex@@@Z
??0?$complex@N@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@IAE@PBDI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$messages@D@std@@IAE@PBDI@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@IAE@PBDI@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$messages@_W@std@@IAE@PBDI@Z
??0?$messages@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@_W@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@IAE@PBDI@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@IAE@PBDI@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$moneypunct@_W$00@std@@IAE@PBDI@Z
??0?$moneypunct@_W$00@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@_W$00@std@@QAE@I@Z
??0?$moneypunct@_W$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@_W$0A@@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@_W$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

Sections

.text
Size: 521KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/msvcr90.dll
.dll windows:5 windows x86 arch:x86

0fda4497453286b1daa098623dfc53ce

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:a2:0c:d7:08:3c:6d:9c:9c:e7:11:07:12:85:b9:f7:4e:10:16:d8
Signer

Actual PE Digest

4e:a2:0c:d7:08:3c:6d:9c:9c:e7:11:07:12:85:b9:f7:4e:10:16:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr90.i386.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetLongPathNameW
GetCurrentThreadId
TlsGetValue
DebugBreak
OutputDebugStringA
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetProcessHeap
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapSize
HeapReAlloc
VirtualAlloc
HeapValidate
HeapCompact
HeapWalk
VirtualProtect
GetSystemInfo
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateFileA
FlushFileBuffers
CreatePipe
CreateFileW
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetEndOfFile
GetFileInformationByHandle
PeekNamedPipe
InterlockedExchange
LockFile
UnlockFile
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
QueryPerformanceCounter
GetTickCount
GetStringTypeW
GetStringTypeA
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
GetModuleHandleA

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1exception@std@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_crt_debugger_hook
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_amblksiz
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_invalid_parameter_handler
_get_osfhandle
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_sbh_threshold
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getptd
_getsystime
_getw
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_global_unwind2
_gmtime32

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/skin/$PROGRAMFILES/RF_L/RF.exe.new
.exe windows:5 windows x86 arch:x86

421fe8a8767ea6f1ecc1c8add180520d

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e8:7d:4a:6d:c0:7e:80:ac:e8:29:2f:4f:c1:3b:06:51:f7:6a:a4:b1:85:88:86:55:47:d3:64:4e:71:5c:56:2f
Signer

Actual PE Digest

e8:7d:4a:6d:c0:7e:80:ac:e8:29:2f:4f:c1:3b:06:51:f7:6a:a4:b1:85:88:86:55:47:d3:64:4e:71:5c:56:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tccr

ReadWhiteFile
WriteWhiteFile

mfc90

ord2566
ord6802
ord262
ord5761
ord3579
ord4507
ord4222
ord4727
ord2896
ord4116
ord2481
ord6335
ord3148
ord3731
ord4032
ord4502
ord5963
ord2364
ord405
ord3351
ord2209
ord664
ord3390
ord6154
ord6153
ord6333
ord6330
ord6291
ord6473
ord4384
ord2097
ord590
ord794
ord6494
ord4115
ord5997
ord6559
ord1108
ord2588
ord6456
ord2360
ord1490
ord4248
ord2587
ord6048
ord2899
ord5924
ord1938
ord2280
ord4644
ord1782
ord1717
ord3638
ord3479
ord580
ord781
ord772
ord4431
ord6152
ord1252
ord1166
ord398
ord662
ord1607
ord2084
ord6493
ord4311
ord1062
ord3620
ord553
ord757
ord6707
ord571
ord3491
ord582
ord783
ord945
ord941
ord306
ord3920
ord4801
ord4513
ord2141
ord3730
ord3764
ord4640
ord1670
ord4496
ord1604
ord2103
ord2691
ord3175
ord615
ord3487
ord2277
ord3940
ord1042
ord581
ord782
ord2122
ord3413
ord6810
ord4516
ord2591
ord4953
ord2672
ord613
ord337
ord3779
ord1677
ord6452
ord633
ord3502
ord3831
ord6616
ord4481
ord2082
ord4506
ord5720
ord6098
ord5538
ord3066
ord2038
ord1918
ord942
ord6793
ord4477
ord5876
ord6148
ord767
ord3632
ord1716
ord333
ord6077
ord3663
ord1222
ord2966
ord3391
ord1612
ord1259
ord1220
ord6787
ord1536
ord3762
ord614
ord1177
ord338
ord4890
ord3227
ord3110
ord4029
ord793
ord589
ord3659
ord6001
ord5646
ord5663
ord4981
ord4333
ord5659
ord5657
ord3209
ord2087
ord4199
ord5813
ord6721
ord5533
ord1046
ord4165
ord6018
ord2206
ord2251
ord4733
ord1709
ord4159
ord6783
ord4409
ord4434
ord321
ord1087
ord2447
ord6462
ord1098
ord4197
ord943
ord301
ord5869
ord5167
ord3705
ord665
ord1556
ord4308
ord2501
ord2490
ord406
ord5923
ord5892
ord600
ord908
ord812
ord296
ord6532
ord1758
ord819
ord1039
ord5891
ord3621
ord758
ord554
ord6740
ord2057
ord3783
ord266
ord2592
ord3553
ord1492
ord6771
ord2105
ord1605
ord4497
ord2279
ord1698
ord4643
ord692
ord3830
ord820
ord2753
ord6046
ord6552
ord6043
ord6546
ord4565
ord6549
ord6352
ord6166
ord6084
ord5957
ord6023
ord5846
ord5833
ord6398
ord6157
ord3504
ord3612
ord2470
ord6079
ord6170
ord6527
ord525
ord6078
ord4527
ord4396
ord4030
ord3277
ord3538
ord595
ord796
ord3528
ord2278
ord1771
ord1685
ord3346
ord6391
ord1497
ord4642
ord5585
ord5647
ord4667
ord677
ord3815
ord1603
ord6613
ord3213
ord305
ord1611
ord300
ord1361
ord2130
ord4498
ord2282
ord3568
ord3056
ord3676
ord6646
ord2372
ord1137
ord1387
ord2590
ord3157
ord6188
ord4153
ord310
ord1254
ord1258
ord3674
ord3997
ord5232
ord265
ord314
ord817
ord3178
ord4392
ord899
ord4654
ord4695
ord6102
ord5795
ord1616
ord4570
ord5162
ord5285
ord6086
ord5792
ord1547
ord960
ord3476
ord329
ord1667
ord610
ord6074
ord1357
ord367
ord636
ord524
ord744
ord2069
ord1144
ord3627
ord4993
ord800
ord639
ord374
ord3506
ord4668
ord4895
ord4334
ord2886
ord801
ord4529
ord6584
ord6788
ord6557
ord4760
ord5636
ord316
ord2539
ord910
ord1183
ord259
ord6791
ord1247
ord5750
ord750
ord777
ord3643
ord4646
ord1720
ord2283
ord3617
ord1710
ord1779
ord654
ord611
ord693
ord3480
ord4638
ord1668
ord2274
ord3519
ord3244
ord3554
ord1937
ord2327
ord5878
ord3045
ord441
ord1555
ord5753
ord3179
ord5535
ord663
ord5520
ord404
ord6781
ord6225
ord601
ord3534
ord3477
ord798
ord1358
ord2106
ord3987
ord5615
ord4617
ord5152
ord5309
ord2208
ord1810
ord1809
ord1678
ord3344
ord6388
ord1755
ord1752
ord4331
ord1496
ord4650
ord2074
ord5497
ord6780
ord4589
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord2480
ord1041
ord5870
ord2485
ord5851
ord3005
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord322
ord1145
ord1233
ord947
ord605
ord1278
ord1276

msvcr90

strncpy
memcmp
fclose
strlen
qsort
fopen
_localtime64
_time64
fseek
atoi
_mbsrchr
_mbstok
_purecall
_beginthreadex
_strdup
realloc
malloc
sprintf
calloc
strcpy
__CxxFrameHandler3
memcpy
memset
_mbscmp
free
fgets
strftime
_localtime64_s
strrchr
strcat
fflush
fputs
_splitpath
_mktime64
strchr
strcmp
memcpy_s
memmove_s
_atoi64
fopen_s
fwrite
_access
strstr
_gmtime64_s
rand
vsprintf
swscanf
wcslen
wcscmp
memmove
strcspn
strspn
_mkdir
toupper
_itoa
_wcsicmp
isalpha
strcpy_s
vsprintf_s
_CxxThrowException
_mbsnbcpy
isdigit
sqrt
feof
_strupr
__argv
__argc
_strnicmp
_strlwr
_strnset
_setmbcp
getenv
atol
_stricmp
srand
fputws
fgetws
_stat64i32
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_recalloc
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_except_handler4_common
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
strtoul

kernel32

GetExitCodeProcess
TerminateProcess
DeviceIoControl
GetCurrentProcessId
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrcpyW
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
GetFileSize
GetLocalTime
DuplicateHandle
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentDirectoryA
lstrcmpiA
SystemTimeToFileTime
lstrcpyA
LocalFileTimeToFileTime
lstrcmpA
SetFilePointer
IsBadReadPtr
CreateFileW
WriteFile
SetFileTime
CreateDirectoryW
ReadFile
GetDiskFreeSpaceExA
GlobalFree
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
SetFileAttributesA
lstrlenA
GetTickCount
GetSystemDirectoryA
GetFileAttributesExA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CreateProcessA
CopyFileW
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
CopyFileA
CreateDirectoryA
Sleep
GetQueuedCompletionStatus
ReadDirectoryChangesW
GetCurrentThread
GetThreadPriority
SetThreadPriority
PostQueuedCompletionStatus
GetFileAttributesA
SetLastError
CreateFileA
CreateIoCompletionPort
CompareStringA
VirtualAlloc
LocalFree
FileTimeToLocalFileTime
GetModuleHandleW
WaitForMultipleObjects
SetCurrentDirectoryA
GlobalMemoryStatusEx
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
ResetEvent
CreateEventA
SetEvent
CloseHandle
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
GetUserDefaultLangID
lstrlenW
WideCharToMultiByte
GetLastError
RaiseException
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
VirtualFree
GetVersionExA
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetFileSizeEx
VerLanguageNameA
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameW
GetLongPathNameA
CompareFileTime
GetDateFormatA
GetTimeFormatA
MoveFileA
SetSystemTime
CreateThread
TerminateThread
GlobalAddAtomA
ExitProcess
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
OutputDebugStringA
GetDriveTypeA
QueryDosDeviceA
SetLocalTime
Module32First
Module32Next
GetTimeZoneInformation
GetComputerNameExA
SetPriorityClass
GetComputerNameA
SetUnhandledExceptionFilter
GetSystemInfo
CreateMutexA
ReleaseMutex
MoveFileExA
GetTempPathA
GetModuleFileNameA
RemoveDirectoryA
GetCurrentThreadId
GetSystemTime
GlobalLock
GlobalUnlock
ReadProcessMemory
CreateToolhelp32Snapshot
Process32First
Process32Next
GetWindowsDirectoryA
GetProcessTimes
LocalAlloc
FormatMessageA

user32

LoadBitmapA
keybd_event
SendInput
OpenDesktopA
GetMenuItemCount
GetMenuStringA
SetWindowPos
DeleteMenu
UnregisterHotKey
GetThreadDesktop
OpenInputDesktop
CreateDesktopA
SetThreadDesktop
CloseDesktop
EnumDesktopWindows
EnumWindows
GetClassNameA
CopyIcon
SetSystemCursor
DestroyCursor
CopyImage
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetActiveWindow
GetKeyNameTextA
GetKeyboardState
ToAscii
BringWindowToTop
RegisterWindowMessageA
RegisterHotKey
RegisterDeviceNotificationA
CreateIconIndirect
LoadMenuA
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
WindowFromPoint
ClientToScreen
GetCapture
GetClassInfoA
DrawEdge
LoadCursorA
SetClassLongA
GetWindowThreadProcessId
GetWindow
CallWindowProcA
GetScrollInfo
SetWindowLongA
ReleaseCapture
SetCapture
ReleaseDC
GetDC
IsRectEmpty
FillRect
OffsetRect
OpenClipboard
EmptyClipboard
CloseClipboard
GetTopWindow
MapDialogRect
GetIconInfo
SetForegroundWindow
GetSystemMenu
EnableMenuItem
DestroyIcon
IsWindowEnabled
IsWindowVisible
GetDesktopWindow
EnumChildWindows
LoadStringW
RedrawWindow
GetCursorPos
GetSysColor
IsZoomed
CopyRect
GetWindowTextA
SetRect
FindWindowA
FindWindowExA
SendMessageTimeoutA
MessageBoxA
wsprintfA
SystemParametersInfoA
LoadStringA
UpdateWindow
SetParent
GetFocus
SetScrollPos
DrawIconEx
LoadIconA
GetWindowDC
InflateRect
MoveWindow
GetWindowLongA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBeep
GetMessageA
PostThreadMessageA
CreateWindowExA
DefWindowProcA
RegisterClassA
DestroyWindow
IsWindow
GetParent
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ScreenToClient
InsertMenuA
CreatePopupMenu
InvalidateRect
GetWindowRect
PtInRect
SendMessageA
GetClientRect
PostMessageA
AnimateWindow
KillTimer
SetTimer
SetWindowRgn
GetSystemMetrics
GetKeyState
LoadImageA
EnableWindow

gdi32

DeleteDC
DPtoLP
SetMapMode
GetMapMode
GetDeviceCaps
GetTextMetricsA
CreatePatternBrush
SetDIBits
GetTextExtentPoint32A
CreateDCA
GetTextColor
GetBkColor
Rectangle
SelectObject
CreateSolidBrush
CreateFontIndirectA
GetStockObject
CreateFontA
BitBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
DeleteObject
GetDIBits
RoundRect
CreateRoundRectRgn
StretchBlt
CreateCompatibleDC
GetObjectA
SetStretchBltMode

advapi32

ChangeServiceConfigA
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
AllocateAndInitializeSid
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CreateServiceA
CreateProcessWithLogonW
GetNamedSecurityInfoA
ConvertStringSidToSidA
SetEntriesInAclA
SetNamedSecurityInfoA
GetUserNameA
DeleteService
GetTokenInformation
CryptAcquireContextW
EnumDependentServicesA
CryptDestroyKey
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
LookupAccountSidA
AddAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetSecurityDescriptorControl
SetFileSecurityA
LookupAccountNameA
AddAccessDeniedAce
AddAccessAllowedAce
ControlService
RegDeleteValueA
CryptGenKey
OpenServiceA
RegDeleteKeyA
RegOpenKeyA
CryptAcquireContextA
CryptCreateHash
CryptHashData
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
StartServiceA
QueryServiceStatusEx
CloseServiceHandle
OpenSCManagerA
RegEnumValueA
RegRestoreKeyA
RegCreateKeyExA
RegSaveKeyA
RegCreateKeyA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptDuplicateHash

shell32

SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteExA
SHFileOperationA
SHGetDiskFreeSpaceExA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathMatchSpecA
SHDeleteKeyA
SHCopyKeyA
SHDeleteValueA
StrStrIA

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoInitialize
StringFromGUID2
CoCreateGuid

oleaut32

SafeArrayGetLBound
VariantClear
SafeArrayGetUBound
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
SafeArrayGetElement
VariantInit

wsock32

htonl
bind
select
recvfrom
sendto
gethostname
WSAStartup
socket
ioctlsocket
gethostbyaddr
gethostbyname
htons
connect
recv
send
closesocket
WSACleanup
inet_ntoa
WSAGetLastError
getpeername
inet_addr
getsockname

wininet

HttpSendRequestA
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetQueryDataAvailable
InternetReadFile
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
HttpOpenRequestA

msvcp90

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z

mpr

WNetGetConnectionA
WNetOpenEnumA
WNetEnumResourceA
WNetDisconnectDialog1A
WNetCloseEnum
WNetGetUniversalNameA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses
GetProcessMemoryInfo
GetModuleFileNameExA

setupapi

CM_Get_Device_IDA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsA
CM_Get_Parent
CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

netapi32

NetApiBufferFree
NetFileEnum
NetUseAdd
NetGetJoinInformation
NetWkstaTransportEnum
NetShareDel
NetShareEnum
NetUseDel
NetConnectionEnum

imm32

ImmGetConversionStatus
ImmGetContext
ImmSetConversionStatus

activeds

ord3

iphlpapi

GetIpAddrTable
GetIpNetTable
GetAdaptersInfo
SendARP

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

userenv

CreateEnvironmentBlock

crypt32

CertFreeCertificateChain
CertStrToNameW
CertCreateSelfSignCertificate
CryptFindCertificateKeyProvInfo
CertGetNameStringA
CertVerifyTimeValidity
CertGetCertificateChain
CertCloseStore
CertFreeCertificateContext
CertVerifyRevocation

secur32

FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
InitializeSecurityContextA
ApplyControlToken
AcceptSecurityContext
DecryptMessage
QueryContextAttributesA
EncryptMessage
AcquireCredentialsHandleA
GetUserNameExA

pdh

PdhAddCounterA
PdhOpenQueryA
PdhEnumObjectItemsA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhGetCounterInfoA
PdhMakeCounterPathA

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/skin/$PROGRAMFILES/RF_L/tc_ad.dll.new
.dll windows:5 windows x86 arch:x86

8c4d43ed2a17925dc31304477e385ef0

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

66:ad:62:ab:e6:f4:3a:42:8d:b5:91:5b:0c:85:ff:07:40:ed:25:b3:06:55:e5:e3:4d:96:a0:81:77:a3:5d:b5
Signer

Actual PE Digest

66:ad:62:ab:e6:f4:3a:42:8d:b5:91:5b:0c:85:ff:07:40:ed:25:b3:06:55:e5:e3:4d:96:a0:81:77:a3:5d:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsFree
FreeLibrary
SetEvent
InitializeCriticalSection
GetWindowsDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
FindFirstFileExW
FindFirstFileExA
FindFirstFileW
FindFirstFileA
FindNextFileW
WriteConsoleA
WriteConsoleW
GetThreadContext
SetThreadContext
LoadLibraryW
WriteFile
SetFilePointer
CopyFileExW
CopyFileExA
MoveFileExA
CopyFileW
CopyFileA
MoveFileW
MoveFileA
MoveFileExW
MoveFileWithProgressW
MoveFileWithProgressA
SuspendThread
TerminateProcess
OpenThread
OpenProcess
DeleteFileW
ReplaceFileW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
DuplicateHandle
GetCurrentThreadId
Thread32First
VirtualAlloc
LocalAlloc
VirtualFreeEx
FindClose
FindNextFileA
VirtualQuery
GetEnvironmentVariableA
lstrcatA
GetShortPathNameA
CreateThread
CreateEventA
GetExitCodeThread
OutputDebugStringA
CompareFileTime
DeleteCriticalSection
ReadProcessMemory
CreateDirectoryA
GetVersion
SystemTimeToFileTime
GetLocalTime
InterlockedIncrement
TlsSetValue
TlsAlloc
SetUnhandledExceptionFilter
GetLongPathNameA
GetUserDefaultLangID
IsBadReadPtr
FlushFileBuffers
GetTempPathA
SetEndOfFile
VirtualProtect
InterlockedCompareExchange
GetEnvironmentVariableW
VirtualProtectEx
VirtualQueryEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetConsoleOutputCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
HeapReAlloc
VirtualFree
HeapDestroy
HeapCreate
GetTimeZoneInformation
LCMapStringW
LCMapStringA
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
GetFileAttributesA
RtlUnwind
RaiseException
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
GetModuleFileNameW
FlushInstructionCache
GetCurrentThread
DeleteFileA
GetCommandLineA
GetProcessTimes
GetCommandLineW
GetModuleFileNameA
lstrlenW
GetModuleHandleW
MulDiv
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
ExitProcess
ExitThread
LoadLibraryA
GetCurrentProcess
GetCurrentDirectoryA
GetFileSize
ReadFile
SetLastError
GetDriveTypeA
QueryDosDeviceA
CreateFileA
DeviceIoControl
TerminateThread
WaitForSingleObject
GetExitCodeProcess
CreateFileW
GetModuleHandleA
GetProcAddress
FormatMessageA
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessA
CreateProcessW
ResumeThread
Module32Next
Module32NextW
Thread32Next
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
lstrlenA
lstrcpyA
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExA
GetLastError
GetTickCount
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
DisableThreadLibraryCalls
GlobalFree

user32

PostMessageW
EnableWindow
GetWindowTextW
UnhookWinEvent
SetWindowTextA
SendMessageA
SendMessageW
GetActiveWindow
EnumDisplaySettingsW
GetFocus
GetDesktopWindow
FillRect
DrawTextA
SetWindowTextW
GetWindowTextA
GetWindowPlacement
FindWindowExA
MessageBoxA
FindWindowA
PostMessageA
GetCursorPos
WindowFromPoint
LoadStringA
EnumWindows
GetDC
GetDCEx
GetWindowDC
ReleaseDC
EnumChildWindows
SendMessageTimeoutA
GetClassNameA
MoveWindow
ExitWindowsEx
DispatchMessageA
TranslateMessage
IsWindow
IsWindowVisible
GetParent
GetWindowLongA
GetWindowThreadProcessId
GetWindowRect
LoadImageA
SendInput
MapVirtualKeyA
keybd_event
GetForegroundWindow
GetTopWindow
GetWindow
SetWinEventHook
MsgWaitForMultipleObjects
OpenClipboard
EmptyClipboard
CloseClipboard
PeekMessageA
ShowWindow

advapi32

CryptHashData
RegEnumValueW
RegOpenKeyExW
LogonUserW
LogonUserA
CreateProcessAsUserW
RegCreateKeyExW
RegSetValueW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
InitiateSystemShutdownW
InitiateSystemShutdownExW
RegCloseKey
RegEnumValueA
RegOpenKeyA
RegEnumKeyExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
RegSaveKeyA
RegQueryValueExA
CryptAcquireContextA
CryptCreateHash
RegFlushKey
CryptGetHashParam
CryptDestroyHash
CryptDeriveKey
CryptEncrypt

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA
SHGetPathFromIDListA
CommandLineToArgvW
SHGetDesktopFolder
SHGetFolderPathA
DragQueryFileW
SHFileOperationA
SHFileOperationW

shlwapi

StrStrA
SHDeleteValueA
StrStrIW
SHDeleteValueW
SHDeleteKeyW
StrStrIA

ws2_32

inet_addr
send
WSASend
htonl
inet_ntoa
gethostbyname
WSASendTo
sendto
getsockopt
getpeername
ntohs
htons
bind
WSAConnect
connect
WSARecv
WSARecvFrom
recvfrom
recv
socket
closesocket
WSAStartup
ntohl

iphlpapi

GetAdaptersInfo

winspool.drv

FindFirstPrinterChangeNotification
StartPagePrinter
StartDocPrinterW
OpenPrinterW
SetJobA
ClosePrinter
EnumPrintersA
EndDocPrinter
FindNextPrinterChangeNotification
EnumJobsA

gdi32

EndPage
StartPage
EndDoc
StartDocW
StretchDIBits
CreateCompatibleDC
CreateDCA
CreateDCW
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetStockObject
CreateFontA
SetTextAlign
SetTextColor
SetBkMode
GetTextExtentPoint32A
TextOutA
BitBlt
StretchBlt
DeleteObject
GetObjectA

mpr

WNetGetConnectionA
WNetGetUniversalNameA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

setupapi

CM_Get_Device_IDA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA

Exports

Exports

FDrv
TC_OL_M_B
TC_OL_M_F
isUSB

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TCSHARE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/skin/$PROGRAMFILES/RF_L/tc_sign.exe.new
.exe windows:5 windows x86 arch:x86

7c7bd93d8153958f4b679a5c3a66d17f

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

91:73:ce:61:00:32:7b:1b:fd:23:17:f1:9b:e6:23:78:21:33:cb:00:b4:b2:f2:c8:e2:ed:4e:c7:b8:df:a2:dc
Signer

Actual PE Digest

91:73:ce:61:00:32:7b:1b:fd:23:17:f1:9b:e6:23:78:21:33:cb:00:b4:b2:f2:c8:e2:ed:4e:c7:b8:df:a2:dc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
VirtualAlloc
ExitProcess
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetACP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
FreeResource
WritePrivateProfileStringA
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv
SetLastError
LocalFree
GetCurrentProcessId
CloseHandle
CreateToolhelp32Snapshot
GetModuleHandleA
Process32Next
LoadLibraryA
FindClose
VirtualAllocEx
GetLongPathNameA
GetProcAddress
GetLastError
FindFirstFileA
CreateDirectoryA
MultiByteToWideChar
GetModuleFileNameW
TerminateProcess
GetExitCodeProcess
ReadProcessMemory
Sleep
VirtualFreeEx
OpenProcess
GetTickCount
GetModuleHandleW
Process32First
GetCurrentProcess
lstrlenA
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
GetStdHandle
FindResourceA

user32

UnregisterClassA
LoadCursorA
GetSysColorBrush
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
GetWindowPlacement
GetWindowRect
GetWindow
SystemParametersInfoA
DestroyMenu
CopyRect
UnhookWindowsHookEx
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
GetWindowThreadProcessId
FindWindowA
EnableWindow
GetSystemMetrics
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
PostMessageA
IsWindow
AppendMenuA
SendMessageTimeoutA
SendMessageA
GetClientRect
DrawIcon
LoadIconA
KillTimer
IsIconic
SetTimer
GetSystemMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
CheckMenuItem
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
RegisterClassA

gdi32

GetStockObject
Escape
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetDeviceCaps
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
SelectObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
OpenProcessToken
GetNamedSecurityInfoA
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyA
LookupPrivilegeValueA
RegQueryValueExA
SetNamedSecurityInfoA
SetEntriesInAclA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

psapi

GetModuleFileNameExA

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/skin/$PROGRAMFILES64/RF_L/RF.exe.new
.exe windows:5 windows x64 arch:x64

a3b19ddc20838d387fb492354a9899e3

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8a:22:f0:c5:32:8c:71:df:6d:e5:43:7c:9e:e2:73:34:16:fc:11:d5:a8:ab:26:b6:99:09:dd:8b:42:22:74:71
Signer

Actual PE Digest

8a:22:f0:c5:32:8c:71:df:6d:e5:43:7c:9e:e2:73:34:16:fc:11:d5:a8:ab:26:b6:99:09:dd:8b:42:22:74:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

tccr

WriteWhiteFile
ReadWhiteFile

mfc90

ord6428
ord262
ord5448
ord3338
ord4207
ord3940
ord4423
ord2719
ord3852
ord2328
ord5993
ord2944
ord3487
ord3777
ord4202
ord5647
ord2222
ord393
ord3137
ord2068
ord642
ord3169
ord5834
ord5833
ord5991
ord5988
ord5951
ord6111
ord4087
ord1975
ord578
ord772
ord6132
ord3851
ord5681
ord6194
ord1080
ord2433
ord6095
ord2218
ord1426
ord3966
ord2432
ord5731
ord2722
ord5609
ord1840
ord2139
ord4340
ord1689
ord1624
ord3397
ord3245
ord568
ord759
ord750
ord4133
ord5832
ord1213
ord1132
ord386
ord640
ord1520
ord1963
ord6131
ord4027
ord1039
ord3379
ord541
ord735
ord6334
ord559
ord3257
ord570
ord761
ord923
ord919
ord306
ord2809
ord3666
ord4497
ord4213
ord2012
ord3486
ord3517
ord4336
ord1581
ord4196
ord1517
ord1977
ord2533
ord2970
ord602
ord3253
ord2136
ord3686
ord1019
ord569
ord760
ord1993
ord3191
ord6436
ord4216
ord2436
ord4649
ord2516
ord600
ord336
ord3525
ord1584
ord6091
ord611
ord3261
ord3577
ord6249
ord4183
ord1962
ord4206
ord5407
ord5779
ord5225
ord2870
ord1919
ord1820
ord920
ord6419
ord4179
ord5562
ord5828
ord745
ord3391
ord1623
ord332
ord5758
ord3422
ord1188
ord2785
ord3170
ord1524
ord1220
ord1186
ord6413
ord1457
ord3515
ord601
ord1143
ord337
ord4586
ord3020
ord2907
ord3774
ord771
ord577
ord3418
ord5684
ord5333
ord5350
ord4677
ord4041
ord5346
ord5344
ord3002
ord1966
ord3923
ord5499
ord6348
ord5220
ord1023
ord3897
ord5701
ord2065
ord2110
ord4429
ord2411
ord3892
ord6409
ord4112
ord4136
ord320
ord1060
ord2303
ord6101
ord1071
ord3921
ord921
ord301
ord5555
ord4861
ord3464
ord643
ord1472
ord4024
ord2344
ord2336
ord394
ord5608
ord5578
ord588
ord886
ord790
ord296
ord6169
ord5899
ord797
ord1016
ord5577
ord3380
ord736
ord542
ord6366
ord1938
ord3529
ord266
ord2437
ord3312
ord1428
ord6397
ord1979
ord1518
ord4197
ord2138
ord1605
ord4339
ord670
ord3576
ord798
ord2592
ord5729
ord6187
ord5726
ord6181
ord4261
ord6184
ord6008
ord5845
ord5765
ord5641
ord5706
ord5532
ord5519
ord6047
ord5837
ord3263
ord3371
ord2320
ord5760
ord5849
ord6164
ord513
ord5759
ord4222
ord4099
ord3775
ord3069
ord3297
ord583
ord774
ord3287
ord2137
ord1678
ord1592
ord3133
ord6041
ord1434
ord4338
ord5272
ord5334
ord4363
ord655
ord3561
ord1516
ord6247
ord3006
ord305
ord1523
ord300
ord1314
ord2001
ord4198
ord2141
ord3327
ord2860
ord3435
ord6273
ord2230
ord1103
ord1339
ord2435
ord2953
ord5864
ord3886
ord310
ord1215
ord1219
ord3433
ord3742
ord4926
ord265
ord314
ord795
ord2973
ord4095
ord877
ord4350
ord4391
ord5783
ord5482
ord1528
ord4266
ord4856
ord4979
ord5767
ord5479
ord1468
ord938
ord3242
ord328
ord1578
ord597
ord5755
ord1310
ord355
ord614
ord512
ord722
ord1949
ord1110
ord3386
ord4689
ord778
ord617
ord362
ord3265
ord4364
ord4591
ord4042
ord2709
ord779
ord4224
ord6219
ord6414
ord6192
ord4456
ord5323
ord316
ord2380
ord888
ord1149
ord1616
ord259
ord6417
ord1209
ord5437
ord728
ord755
ord3402
ord4342
ord1627
ord2142
ord3376
ord1617
ord1686
ord632
ord598
ord671
ord3246
ord4334
ord1579
ord2133
ord3313
ord3278
ord3036
ord1839
ord2185
ord5564
ord2849
ord429
ord1471
ord5440
ord2974
ord5222
ord641
ord5207
ord6407
ord392
ord589
ord3293
ord3243
ord776
ord1311
ord1980
ord3732
ord5302
ord4313
ord4846
ord5003
ord2067
ord1714
ord1713
ord1585
ord3131
ord6038
ord1662
ord1659
ord4039
ord1433
ord4346
ord1954
ord5191
ord6406
ord4285
ord3488
ord4833
ord4384
ord1636
ord6086
ord5355
ord5353
ord936
ord941
ord945
ord943
ord947
ord2455
ord2475
ord2459
ord2465
ord2463
ord2461
ord2478
ord2473
ord2457
ord2480
ord2468
ord2450
ord2452
ord2470
ord2233
ord2226
ord1556
ord6410
ord3893
ord6408
ord1665
ord2327
ord2331
ord1018
ord5537
ord5556
ord3430
ord5083
ord6012
ord3011
ord1393
ord5295
ord2010
ord1699
ord1698
ord1635
ord5320
ord2602
ord2797
ord2904
ord4410
ord2780
ord2932
ord2605
ord2711
ord2598
ord3809
ord3810
ord3800
ord321
ord1111
ord1195
ord925
ord592
ord1239
ord1237

msvcr90

qsort
strncpy
memcmp
fclose
atoi
fgets
fopen
_localtime64
_time64
_mbsrchr
_mbstok
_purecall
_beginthreadex
__C_specific_handler
_strdup
realloc
malloc
sprintf
memset
strcpy
calloc
_recalloc
free
_mbscmp
__CxxFrameHandler3
strlen
fseek
strftime
_localtime64_s
strrchr
strcat
fflush
fputs
_splitpath
_mktime64
strchr
strcmp
memcpy_s
memmove_s
_atoi64
fopen_s
fwrite
_access
strstr
_gmtime64_s
rand
vsprintf
swscanf
wcslen
wcscmp
memmove
strcspn
strspn
_mkdir
toupper
_itoa
_wcsicmp
isalpha
strcpy_s
vsprintf_s
_CxxThrowException
_mbsnbcpy
isdigit
sqrt
feof
_strupr
__argv
_strnicmp
_strlwr
_strnset
_setmbcp
__argc
getenv
atol
_stricmp
srand
fputws
fgetws
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
memcpy
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
strtoul
_stat64i32

kernel32

CompareStringA
GetDiskFreeSpaceExA
GetExitCodeProcess
TerminateProcess
DeviceIoControl
GetCurrentProcessId
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrcpyW
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
GetFileSize
GetLocalTime
DuplicateHandle
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentDirectoryA
lstrcmpiA
SystemTimeToFileTime
lstrcpyA
LocalFileTimeToFileTime
lstrcmpA
SetFilePointer
IsBadReadPtr
CreateFileW
WriteFile
SetFileTime
VirtualAlloc
ReadFile
GlobalAlloc
GlobalFree
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
SetFileAttributesA
lstrlenA
GetTickCount
GetSystemDirectoryA
GetFileAttributesExA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CreateProcessA
CopyFileW
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
CopyFileA
CreateDirectoryA
Sleep
GetQueuedCompletionStatus
ReadDirectoryChangesW
GetCurrentThread
GetThreadPriority
SetThreadPriority
PostQueuedCompletionStatus
GetFileAttributesA
SetLastError
VirtualFree
GlobalMemoryStatusEx
LocalAlloc
FormatMessageA
LocalFree
FileTimeToLocalFileTime
GetModuleHandleW
WaitForMultipleObjects
CreateDirectoryW
CreateFileA
CreateIoCompletionPort
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
ResetEvent
CreateEventA
SetEvent
CloseHandle
WaitForSingleObject
GetUserDefaultLangID
lstrlenW
WideCharToMultiByte
GetLastError
RaiseException
GetModuleHandleA
LoadLibraryA
FreeLibrary
GetVersionExA
MultiByteToWideChar
SetCurrentDirectoryA
GetProcAddress
GetSystemTimeAsFileTime
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoA
GetFileSizeEx
VerLanguageNameA
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameW
GetLongPathNameA
CompareFileTime
GetDateFormatA
GetTimeFormatA
MoveFileA
SetSystemTime
CreateThread
TerminateThread
GlobalAddAtomA
ExitProcess
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
OutputDebugStringA
GetDriveTypeA
QueryDosDeviceA
SetLocalTime
Module32First
Module32Next
GetTimeZoneInformation
GetComputerNameExA
SetPriorityClass
GetComputerNameA
SetUnhandledExceptionFilter
GetSystemInfo
CreateMutexA
ReleaseMutex
MoveFileExA
GetTempPathA
GetModuleFileNameA
RemoveDirectoryA
GetCurrentThreadId
GetSystemTime
GlobalLock
GlobalUnlock
ReadProcessMemory
CreateToolhelp32Snapshot
Process32First
Process32Next
GetWindowsDirectoryA
GetProcessTimes

user32

DrawEdge
keybd_event
SendInput
OpenDesktopA
GetMenuItemCount
GetMenuStringA
SetWindowPos
DeleteMenu
UnregisterHotKey
GetThreadDesktop
OpenInputDesktop
CreateDesktopA
SetThreadDesktop
CloseDesktop
EnumDesktopWindows
EnumWindows
GetClassNameA
CopyIcon
SetSystemCursor
DestroyCursor
CopyImage
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetActiveWindow
GetKeyNameTextA
GetKeyboardState
ToAscii
BringWindowToTop
RegisterWindowMessageA
RegisterHotKey
RegisterDeviceNotificationA
CreateIconIndirect
LoadMenuA
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
WindowFromPoint
ClientToScreen
GetCapture
GetClassInfoA
LoadBitmapA
LoadCursorA
SetClassLongPtrA
GetWindowThreadProcessId
GetWindow
CallWindowProcA
GetScrollInfo
SetWindowLongPtrA
ReleaseCapture
SetCapture
ReleaseDC
GetDC
IsRectEmpty
FillRect
OffsetRect
OpenClipboard
EmptyClipboard
CloseClipboard
GetTopWindow
GetWindowLongA
MapDialogRect
GetIconInfo
SetForegroundWindow
GetSystemMenu
EnableMenuItem
DestroyIcon
IsWindowEnabled
IsWindowVisible
GetDesktopWindow
EnumChildWindows
LoadStringW
RedrawWindow
GetCursorPos
GetSysColor
IsZoomed
CopyRect
GetWindowTextA
SetRect
FindWindowA
FindWindowExA
SendMessageTimeoutA
MessageBoxA
wsprintfA
SystemParametersInfoA
LoadStringA
UpdateWindow
SetParent
GetFocus
SetScrollPos
DrawIconEx
LoadIconA
GetWindowDC
InflateRect
MoveWindow
GetWindowLongPtrA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBeep
GetMessageA
PostThreadMessageA
CreateWindowExA
DefWindowProcA
RegisterClassA
DestroyWindow
IsWindow
GetParent
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ScreenToClient
InsertMenuA
CreatePopupMenu
InvalidateRect
GetWindowRect
PtInRect
SendMessageA
GetClientRect
PostMessageA
AnimateWindow
KillTimer
SetTimer
SetWindowRgn
GetSystemMetrics
GetKeyState
LoadImageA
EnableWindow

gdi32

DeleteDC
DPtoLP
SetMapMode
GetMapMode
GetDeviceCaps
GetTextMetricsA
CreatePatternBrush
SetDIBits
GetTextExtentPoint32A
CreateDCA
GetTextColor
GetBkColor
Rectangle
SelectObject
CreateSolidBrush
CreateFontIndirectA
GetStockObject
CreateFontA
BitBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
DeleteObject
GetDIBits
RoundRect
CreateRoundRectRgn
StretchBlt
CreateCompatibleDC
GetObjectA
SetStretchBltMode

advapi32

ChangeServiceConfigA
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
AllocateAndInitializeSid
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CreateServiceA
CreateProcessWithLogonW
GetNamedSecurityInfoA
ConvertStringSidToSidA
SetEntriesInAclA
SetNamedSecurityInfoA
GetUserNameA
DeleteService
GetTokenInformation
CryptAcquireContextW
EnumDependentServicesA
CryptDestroyKey
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
LookupAccountSidA
AddAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetSecurityDescriptorControl
SetFileSecurityA
LookupAccountNameA
AddAccessDeniedAce
AddAccessAllowedAce
ControlService
RegDeleteValueA
CryptGenKey
OpenServiceA
RegDeleteKeyA
RegOpenKeyA
CryptAcquireContextA
CryptCreateHash
CryptHashData
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
StartServiceA
QueryServiceStatusEx
CloseServiceHandle
OpenSCManagerA
RegEnumValueA
RegRestoreKeyA
RegCreateKeyExA
RegSaveKeyA
RegCreateKeyA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptDuplicateHash

shell32

SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteExA
SHFileOperationA
SHGetDiskFreeSpaceExA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathMatchSpecA
SHDeleteKeyA
SHCopyKeyA
SHDeleteValueA
StrStrIA

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoInitialize
StringFromGUID2
CoCreateGuid

oleaut32

SafeArrayGetLBound
VariantClear
SafeArrayGetUBound
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
SafeArrayGetElement
VariantInit

wsock32

htonl
bind
select
recvfrom
sendto
gethostname
WSAStartup
socket
ioctlsocket
gethostbyaddr
gethostbyname
htons
connect
recv
send
closesocket
WSACleanup
inet_ntoa
WSAGetLastError
getpeername
inet_addr
getsockname

wininet

HttpSendRequestA
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetQueryDataAvailable
InternetReadFile
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
HttpOpenRequestA

msvcp90

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAD_K@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@_K0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KAEBV12@_K@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2_KB
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@_K0AEBV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KD_K@Z

mpr

WNetGetConnectionA
WNetOpenEnumA
WNetEnumResourceA
WNetDisconnectDialog1A
WNetCloseEnum
WNetGetUniversalNameA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses
GetProcessMemoryInfo
GetModuleFileNameExA

setupapi

CM_Get_Device_IDA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsA
CM_Get_Parent
CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

netapi32

NetApiBufferFree
NetFileEnum
NetUseAdd
NetGetJoinInformation
NetWkstaTransportEnum
NetShareDel
NetShareEnum
NetUseDel
NetConnectionEnum

imm32

ImmGetConversionStatus
ImmGetContext
ImmSetConversionStatus

activeds

ord3

iphlpapi

GetIpAddrTable
GetIpNetTable
GetAdaptersInfo
SendARP

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

userenv

CreateEnvironmentBlock

crypt32

CertFreeCertificateChain
CertStrToNameW
CertCreateSelfSignCertificate
CryptFindCertificateKeyProvInfo
CertGetNameStringA
CertVerifyTimeValidity
CertGetCertificateChain
CertCloseStore
CertFreeCertificateContext
CertVerifyRevocation

secur32

FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
InitializeSecurityContextA
ApplyControlToken
AcceptSecurityContext
DecryptMessage
QueryContextAttributesA
EncryptMessage
AcquireCredentialsHandleA
GetUserNameExA

pdh

PdhAddCounterA
PdhOpenQueryA
PdhEnumObjectItemsA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhGetCounterInfoA
PdhMakeCounterPathA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/skin/$PROGRAMFILES64/RF_L/TC_AD.dll.new
.dll windows:5 windows x64 arch:x64

2f1896d46f95d14d9a6c18c45b52a07f

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

95:0d:be:58:b8:9a:55:98:cb:67:2d:f3:ec:36:e7:aa:75:61:fd:73:e0:98:60:de:dc:1d:f7:62:fd:f4:11:db
Signer

Actual PE Digest

95:0d:be:58:b8:9a:55:98:cb:67:2d:f3:ec:36:e7:aa:75:61:fd:73:e0:98:60:de:dc:1d:f7:62:fd:f4:11:db

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

TlsFree
FreeLibrary
SetEvent
InitializeCriticalSection
GetWindowsDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
FindFirstFileExW
FindFirstFileExA
FindFirstFileW
FindFirstFileA
FindNextFileW
WriteConsoleA
WriteConsoleW
GetThreadContext
SetThreadContext
LoadLibraryW
WriteFile
SetFilePointer
CopyFileExW
CopyFileExA
MoveFileExA
CopyFileW
CopyFileA
MoveFileW
MoveFileA
MoveFileExW
MoveFileWithProgressW
MoveFileWithProgressA
SuspendThread
TerminateProcess
OpenThread
OpenProcess
DeleteFileW
ReplaceFileW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
DuplicateHandle
GetCurrentThreadId
Thread32First
VirtualAlloc
LocalAlloc
VirtualFreeEx
FindClose
FindNextFileA
VirtualQuery
GetEnvironmentVariableA
lstrcatA
GetShortPathNameA
CreateThread
CreateEventA
GetExitCodeThread
OutputDebugStringA
CompareFileTime
DeleteCriticalSection
ReadProcessMemory
CreateDirectoryA
GetVersion
SystemTimeToFileTime
GetLocalTime
TlsSetValue
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
GetLongPathNameA
GetUserDefaultLangID
TlsAlloc
FlushFileBuffers
GetTempPathA
SetEndOfFile
VirtualFree
VirtualProtect
GetEnvironmentVariableW
VirtualProtectEx
VirtualQueryEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetConsoleOutputCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
HeapSetInformation
GetTimeZoneInformation
LCMapStringW
LCMapStringA
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
FlsSetValue
GetFileAttributesA
RtlUnwindEx
GetModuleFileNameW
FlushInstructionCache
GetCurrentThread
GlobalFree
DeleteFileA
GetCommandLineA
GetProcessTimes
GetCommandLineW
GetModuleFileNameA
lstrlenW
GetModuleHandleW
MulDiv
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
ExitProcess
ExitThread
LoadLibraryA
GetCurrentProcess
GetCurrentDirectoryA
GetFileSize
ReadFile
SetLastError
GetDriveTypeA
QueryDosDeviceA
CreateFileA
DeviceIoControl
TerminateThread
WaitForSingleObject
GetExitCodeProcess
CreateFileW
GetModuleHandleA
GetProcAddress
FormatMessageA
RtlLookupFunctionEntry
RtlPcToFileHeader
RaiseException
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessA
CreateProcessW
ResumeThread
Module32Next
Module32NextW
Thread32Next
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
lstrlenA
lstrcpyA
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExA
GetLastError
GetTickCount
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
IsBadReadPtr

user32

DrawTextA
FillRect
GetDesktopWindow
GetFocus
EnumDisplaySettingsW
UnhookWinEvent
LoadImageA
GetActiveWindow
GetWindowTextA
GetWindowPlacement
FindWindowExA
MessageBoxA
FindWindowA
PostMessageA
GetCursorPos
WindowFromPoint
LoadStringA
EnumWindows
EnumChildWindows
SendMessageTimeoutA
GetClassNameA
IsWindow
PostMessageW
EnableWindow
GetWindowTextW
SetWindowTextW
SetWindowTextA
SendMessageA
SendMessageW
GetDC
GetDCEx
GetWindowDC
ReleaseDC
ShowWindow
MoveWindow
ExitWindowsEx
IsWindowVisible
GetWindowRect
GetParent
GetWindowThreadProcessId
DispatchMessageA
GetWindowLongPtrA
SendInput
MapVirtualKeyA
keybd_event
GetForegroundWindow
GetTopWindow
GetWindow
SetWinEventHook
MsgWaitForMultipleObjects
OpenClipboard
EmptyClipboard
CloseClipboard
PeekMessageA
TranslateMessage

advapi32

LogonUserW
RegEnumValueW
RegOpenKeyExW
LogonUserA
CreateProcessAsUserW
RegCreateKeyExW
RegSetValueW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
InitiateSystemShutdownW
InitiateSystemShutdownExW
RegCloseKey
RegEnumValueA
RegOpenKeyA
RegEnumKeyExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptDeriveKey
RegSaveKeyA
RegQueryValueExA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegFlushKey

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA
SHGetPathFromIDListA
CommandLineToArgvW
SHGetDesktopFolder
SHGetFolderPathA
DragQueryFileW
SHFileOperationW
SHFileOperationA

shlwapi

StrStrIA
StrStrA
SHDeleteValueA
StrStrIW
SHDeleteValueW
SHDeleteKeyW

ws2_32

inet_ntoa
ntohs
WSASendTo
sendto
WSASend
send
ntohl
htons
bind
WSAConnect
connect
WSARecv
WSARecvFrom
recvfrom
recv
socket
gethostbyname
closesocket
inet_addr
WSAStartup
htonl
getsockopt
getpeername

iphlpapi

GetAdaptersInfo

winspool.drv

SetJobA
FindFirstPrinterChangeNotification
EnumPrintersA
OpenPrinterW
StartDocPrinterW
FindNextPrinterChangeNotification
EnumJobsA
EndDocPrinter
ClosePrinter
StartPagePrinter

gdi32

EndPage
StartPage
EndDoc
StartDocW
StretchDIBits
CreateCompatibleDC
CreateDCA
CreateDCW
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetStockObject
CreateFontA
SetTextAlign
SetTextColor
SetBkMode
GetTextExtentPoint32A
TextOutA
BitBlt
StretchBlt
DeleteObject
GetObjectA

mpr

WNetGetUniversalNameA
WNetGetConnectionA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

setupapi

CM_Get_Device_IDA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

Exports

Exports

FDrv
TC_OL_M_B
TC_OL_M_F
isUSB

Sections

.text
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TCSHARE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/skin/$PROGRAMFILES64/RF_L/tc_sign.exe.new
.exe windows:5 windows x64 arch:x64

a8b50d6e1d07dc01c07f159c55ab4200

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a9:c8:01:1b:bb:6a:29:86:2d:44:d7:4b:50:9f:42:a6:3b:be:d4:51:a2:d0:86:87:cd:c4:ba:91:d5:d4:e1:4f
Signer

Actual PE Digest

a9:c8:01:1b:bb:6a:29:86:2d:44:d7:4b:50:9f:42:a6:3b:be:d4:51:a2:d0:86:87:cd:c4:ba:91:d5:d4:e1:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
HeapReAlloc
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
ExitProcess
HeapQueryInformation
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetTimeZoneInformation
GetFileAttributesA
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
FreeResource
WritePrivateProfileStringA
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
lstrcmpA
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv
SetLastError
LocalFree
GetCurrentProcessId
CloseHandle
CreateToolhelp32Snapshot
GetModuleHandleA
Process32Next
LoadLibraryA
FindClose
VirtualAllocEx
GetLongPathNameA
GetProcAddress
GetLastError
FindFirstFileA
CreateDirectoryA
MultiByteToWideChar
GetModuleFileNameW
TerminateProcess
GetExitCodeProcess
ReadProcessMemory
Sleep
VirtualFreeEx
OpenProcess
GetTickCount
GetModuleHandleW
Process32First
GetCurrentProcess
lstrlenA
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
GetACP
FindResourceA

user32

UnregisterClassA
LoadCursorA
GetSysColorBrush
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
GetWindowPlacement
GetWindowRect
GetWindow
SystemParametersInfoA
DestroyMenu
CopyRect
UnhookWindowsHookEx
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
GetWindowThreadProcessId
FindWindowA
EnableWindow
GetSystemMetrics
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
SetForegroundWindow
PostMessageA
IsWindow
AppendMenuA
SendMessageTimeoutA
SendMessageA
GetClientRect
DrawIcon
LoadIconA
KillTimer
IsIconic
SetTimer
GetSystemMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
CheckMenuItem
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem

gdi32

GetStockObject
Escape
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetDeviceCaps
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
SelectObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
OpenProcessToken
GetNamedSecurityInfoA
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyA
LookupPrivilegeValueA
RegQueryValueExA
SetNamedSecurityInfoA
SetEntriesInAclA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

psapi

GetModuleFileNameExA

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/skin/status_green.bmp
$PROGRAMFILES/RF_L/skin/status_red.bmp
$PROGRAMFILES/RF_L/tc1_form.sys
$PROGRAMFILES/RF_L/tc_8SR.exe
.exe windows:5 windows x86 arch:x86

f3da62b5dd366b894d4e8a05f18196f1

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:7c:8b:c6:1b:95:7d:50:c9:6b:2c:ee:ee:dd:12:4b:59:1a:92:c0:b7:d2:f0:43:f4:ba:1f:8a:4a:c8:f5:25
Signer

Actual PE Digest

37:7c:8b:c6:1b:95:7d:50:c9:6b:2c:ee:ee:dd:12:4b:59:1a:92:c0:b7:d2:f0:43:f4:ba:1f:8a:4a:c8:f5:25

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLongPathNameA
GetLastError
GetModuleFileNameW
ReadFile
WideCharToMultiByte
GetCurrentProcess
GetTempPathA
CreateFileA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetTickCount

advapi32

AdjustTokenPrivileges
RegOpenKeyA
LookupPrivilegeValueA
RegCreateKeyA
RegSetValueExA
OpenProcessToken
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

msvcr90

_ismbblead
_XcptFilter
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_exit
_cexit
__getmainargs
_amsg_exit
strncpy
atoi
strchr
strstr
sprintf
exit
memset

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 862B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/tc_Default.sys
$PROGRAMFILES/RF_L/tc_Prih.dll
.dll windows:5 windows x86 arch:x86

51d108bf9267ad0f7ca42cd91fe275b7

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

00:c3:c4:61:e3:5f:04:88:7e:fc:a1:1e:72:54:7d:71:18:47:bc:3b:a5:9e:13:bc:c0:a8:e5:1d:d4:b7:c8:d4
Signer

Actual PE Digest

00:c3:c4:61:e3:5f:04:88:7e:fc:a1:1e:72:54:7d:71:18:47:bc:3b:a5:9e:13:bc:c0:a8:e5:1d:d4:b7:c8:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext

kernel32

GetUserDefaultLangID
CompareStringW
CompareStringA
ReadFile
GetModuleFileNameW
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
WideCharToMultiByte
GetLongPathNameA
GetModuleHandleA
GetTickCount
GetLastError
GetProcessHeap
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
CloseHandle
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapAlloc
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
CreateFileA
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA

user32

UnhookWindowsHookEx
SetWindowsHookExA
SendMessageTimeoutA
IsWindowEnabled
CallNextHookEx
MapVirtualKeyA
IsWindowVisible
GetClassNameA
FindWindowExA
FindWindowA
PostMessageA
GetActiveWindow
GetWindowTextA
GetAsyncKeyState

advapi32

RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shlwapi

StrStrIA

Exports

Exports

InstallRecord
RecordProc
UnInstallRecord

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/tc_svr.exe
.exe windows:5 windows x86 arch:x86

42cccb59fb52078015be74288575c424

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:0c:12:5a:e6:54:d0:06:96:f3:a6:1b
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/07/2019, 08:29

Not After

31/08/2020, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e2:b0:41:42:fc:96:4d:16:d4:ff:fa:03:a3:2f:b9:50:c4:d2:7e:9a
Signer

Actual PE Digest

e2:b0:41:42:fc:96:4d:16:d4:ff:fa:03:a3:2f:b9:50:c4:d2:7e:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
GetDesktopWindow

kernel32

GetLastError
ExitThread
Sleep
CreateProcessA
SetCurrentDirectoryA
ExitProcess
OpenEventA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
GetCurrentProcess
SetEvent
CloseHandle
TerminateProcess
GetSystemTimeAsFileTime

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__getmainargs
exit
_cexit
_XcptFilter
_exit
_c_exit
_open
_read
_lseek
_close
_except_handler3
strncmp
_stricmp
malloc
free
__initenv

advapi32

SetServiceStatus
RegCloseKey
RegQueryValueExA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegOpenKeyExA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PROGRAMFILES/RF_L/tc_un.exe
.exe windows:5 windows x86 arch:x86

08c0077874ae93219c1a93284cd374d6

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c5:c2:e3:6f:03:4f:70:2f:d5:74:43:c8:ad:bf:4a:76:d0:78:15:91:7d:71:13:af:ff:e1:bc:38:83:69:c8:92
Signer

Actual PE Digest

c5:c2:e3:6f:03:4f:70:2f:d5:74:43:c8:ad:bf:4a:76:d0:78:15:91:7d:71:13:af:ff:e1:bc:38:83:69:c8:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapReAlloc
ExitProcess
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
GetStdHandle
GetSystemTimeAsFileTime
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
SetErrorMode
GetOEMCP
GetCPInfo
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
FileTimeToSystemTime
GetThreadLocale
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
MulDiv
LoadLibraryA
GlobalUnlock
FreeResource
GlobalFree
WritePrivateProfileStringA
GlobalAddAtomA
GetCurrentProcessId
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
GlobalLock
GlobalAlloc
lstrcpyA
DeleteFileA
LocalFree
OutputDebugStringA
CreateToolhelp32Snapshot
FindNextFileA
GetModuleFileNameA
Process32Next
SetFileAttributesA
RemoveDirectoryA
GetLongPathNameA
MultiByteToWideChar
lstrcatA
GetModuleFileNameW
TerminateProcess
GetExitCodeProcess
OpenProcess
FormatMessageA
GetProcessHeap
GetTickCount
Process32First
HeapFree
HeapAlloc
FreeLibrary
MoveFileExA
lstrlenA
lstrcmpA
CloseHandle
GetCurrentDirectoryA
GetModuleHandleA
LockResource
FindClose
CopyFileA
GetProcAddress
GetLastError
FindFirstFileA
SetCurrentDirectoryA
CreateDirectoryA
SizeofResource
Sleep
WideCharToMultiByte
GetWindowsDirectoryA
GetModuleHandleW
GetCurrentProcess
LoadResource
GetConsoleCP
FindResourceA

user32

UnregisterClassA
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
CharUpperA
LoadCursorA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
UnhookWindowsHookEx
GetSysColor
EndPaint
BeginPaint
GetWindowDC
FindWindowA
EnableWindow
SendMessageW
GetSystemMetrics
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextLengthA
GetWindowTextA
SetFocus
GetMenuItemID
GetMenuItemCount
GetSubMenu
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
DestroyMenu
RegisterClipboardFormatA
PostThreadMessageA
GetNextDlgTabItem
EndDialog
AdjustWindowRectEx
DispatchMessageA
PostMessageA
PeekMessageA
TranslateMessage
SendMessageA
GetClientRect
DrawIcon
wsprintfA
LoadIconA
LoadStringA
IsIconic
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
SetCursor
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetWindowThreadProcessId
SetWindowPos
MapDialogRect
SetWindowContextHelpId
GetWindow
ValidateRect
GetCursorPos
GetKeyState
IsWindowVisible
GetActiveWindow
GetMessageA
SetWindowsHookExA
CallNextHookEx

gdi32

GetMapMode
GetRgnBox
GetTextColor
GetBkColor
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateBitmap
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateRectRgnIndirect
Escape

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CryptEncrypt
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
CryptHashData
CryptDestroyHash
CryptDecrypt
ControlService
CryptDestroyKey
OpenSCManagerA
QueryServiceStatusEx
CryptCreateHash
OpenProcessToken
RegDeleteValueA
RegOpenKeyExA
CryptAcquireContextA
RegEnumKeyExA
CryptReleaseContext
EnumDependentServicesA
CryptDeriveKey
CloseServiceHandle
OpenServiceA
CryptGetHashParam
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyA
LookupPrivilegeValueA
RegQueryValueExA

shell32

ShellExecuteExA
SHFileOperationA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFolderPathA
ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

StrStrIA
SHDeleteValueA
SHDeleteKeyA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CLSIDFromString
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysAllocStringLen

ws2_32

WSASetLastError
WSACleanup
WSAStartup

psapi

GetModuleFileNameExA

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/RF_L/vcomp90.dll
.dll windows:5 windows x86 arch:x86

718f76580a1c6ed142d2ebb3755ae79c

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:d4:15:78:c9:81:b4:eb:0d:d8:f1:c4:3b:84:f5:f2:86:e4:83:bc
Signer

Actual PE Digest

38:d4:15:78:c9:81:b4:eb:0d:d8:f1:c4:3b:84:f5:f2:86:e4:83:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

vcomp90.i386.pdb

Imports

kernel32

TlsGetValue
FormatMessageW
OutputDebugStringW
GetConsoleWindow
GetConsoleScreenBufferInfo
WriteConsoleW
WideCharToMultiByte
WriteFile
GetLastError
LocalFree
GetStdHandle
ExitProcess
HeapFree
GetProcessHeap
TlsSetValue
Sleep
UnhandledExceptionFilter
GetTickCount
HeapAlloc
CreateEventW
CloseHandle
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateSemaphoreW
ReleaseSemaphore
GetCurrentThreadId
TryEnterCriticalSection
QueryPerformanceCounter
TlsAlloc
TlsFree
GetSystemInfo
QueryPerformanceFrequency
GetSystemTimeAdjustment
GetEnvironmentVariableW
lstrlenW
lstrcmpiW
GetStringTypeExW
SleepEx
SwitchToThread
QueueUserAPC
CreateThread
QueueUserWorkItem
GetFileAttributesW
GetUserDefaultUILanguage
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
LoadResource
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
RtlUnwind

user32

MessageBoxW

Exports

Exports

_vcomp_atomic_add_i1
_vcomp_atomic_add_i2
_vcomp_atomic_add_i4
_vcomp_atomic_add_i8
_vcomp_atomic_add_r4
_vcomp_atomic_add_r8
_vcomp_atomic_and_i1
_vcomp_atomic_and_i2
_vcomp_atomic_and_i4
_vcomp_atomic_and_i8
_vcomp_atomic_div_i1
_vcomp_atomic_div_i2
_vcomp_atomic_div_i4
_vcomp_atomic_div_i8
_vcomp_atomic_div_r4
_vcomp_atomic_div_r8
_vcomp_atomic_div_ui1
_vcomp_atomic_div_ui2
_vcomp_atomic_div_ui4
_vcomp_atomic_div_ui8
_vcomp_atomic_mul_i1
_vcomp_atomic_mul_i2
_vcomp_atomic_mul_i4
_vcomp_atomic_mul_i8
_vcomp_atomic_mul_r4
_vcomp_atomic_mul_r8
_vcomp_atomic_or_i1
_vcomp_atomic_or_i2
_vcomp_atomic_or_i4
_vcomp_atomic_or_i8
_vcomp_atomic_shl_i1
_vcomp_atomic_shl_i2
_vcomp_atomic_shl_i4
_vcomp_atomic_shl_i8
_vcomp_atomic_shr_i1
_vcomp_atomic_shr_i2
_vcomp_atomic_shr_i4
_vcomp_atomic_shr_i8
_vcomp_atomic_shr_ui1
_vcomp_atomic_shr_ui2
_vcomp_atomic_shr_ui4
_vcomp_atomic_shr_ui8
_vcomp_atomic_sub_i1
_vcomp_atomic_sub_i2
_vcomp_atomic_sub_i4
_vcomp_atomic_sub_i8
_vcomp_atomic_sub_r4
_vcomp_atomic_sub_r8
_vcomp_atomic_xor_i1
_vcomp_atomic_xor_i2
_vcomp_atomic_xor_i4
_vcomp_atomic_xor_i8
_vcomp_barrier
_vcomp_copyprivate_broadcast
_vcomp_copyprivate_receive
_vcomp_enter_critsect
_vcomp_flush
_vcomp_for_dynamic_init
_vcomp_for_dynamic_init_i8
_vcomp_for_dynamic_next
_vcomp_for_dynamic_next_i8
_vcomp_for_static_end
_vcomp_for_static_init
_vcomp_for_static_init_i8
_vcomp_for_static_simple_init
_vcomp_for_static_simple_init_i8
_vcomp_fork
_vcomp_get_thread_num
_vcomp_leave_critsect
_vcomp_master_barrier
_vcomp_master_begin
_vcomp_master_end
_vcomp_ordered_begin
_vcomp_ordered_end
_vcomp_ordered_loop_end
_vcomp_reduction_i1
_vcomp_reduction_i2
_vcomp_reduction_i4
_vcomp_reduction_i8
_vcomp_reduction_r4
_vcomp_reduction_r8
_vcomp_reduction_u1
_vcomp_reduction_u2
_vcomp_reduction_u4
_vcomp_reduction_u8
_vcomp_sections_init
_vcomp_sections_next
_vcomp_set_num_threads
_vcomp_single_begin
_vcomp_single_end
omp_destroy_lock
omp_destroy_nest_lock
omp_get_dynamic
omp_get_max_threads
omp_get_nested
omp_get_num_procs
omp_get_num_threads
omp_get_thread_num
omp_get_wtick
omp_get_wtime
omp_in_parallel
omp_init_lock
omp_init_nest_lock
omp_set_dynamic
omp_set_lock
omp_set_nest_lock
omp_set_nested
omp_set_num_threads
omp_test_lock
omp_test_nest_lock
omp_unset_lock
omp_unset_nest_lock

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/MFC90KOR.dll
.dll windows:5 windows x64 arch:x64

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:07:36:12:8d:84:42:03:14:63:09:e6:29:fd:cc:18:2d:7c:a6:43
Signer

Actual PE Digest

fa:07:36:12:8d:84:42:03:14:63:09:e6:29:fd:cc:18:2d:7c:a6:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/Microsoft.VC90.CRT.manifest
.xml
$PROGRAMFILES64/RF_L/Microsoft.VC90.MFC.manifest
.xml
$PROGRAMFILES64/RF_L/Microsoft.VC90.MFCLOC.manifest
$PROGRAMFILES64/RF_L/RF.exe
.exe windows:5 windows x64 arch:x64

a3b19ddc20838d387fb492354a9899e3

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8a:22:f0:c5:32:8c:71:df:6d:e5:43:7c:9e:e2:73:34:16:fc:11:d5:a8:ab:26:b6:99:09:dd:8b:42:22:74:71
Signer

Actual PE Digest

8a:22:f0:c5:32:8c:71:df:6d:e5:43:7c:9e:e2:73:34:16:fc:11:d5:a8:ab:26:b6:99:09:dd:8b:42:22:74:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

tccr

WriteWhiteFile
ReadWhiteFile

mfc90

ord6428
ord262
ord5448
ord3338
ord4207
ord3940
ord4423
ord2719
ord3852
ord2328
ord5993
ord2944
ord3487
ord3777
ord4202
ord5647
ord2222
ord393
ord3137
ord2068
ord642
ord3169
ord5834
ord5833
ord5991
ord5988
ord5951
ord6111
ord4087
ord1975
ord578
ord772
ord6132
ord3851
ord5681
ord6194
ord1080
ord2433
ord6095
ord2218
ord1426
ord3966
ord2432
ord5731
ord2722
ord5609
ord1840
ord2139
ord4340
ord1689
ord1624
ord3397
ord3245
ord568
ord759
ord750
ord4133
ord5832
ord1213
ord1132
ord386
ord640
ord1520
ord1963
ord6131
ord4027
ord1039
ord3379
ord541
ord735
ord6334
ord559
ord3257
ord570
ord761
ord923
ord919
ord306
ord2809
ord3666
ord4497
ord4213
ord2012
ord3486
ord3517
ord4336
ord1581
ord4196
ord1517
ord1977
ord2533
ord2970
ord602
ord3253
ord2136
ord3686
ord1019
ord569
ord760
ord1993
ord3191
ord6436
ord4216
ord2436
ord4649
ord2516
ord600
ord336
ord3525
ord1584
ord6091
ord611
ord3261
ord3577
ord6249
ord4183
ord1962
ord4206
ord5407
ord5779
ord5225
ord2870
ord1919
ord1820
ord920
ord6419
ord4179
ord5562
ord5828
ord745
ord3391
ord1623
ord332
ord5758
ord3422
ord1188
ord2785
ord3170
ord1524
ord1220
ord1186
ord6413
ord1457
ord3515
ord601
ord1143
ord337
ord4586
ord3020
ord2907
ord3774
ord771
ord577
ord3418
ord5684
ord5333
ord5350
ord4677
ord4041
ord5346
ord5344
ord3002
ord1966
ord3923
ord5499
ord6348
ord5220
ord1023
ord3897
ord5701
ord2065
ord2110
ord4429
ord2411
ord3892
ord6409
ord4112
ord4136
ord320
ord1060
ord2303
ord6101
ord1071
ord3921
ord921
ord301
ord5555
ord4861
ord3464
ord643
ord1472
ord4024
ord2344
ord2336
ord394
ord5608
ord5578
ord588
ord886
ord790
ord296
ord6169
ord5899
ord797
ord1016
ord5577
ord3380
ord736
ord542
ord6366
ord1938
ord3529
ord266
ord2437
ord3312
ord1428
ord6397
ord1979
ord1518
ord4197
ord2138
ord1605
ord4339
ord670
ord3576
ord798
ord2592
ord5729
ord6187
ord5726
ord6181
ord4261
ord6184
ord6008
ord5845
ord5765
ord5641
ord5706
ord5532
ord5519
ord6047
ord5837
ord3263
ord3371
ord2320
ord5760
ord5849
ord6164
ord513
ord5759
ord4222
ord4099
ord3775
ord3069
ord3297
ord583
ord774
ord3287
ord2137
ord1678
ord1592
ord3133
ord6041
ord1434
ord4338
ord5272
ord5334
ord4363
ord655
ord3561
ord1516
ord6247
ord3006
ord305
ord1523
ord300
ord1314
ord2001
ord4198
ord2141
ord3327
ord2860
ord3435
ord6273
ord2230
ord1103
ord1339
ord2435
ord2953
ord5864
ord3886
ord310
ord1215
ord1219
ord3433
ord3742
ord4926
ord265
ord314
ord795
ord2973
ord4095
ord877
ord4350
ord4391
ord5783
ord5482
ord1528
ord4266
ord4856
ord4979
ord5767
ord5479
ord1468
ord938
ord3242
ord328
ord1578
ord597
ord5755
ord1310
ord355
ord614
ord512
ord722
ord1949
ord1110
ord3386
ord4689
ord778
ord617
ord362
ord3265
ord4364
ord4591
ord4042
ord2709
ord779
ord4224
ord6219
ord6414
ord6192
ord4456
ord5323
ord316
ord2380
ord888
ord1149
ord1616
ord259
ord6417
ord1209
ord5437
ord728
ord755
ord3402
ord4342
ord1627
ord2142
ord3376
ord1617
ord1686
ord632
ord598
ord671
ord3246
ord4334
ord1579
ord2133
ord3313
ord3278
ord3036
ord1839
ord2185
ord5564
ord2849
ord429
ord1471
ord5440
ord2974
ord5222
ord641
ord5207
ord6407
ord392
ord589
ord3293
ord3243
ord776
ord1311
ord1980
ord3732
ord5302
ord4313
ord4846
ord5003
ord2067
ord1714
ord1713
ord1585
ord3131
ord6038
ord1662
ord1659
ord4039
ord1433
ord4346
ord1954
ord5191
ord6406
ord4285
ord3488
ord4833
ord4384
ord1636
ord6086
ord5355
ord5353
ord936
ord941
ord945
ord943
ord947
ord2455
ord2475
ord2459
ord2465
ord2463
ord2461
ord2478
ord2473
ord2457
ord2480
ord2468
ord2450
ord2452
ord2470
ord2233
ord2226
ord1556
ord6410
ord3893
ord6408
ord1665
ord2327
ord2331
ord1018
ord5537
ord5556
ord3430
ord5083
ord6012
ord3011
ord1393
ord5295
ord2010
ord1699
ord1698
ord1635
ord5320
ord2602
ord2797
ord2904
ord4410
ord2780
ord2932
ord2605
ord2711
ord2598
ord3809
ord3810
ord3800
ord321
ord1111
ord1195
ord925
ord592
ord1239
ord1237

msvcr90

qsort
strncpy
memcmp
fclose
atoi
fgets
fopen
_localtime64
_time64
_mbsrchr
_mbstok
_purecall
_beginthreadex
__C_specific_handler
_strdup
realloc
malloc
sprintf
memset
strcpy
calloc
_recalloc
free
_mbscmp
__CxxFrameHandler3
strlen
fseek
strftime
_localtime64_s
strrchr
strcat
fflush
fputs
_splitpath
_mktime64
strchr
strcmp
memcpy_s
memmove_s
_atoi64
fopen_s
fwrite
_access
strstr
_gmtime64_s
rand
vsprintf
swscanf
wcslen
wcscmp
memmove
strcspn
strspn
_mkdir
toupper
_itoa
_wcsicmp
isalpha
strcpy_s
vsprintf_s
_CxxThrowException
_mbsnbcpy
isdigit
sqrt
feof
_strupr
__argv
_strnicmp
_strlwr
_strnset
_setmbcp
__argc
getenv
atol
_stricmp
srand
fputws
fgetws
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
memcpy
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
strtoul
_stat64i32

kernel32

CompareStringA
GetDiskFreeSpaceExA
GetExitCodeProcess
TerminateProcess
DeviceIoControl
GetCurrentProcessId
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrcpyW
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
GetFileSize
GetLocalTime
DuplicateHandle
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentDirectoryA
lstrcmpiA
SystemTimeToFileTime
lstrcpyA
LocalFileTimeToFileTime
lstrcmpA
SetFilePointer
IsBadReadPtr
CreateFileW
WriteFile
SetFileTime
VirtualAlloc
ReadFile
GlobalAlloc
GlobalFree
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
SetFileAttributesA
lstrlenA
GetTickCount
GetSystemDirectoryA
GetFileAttributesExA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CreateProcessA
CopyFileW
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
CopyFileA
CreateDirectoryA
Sleep
GetQueuedCompletionStatus
ReadDirectoryChangesW
GetCurrentThread
GetThreadPriority
SetThreadPriority
PostQueuedCompletionStatus
GetFileAttributesA
SetLastError
VirtualFree
GlobalMemoryStatusEx
LocalAlloc
FormatMessageA
LocalFree
FileTimeToLocalFileTime
GetModuleHandleW
WaitForMultipleObjects
CreateDirectoryW
CreateFileA
CreateIoCompletionPort
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
ResetEvent
CreateEventA
SetEvent
CloseHandle
WaitForSingleObject
GetUserDefaultLangID
lstrlenW
WideCharToMultiByte
GetLastError
RaiseException
GetModuleHandleA
LoadLibraryA
FreeLibrary
GetVersionExA
MultiByteToWideChar
SetCurrentDirectoryA
GetProcAddress
GetSystemTimeAsFileTime
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoA
GetFileSizeEx
VerLanguageNameA
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameW
GetLongPathNameA
CompareFileTime
GetDateFormatA
GetTimeFormatA
MoveFileA
SetSystemTime
CreateThread
TerminateThread
GlobalAddAtomA
ExitProcess
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
OutputDebugStringA
GetDriveTypeA
QueryDosDeviceA
SetLocalTime
Module32First
Module32Next
GetTimeZoneInformation
GetComputerNameExA
SetPriorityClass
GetComputerNameA
SetUnhandledExceptionFilter
GetSystemInfo
CreateMutexA
ReleaseMutex
MoveFileExA
GetTempPathA
GetModuleFileNameA
RemoveDirectoryA
GetCurrentThreadId
GetSystemTime
GlobalLock
GlobalUnlock
ReadProcessMemory
CreateToolhelp32Snapshot
Process32First
Process32Next
GetWindowsDirectoryA
GetProcessTimes

user32

DrawEdge
keybd_event
SendInput
OpenDesktopA
GetMenuItemCount
GetMenuStringA
SetWindowPos
DeleteMenu
UnregisterHotKey
GetThreadDesktop
OpenInputDesktop
CreateDesktopA
SetThreadDesktop
CloseDesktop
EnumDesktopWindows
EnumWindows
GetClassNameA
CopyIcon
SetSystemCursor
DestroyCursor
CopyImage
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetActiveWindow
GetKeyNameTextA
GetKeyboardState
ToAscii
BringWindowToTop
RegisterWindowMessageA
RegisterHotKey
RegisterDeviceNotificationA
CreateIconIndirect
LoadMenuA
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
WindowFromPoint
ClientToScreen
GetCapture
GetClassInfoA
LoadBitmapA
LoadCursorA
SetClassLongPtrA
GetWindowThreadProcessId
GetWindow
CallWindowProcA
GetScrollInfo
SetWindowLongPtrA
ReleaseCapture
SetCapture
ReleaseDC
GetDC
IsRectEmpty
FillRect
OffsetRect
OpenClipboard
EmptyClipboard
CloseClipboard
GetTopWindow
GetWindowLongA
MapDialogRect
GetIconInfo
SetForegroundWindow
GetSystemMenu
EnableMenuItem
DestroyIcon
IsWindowEnabled
IsWindowVisible
GetDesktopWindow
EnumChildWindows
LoadStringW
RedrawWindow
GetCursorPos
GetSysColor
IsZoomed
CopyRect
GetWindowTextA
SetRect
FindWindowA
FindWindowExA
SendMessageTimeoutA
MessageBoxA
wsprintfA
SystemParametersInfoA
LoadStringA
UpdateWindow
SetParent
GetFocus
SetScrollPos
DrawIconEx
LoadIconA
GetWindowDC
InflateRect
MoveWindow
GetWindowLongPtrA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBeep
GetMessageA
PostThreadMessageA
CreateWindowExA
DefWindowProcA
RegisterClassA
DestroyWindow
IsWindow
GetParent
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ScreenToClient
InsertMenuA
CreatePopupMenu
InvalidateRect
GetWindowRect
PtInRect
SendMessageA
GetClientRect
PostMessageA
AnimateWindow
KillTimer
SetTimer
SetWindowRgn
GetSystemMetrics
GetKeyState
LoadImageA
EnableWindow

gdi32

DeleteDC
DPtoLP
SetMapMode
GetMapMode
GetDeviceCaps
GetTextMetricsA
CreatePatternBrush
SetDIBits
GetTextExtentPoint32A
CreateDCA
GetTextColor
GetBkColor
Rectangle
SelectObject
CreateSolidBrush
CreateFontIndirectA
GetStockObject
CreateFontA
BitBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
DeleteObject
GetDIBits
RoundRect
CreateRoundRectRgn
StretchBlt
CreateCompatibleDC
GetObjectA
SetStretchBltMode

advapi32

ChangeServiceConfigA
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
AllocateAndInitializeSid
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CreateServiceA
CreateProcessWithLogonW
GetNamedSecurityInfoA
ConvertStringSidToSidA
SetEntriesInAclA
SetNamedSecurityInfoA
GetUserNameA
DeleteService
GetTokenInformation
CryptAcquireContextW
EnumDependentServicesA
CryptDestroyKey
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
LookupAccountSidA
AddAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetSecurityDescriptorControl
SetFileSecurityA
LookupAccountNameA
AddAccessDeniedAce
AddAccessAllowedAce
ControlService
RegDeleteValueA
CryptGenKey
OpenServiceA
RegDeleteKeyA
RegOpenKeyA
CryptAcquireContextA
CryptCreateHash
CryptHashData
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
StartServiceA
QueryServiceStatusEx
CloseServiceHandle
OpenSCManagerA
RegEnumValueA
RegRestoreKeyA
RegCreateKeyExA
RegSaveKeyA
RegCreateKeyA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptDuplicateHash

shell32

SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteExA
SHFileOperationA
SHGetDiskFreeSpaceExA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathMatchSpecA
SHDeleteKeyA
SHCopyKeyA
SHDeleteValueA
StrStrIA

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoInitialize
StringFromGUID2
CoCreateGuid

oleaut32

SafeArrayGetLBound
VariantClear
SafeArrayGetUBound
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
SafeArrayGetElement
VariantInit

wsock32

htonl
bind
select
recvfrom
sendto
gethostname
WSAStartup
socket
ioctlsocket
gethostbyaddr
gethostbyname
htons
connect
recv
send
closesocket
WSACleanup
inet_ntoa
WSAGetLastError
getpeername
inet_addr
getsockname

wininet

HttpSendRequestA
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetQueryDataAvailable
InternetReadFile
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
HttpOpenRequestA

msvcp90

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAD_K@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@_K0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KAEBV12@_K@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2_KB
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@_K0AEBV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KD_K@Z

mpr

WNetGetConnectionA
WNetOpenEnumA
WNetEnumResourceA
WNetDisconnectDialog1A
WNetCloseEnum
WNetGetUniversalNameA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses
GetProcessMemoryInfo
GetModuleFileNameExA

setupapi

CM_Get_Device_IDA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsA
CM_Get_Parent
CM_Get_DevNode_Status
SetupDiGetDeviceInstanceIdA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

netapi32

NetApiBufferFree
NetFileEnum
NetUseAdd
NetGetJoinInformation
NetWkstaTransportEnum
NetShareDel
NetShareEnum
NetUseDel
NetConnectionEnum

imm32

ImmGetConversionStatus
ImmGetContext
ImmSetConversionStatus

activeds

ord3

iphlpapi

GetIpAddrTable
GetIpNetTable
GetAdaptersInfo
SendARP

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

userenv

CreateEnvironmentBlock

crypt32

CertFreeCertificateChain
CertStrToNameW
CertCreateSelfSignCertificate
CryptFindCertificateKeyProvInfo
CertGetNameStringA
CertVerifyTimeValidity
CertGetCertificateChain
CertCloseStore
CertFreeCertificateContext
CertVerifyRevocation

secur32

FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
InitializeSecurityContextA
ApplyControlToken
AcceptSecurityContext
DecryptMessage
QueryContextAttributesA
EncryptMessage
AcquireCredentialsHandleA
GetUserNameExA

pdh

PdhAddCounterA
PdhOpenQueryA
PdhEnumObjectItemsA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhGetCounterInfoA
PdhMakeCounterPathA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/TCCr.dll
.dll windows:5 windows x64 arch:x64

b24cf8ea2e3d35033861e3df73bec6af

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:7b:55:2f:91:65:f6:8e:51:01:59:99:88:c8:22:d5:17:dc:7e:34:27:0a:0c:e6:dc:7d:81:c9:06:60:3f:80
Signer

Actual PE Digest

70:7b:55:2f:91:65:f6:8e:51:01:59:99:88:c8:22:d5:17:dc:7e:34:27:0a:0c:e6:dc:7d:81:c9:06:60:3f:80

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mfc90

ord4183
ord919
ord877
ord1962
ord1516
ord5647
ord4027
ord6247
ord778
ord569
ord760
ord2380
ord1060
ord320
ord5609
ord1213
ord923
ord771
ord4136
ord4112
ord6409
ord3892
ord6407
ord4429
ord2110
ord2065
ord5701
ord3897
ord1023
ord4095
ord6348
ord5499
ord3923
ord1966
ord3002
ord5346
ord2303
ord4041
ord4677
ord5350
ord5333
ord5684
ord3921
ord2602
ord2797
ord2904
ord4410
ord2780
ord2907
ord2605
ord2711
ord2598
ord3809
ord3810
ord3800
ord2709
ord4042
ord4586
ord4363
ord3418
ord577
ord3774
ord3006
ord5220
ord5681
ord305
ord1523
ord310
ord5556
ord1018
ord300
ord314
ord795
ord888
ord2973
ord316
ord798
ord5344
ord589
ord921
ord592
ord1239
ord1963
ord1205
ord1203
ord1229
ord1146
ord1195
ord379
ord1118
ord1238
ord1236
ord1111
ord1052
ord1103
ord321
ord779

msvcr90

strlen
__clean_type_info_names_internal
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
??2@YAPEAX_K@Z
feof
fgets
strstr
strchr
strncpy
fopen
fwrite
fclose
memset
strcpy
__CxxFrameHandler3
atoi

kernel32

LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
LocalAlloc
GetModuleFileNameW
WideCharToMultiByte
GetLongPathNameA
CreateDirectoryA
DeleteFileA
GetCurrentProcess

user32

SendMessageA

advapi32

RegQueryValueExA
RegEnumValueA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shlwapi

StrStrIA

Exports

Exports

ReadWhiteFile
ReadWhiteFile2
WriteWhiteFile
WriteWhiteFile2

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 354B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/TC_AD.DLL
.dll windows:5 windows x64 arch:x64

2f1896d46f95d14d9a6c18c45b52a07f

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

95:0d:be:58:b8:9a:55:98:cb:67:2d:f3:ec:36:e7:aa:75:61:fd:73:e0:98:60:de:dc:1d:f7:62:fd:f4:11:db
Signer

Actual PE Digest

95:0d:be:58:b8:9a:55:98:cb:67:2d:f3:ec:36:e7:aa:75:61:fd:73:e0:98:60:de:dc:1d:f7:62:fd:f4:11:db

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

TlsFree
FreeLibrary
SetEvent
InitializeCriticalSection
GetWindowsDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
FindFirstFileExW
FindFirstFileExA
FindFirstFileW
FindFirstFileA
FindNextFileW
WriteConsoleA
WriteConsoleW
GetThreadContext
SetThreadContext
LoadLibraryW
WriteFile
SetFilePointer
CopyFileExW
CopyFileExA
MoveFileExA
CopyFileW
CopyFileA
MoveFileW
MoveFileA
MoveFileExW
MoveFileWithProgressW
MoveFileWithProgressA
SuspendThread
TerminateProcess
OpenThread
OpenProcess
DeleteFileW
ReplaceFileW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
DuplicateHandle
GetCurrentThreadId
Thread32First
VirtualAlloc
LocalAlloc
VirtualFreeEx
FindClose
FindNextFileA
VirtualQuery
GetEnvironmentVariableA
lstrcatA
GetShortPathNameA
CreateThread
CreateEventA
GetExitCodeThread
OutputDebugStringA
CompareFileTime
DeleteCriticalSection
ReadProcessMemory
CreateDirectoryA
GetVersion
SystemTimeToFileTime
GetLocalTime
TlsSetValue
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
GetLongPathNameA
GetUserDefaultLangID
TlsAlloc
FlushFileBuffers
GetTempPathA
SetEndOfFile
VirtualFree
VirtualProtect
GetEnvironmentVariableW
VirtualProtectEx
VirtualQueryEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetConsoleOutputCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
HeapSetInformation
GetTimeZoneInformation
LCMapStringW
LCMapStringA
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
FlsSetValue
GetFileAttributesA
RtlUnwindEx
GetModuleFileNameW
FlushInstructionCache
GetCurrentThread
GlobalFree
DeleteFileA
GetCommandLineA
GetProcessTimes
GetCommandLineW
GetModuleFileNameA
lstrlenW
GetModuleHandleW
MulDiv
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
ExitProcess
ExitThread
LoadLibraryA
GetCurrentProcess
GetCurrentDirectoryA
GetFileSize
ReadFile
SetLastError
GetDriveTypeA
QueryDosDeviceA
CreateFileA
DeviceIoControl
TerminateThread
WaitForSingleObject
GetExitCodeProcess
CreateFileW
GetModuleHandleA
GetProcAddress
FormatMessageA
RtlLookupFunctionEntry
RtlPcToFileHeader
RaiseException
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessA
CreateProcessW
ResumeThread
Module32Next
Module32NextW
Thread32Next
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
lstrlenA
lstrcpyA
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesExA
GetLastError
GetTickCount
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
IsBadReadPtr

user32

DrawTextA
FillRect
GetDesktopWindow
GetFocus
EnumDisplaySettingsW
UnhookWinEvent
LoadImageA
GetActiveWindow
GetWindowTextA
GetWindowPlacement
FindWindowExA
MessageBoxA
FindWindowA
PostMessageA
GetCursorPos
WindowFromPoint
LoadStringA
EnumWindows
EnumChildWindows
SendMessageTimeoutA
GetClassNameA
IsWindow
PostMessageW
EnableWindow
GetWindowTextW
SetWindowTextW
SetWindowTextA
SendMessageA
SendMessageW
GetDC
GetDCEx
GetWindowDC
ReleaseDC
ShowWindow
MoveWindow
ExitWindowsEx
IsWindowVisible
GetWindowRect
GetParent
GetWindowThreadProcessId
DispatchMessageA
GetWindowLongPtrA
SendInput
MapVirtualKeyA
keybd_event
GetForegroundWindow
GetTopWindow
GetWindow
SetWinEventHook
MsgWaitForMultipleObjects
OpenClipboard
EmptyClipboard
CloseClipboard
PeekMessageA
TranslateMessage

advapi32

LogonUserW
RegEnumValueW
RegOpenKeyExW
LogonUserA
CreateProcessAsUserW
RegCreateKeyExW
RegSetValueW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
InitiateSystemShutdownW
InitiateSystemShutdownExW
RegCloseKey
RegEnumValueA
RegOpenKeyA
RegEnumKeyExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptDeriveKey
RegSaveKeyA
RegQueryValueExA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegFlushKey

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA
SHGetPathFromIDListA
CommandLineToArgvW
SHGetDesktopFolder
SHGetFolderPathA
DragQueryFileW
SHFileOperationW
SHFileOperationA

shlwapi

StrStrIA
StrStrA
SHDeleteValueA
StrStrIW
SHDeleteValueW
SHDeleteKeyW

ws2_32

inet_ntoa
ntohs
WSASendTo
sendto
WSASend
send
ntohl
htons
bind
WSAConnect
connect
WSARecv
WSARecvFrom
recvfrom
recv
socket
gethostbyname
closesocket
inet_addr
WSAStartup
htonl
getsockopt
getpeername

iphlpapi

GetAdaptersInfo

winspool.drv

SetJobA
FindFirstPrinterChangeNotification
EnumPrintersA
OpenPrinterW
StartDocPrinterW
FindNextPrinterChangeNotification
EnumJobsA
EndDocPrinter
ClosePrinter
StartPagePrinter

gdi32

EndPage
StartPage
EndDoc
StartDocW
StretchDIBits
CreateCompatibleDC
CreateDCA
CreateDCW
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetStockObject
CreateFontA
SetTextAlign
SetTextColor
SetBkMode
GetTextExtentPoint32A
TextOutA
BitBlt
StretchBlt
DeleteObject
GetObjectA

mpr

WNetGetUniversalNameA
WNetGetConnectionA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

setupapi

CM_Get_Device_IDA
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
CM_Get_Parent
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

Exports

Exports

FDrv
TC_OL_M_B
TC_OL_M_F
isUSB

Sections

.text
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TCSHARE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/TC_AU.exe
.exe windows:5 windows x64 arch:x64

e50b2f0cbd567d5faef34fd41de172b6

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:dc:96:69:f7:70:0b:56:9c:9e:03:03:06:fa:30:75:f8:39:0e:76:05:8e:78:4f:45:10:60:2e:61:fc:59:7d
Signer

Actual PE Digest

4f:dc:96:69:f7:70:0b:56:9c:9e:03:03:06:fa:30:75:f8:39:0e:76:05:8e:78:4f:45:10:60:2e:61:fc:59:7d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wininet

InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile
HttpQueryInfoA
FtpFindFirstFileA
FtpOpenFileA
HttpSendRequestA
HttpOpenRequestA

kernel32

LeaveCriticalSection
TlsGetValue
EnterCriticalSection
InitializeCriticalSection
TlsAlloc
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetCPInfo
GetOEMCP
SetErrorMode
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
ExitProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
SetEnvironmentVariableA
SetCurrentDirectoryA
GetDriveTypeA
GetCommandLineA
GetStartupInfoA
HeapReAlloc
LocalAlloc
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapQueryInformation
HeapSize
GetACP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
GlobalFlags
GetCurrentDirectoryA
WritePrivateProfileStringA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetFileTime
GetFileSizeEx
GetFileAttributesA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
FreeResource
GlobalFree
GlobalUnlock
MulDiv
lstrlenA
SetLastError
GlobalAddAtomA
MultiByteToWideChar
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
GlobalLock
lstrcmpA
GlobalAlloc
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
SetFilePointer
WriteFile
SetEndOfFile
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
GetFileAttributesExA
GetFileSize
ReadFile
FreeLibrary
GetModuleHandleW
FindNextFileA
CreateThread
CreateDirectoryA
DeleteFileA
OpenProcess
GetExitCodeProcess
TerminateProcess
LoadResource
LockResource
SizeofResource
FindResourceA
CreateToolhelp32Snapshot
Process32First
Process32Next
SetUnhandledExceptionFilter
GetModuleFileNameA
CopyFileA
CreateMutexA
ReleaseMutex
LoadLibraryA
CreateFileA
GetCurrentThreadId
CloseHandle
FindFirstFileA
FindClose
GetCurrentProcessId
GetModuleHandleA
GetProcAddress
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
GetTickCount
Sleep
FormatMessageA
LocalFree
GetModuleFileNameW
WideCharToMultiByte
GetLongPathNameA
GetCurrentProcess
VirtualProtect

user32

GetSysColorBrush
CharUpperA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
ReleaseDC
GetDC
CopyRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
UnhookWindowsHookEx
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
UnregisterClassA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
FindWindowExA
GetWindowThreadProcessId
PostThreadMessageA
PostQuitMessage
SetTimer
KillTimer
IsIconic
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
GetSystemMetrics
LoadIconA
EnableWindow
FindWindowA
PostMessageA
LoadCursorA
CallWindowProcA
GetClassLongA

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
GetDeviceCaps
CreateBitmap
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
GetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
GetUserNameA
RegCreateKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA

shlwapi

StrStrIA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleInitialize
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoRevokeClassObject
OleIsCurrentClipboard
StgOpenStorageOnILockBytes
OleUninitialize
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
SysAllocString
VariantInit
VariantChangeType
SysAllocStringByteLen
SysFreeString
SysStringLen

wsock32

WSAStartup
WSACleanup
closesocket
accept
socket
select
gethostbyname
htonl
htons
ioctlsocket
bind
WSAGetLastError
WSASetLastError
connect
sendto
recvfrom
WSAAsyncSelect
recv
send
shutdown
listen
inet_ntoa

psapi

EnumProcesses
GetModuleFileNameExA

ws2_32

WSAIoctl

Sections

.text
Size: 405KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/TC_EZH64.dll
.dll windows:6 windows x64 arch:x64

7c733a77800d92600b3d036b64da29bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\easyhook\Build\netfx3.5-Release\x64\EasyHook64.pdb

Imports

psapi

EnumProcessModules
GetModuleInformation

kernel32

TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
LoadLibraryW
GetCurrentProcessId
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
GetModuleHandleW
GetModuleHandleA
CloseHandle
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetThreadContext
SetThreadContext
WaitForSingleObject
OpenProcess
Thread32First
ReadProcessMemory
Thread32Next
VirtualAllocEx
OpenThread
TlsAlloc
CreateToolhelp32Snapshot
DuplicateHandle
WriteProcessMemory
SuspendThread
ResumeThread
TlsGetValue
CreateProcessW
CreateRemoteThread
TlsSetValue
WideCharToMultiByte
TerminateProcess
lstrlenW
SetLastError
GetExitCodeThread
Module32FirstW
WaitForMultipleObjects
Module32NextW
FatalAppExitW
GetModuleFileNameW
CreateFileW
HeapAlloc
HeapFree
IsBadReadPtr
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
GetVersionExW
RtlPcToFileHeader
SetStdHandle
OutputDebugStringW
LoadLibraryA
HeapCreate
HeapDestroy
FreeLibrary
WriteConsoleW
SetEndOfFile
CreateEventW
LCMapStringW
EncodePointer
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
RtlUnwindEx
GetStdHandle
GetFileType
GetStartupInfoW
GetProcessHeap
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
HeapReAlloc
LoadLibraryExW
ReadFile
ReadConsoleW
GetStringTypeW

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
OpenProcessToken

ole32

CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

?GetRemoteModuleExportDirectory@@YAHPEAXPEAUHINSTANCE__@@PEAU_IMAGE_EXPORT_DIRECTORY@@U_IMAGE_DOS_HEADER@@U_IMAGE_NT_HEADERS64@@@Z
DbgAttachDebugger
DbgDetachDebugger
DbgGetProcessIdByHandle
DbgGetThreadIdByHandle
DbgHandleToObjectName
DbgIsAvailable
DbgIsEnabled
GacCreateContext
GacInstallAssembly
GacReleaseContext
GacUninstallAssembly
HookCompleteInjection
LhBarrierBeginStackTrace
LhBarrierCallStackTrace
LhBarrierEndStackTrace
LhBarrierGetAddressOfReturnAddress
LhBarrierGetCallback
LhBarrierGetCallingModule
LhBarrierGetReturnAddress
LhBarrierPointerToModule
LhEnumModules
LhGetHookBypassAddress
LhInstallHook
LhIsThreadIntercepted
LhSetExclusiveACL
LhSetGlobalExclusiveACL
LhSetGlobalInclusiveACL
LhSetInclusiveACL
LhUninstallAllHooks
LhUninstallHook
LhUpdateModuleInformation
LhWaitForPendingRemovals
ReleaseTestFuncHookResults
RhCreateAndInject
RhCreateStealthRemoteThread
RhGetProcessToken
RhInjectLibrary
RhInstallDriver
RhInstallSupportDriver
RhIsAdministrator
RhIsX64Process
RhIsX64System
RhWakeUpProcess
RtlCreateSuspendedProcess
RtlGetLastError
RtlGetLastErrorString
RtlGetLastErrorStringCopy
RtlInstallService
TestFuncHooks

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/TC_MH.dll
.dll windows:5 windows x64 arch:x64

150cac589af04cad086469f1d61a1e5e

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9d:a1:79:2c:9e:a8:3d:9c:43:63:2a:eb:5a:28:0d:d2:65:3e:da:37:e0:48:bf:50:00:84:9c:60:e6:b8:2c:76
Signer

Actual PE Digest

9d:a1:79:2c:9e:a8:3d:9c:43:63:2a:eb:5a:28:0d:d2:65:3e:da:37:e0:48:bf:50:00:84:9c:60:e6:b8:2c:76

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThread
GetThreadContext
VirtualQuery
GetCurrentProcess
GetModuleHandleW
VirtualFree
InitializeCriticalSection
Sleep
LeaveCriticalSection
SetThreadPriority
FlushInstructionCache
GetProcAddress
VirtualAlloc
EnterCriticalSection
VirtualProtectEx
OpenThread
GetSystemInfo
GetThreadPriority
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
SuspendThread
ResumeThread
WriteConsoleW
GetFileType
GetStdHandle
DebugBreak
GetModuleFileNameW
GetLastError
HeapFree
HeapAlloc
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ExitProcess
LoadLibraryW
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwindEx
HeapSetInformation
HeapCreate
HeapDestroy
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
MultiByteToWideChar
SetFilePointer
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CreateFileA

Exports

Exports

CallMe
KillMe

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 219KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/TC_Menu.dll
.dll regsvr32 windows:5 windows x64 arch:x64

ea4802dc18b6db8901d240a1948d9b28

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:0c:12:5a:e6:54:d0:06:96:f3:a6:1b
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/07/2019, 08:29

Not After

31/08/2020, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:76:24:bd:75:3f:d2:a8:f9:0c:61:f7:94:aa:eb:b3:75:67:98:25
Signer

Actual PE Digest

30:76:24:bd:75:3f:d2:a8:f9:0c:61:f7:94:aa:eb:b3:75:67:98:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GetProcAddress
IsDBCSLeadByte
DisableThreadLibraryCalls
DeleteCriticalSection
RaiseException
GetVersion
GetModuleHandleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExA
GlobalLock
lstrcpynA
lstrcpynW
GetProcessId
GetTickCount
InitializeCriticalSectionAndSpinCount
LoadLibraryA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetLastError
lstrlenW
MultiByteToWideChar
GetModuleFileNameA
lstrlenA
GlobalUnlock
GetModuleHandleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
HeapAlloc
HeapFree
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
ExitProcess
WriteFile
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
SetHandleCount

user32

CharNextW
LoadBitmapA
SetMenuItemBitmaps
InsertMenuA
CharNextA

advapi32

RegOpenKeyA
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA

shell32

ShellExecuteExA
DragQueryFileA

ole32

ReleaseStgMedium
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2

oleaut32

SysStringLen
VarUI4FromStr
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
RegisterTypeLi
SysFreeString

shlwapi

SHDeleteValueA
StrStrIA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/TC_OL.dll
.dll regsvr32 windows:5 windows x64 arch:x64

5c8c7671e14175da9fbe5f6eb9b78b90

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

28:95:ec:4c:00:20:d4:11:9a:2f:a8:92:90:61:1e:f2:1e:8b:8d:c1:79:98:c0:a6:9a:2a:3b:68:5b:42:8f:17
Signer

Actual PE Digest

28:95:ec:4c:00:20:d4:11:9a:2f:a8:92:90:61:1e:f2:1e:8b:8d:c1:79:98:c0:a6:9a:2a:3b:68:5b:42:8f:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
DisableThreadLibraryCalls
RaiseException
EnterCriticalSection
GetModuleHandleW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GetLastError
GetModuleHandleA
DeleteCriticalSection
GetProcAddress
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
HeapFree
GetProcessHeap
RtlPcToFileHeader
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlLookupFunctionEntry
RtlUnwindEx
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapSetInformation
HeapCreate
HeapDestroy
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapReAlloc
HeapSize
Sleep
ExitProcess
WriteFile
GetStdHandle
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter

user32

CharNextW
CharNextA

advapi32

RegSetValueExA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance

oleaut32

DispCallFunc
VariantClear
LoadRegTypeLi
VariantCopy
VariantInit
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
VarUI4FromStr
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/TC_Patch.exe
.exe windows:5 windows x64 arch:x64

dc7b3c356562dd1411e0f67bd03bccfc

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

86:8d:f4:02:44:8b:5c:ce:f5:2d:7e:11:95:64:8b:9f:e7:66:e3:3a:e2:17:3a:d5:30:ef:54:1e:04:69:ba:7a
Signer

Actual PE Digest

86:8d:f4:02:44:8b:5c:ce:f5:2d:7e:11:95:64:8b:9f:e7:66:e3:3a:e2:17:3a:d5:30:ef:54:1e:04:69:ba:7a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetExitCodeProcess
TerminateProcess
ReadFile
GetModuleFileNameW
CreateDirectoryA
FindFirstFileA
GetLastError
Sleep
CopyFileA
FindClose
Process32Next
FindNextFileA
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcessId
WideCharToMultiByte
OpenProcess
GetTickCount
GetFileAttributesExA
Process32First
GetCurrentProcess
GetFileSize
GetLongPathNameA
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
HeapFree
GetModuleHandleW
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapAlloc
HeapReAlloc
SetEndOfFile
GetProcessHeap
GetFileAttributesA

advapi32

AdjustTokenPrivileges
RegOpenKeyA
LookupPrivilegeValueA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA

shlwapi

StrStrIA

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/TC_RA.exe
.exe windows:5 windows x64 arch:x64

6dcf82277c09197e434b84094643c7d7

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b8:bb:38:6b:1e:37:bf:91:5b:63:46:e9:20:43:ff:04:2a:45:21:cb:f8:8a:5e:b5:23:44:ae:a7:f4:f4:d6:0e
Signer

Actual PE Digest

b8:bb:38:6b:1e:37:bf:91:5b:63:46:e9:20:43:ff:04:2a:45:21:cb:f8:8a:5e:b5:23:44:ae:a7:f4:f4:d6:0e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
Sleep
GetCurrentThreadId

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

shell32

ShellExecuteExA

msvcr90

_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
__C_specific_handler
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
__getmainargs
_amsg_exit
__argc
_time64
fclose
_localtime64
fwrite
fopen
__argv
vsprintf
sprintf
_initterm_e
_access

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/TC_Sign.exe
.exe windows:5 windows x64 arch:x64

a8b50d6e1d07dc01c07f159c55ab4200

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a9:c8:01:1b:bb:6a:29:86:2d:44:d7:4b:50:9f:42:a6:3b:be:d4:51:a2:d0:86:87:cd:c4:ba:91:d5:d4:e1:4f
Signer

Actual PE Digest

a9:c8:01:1b:bb:6a:29:86:2d:44:d7:4b:50:9f:42:a6:3b:be:d4:51:a2:d0:86:87:cd:c4:ba:91:d5:d4:e1:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
HeapReAlloc
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
ExitProcess
HeapQueryInformation
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetTimeZoneInformation
GetFileAttributesA
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
FreeResource
WritePrivateProfileStringA
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
lstrcmpA
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv
SetLastError
LocalFree
GetCurrentProcessId
CloseHandle
CreateToolhelp32Snapshot
GetModuleHandleA
Process32Next
LoadLibraryA
FindClose
VirtualAllocEx
GetLongPathNameA
GetProcAddress
GetLastError
FindFirstFileA
CreateDirectoryA
MultiByteToWideChar
GetModuleFileNameW
TerminateProcess
GetExitCodeProcess
ReadProcessMemory
Sleep
VirtualFreeEx
OpenProcess
GetTickCount
GetModuleHandleW
Process32First
GetCurrentProcess
lstrlenA
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
GetACP
FindResourceA

user32

UnregisterClassA
LoadCursorA
GetSysColorBrush
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
GetWindowPlacement
GetWindowRect
GetWindow
SystemParametersInfoA
DestroyMenu
CopyRect
UnhookWindowsHookEx
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
GetWindowThreadProcessId
FindWindowA
EnableWindow
GetSystemMetrics
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
SetForegroundWindow
PostMessageA
IsWindow
AppendMenuA
SendMessageTimeoutA
SendMessageA
GetClientRect
DrawIcon
LoadIconA
KillTimer
IsIconic
SetTimer
GetSystemMenu
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
CheckMenuItem
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem

gdi32

GetStockObject
Escape
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetDeviceCaps
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
SelectObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
OpenProcessToken
GetNamedSecurityInfoA
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyA
LookupPrivilegeValueA
RegQueryValueExA
SetNamedSecurityInfoA
SetEntriesInAclA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

psapi

GetModuleFileNameExA

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/TCxEZH64.dll
.dll windows:5 windows x64 arch:x64

6a79dd269a02f2b5ad1bf65203190de2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\codeplex\svn\easyhook\branches\release-2.7\Build\netfx4-Release\x64\EasyHook64.pdb

Imports

psapi

EnumProcessModules
GetModuleInformation

kernel32

TlsFree
GetCurrentThreadId
VirtualFree
VirtualAlloc
GetSystemInfo
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleFileNameA
LoadLibraryW
GetCurrentProcessId
GetFullPathNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
GetModuleHandleA
CloseHandle
GetThreadContext
SetThreadContext
WaitForSingleObject
OpenProcess
Thread32First
ReadProcessMemory
Thread32Next
VirtualAllocEx
OpenThread
CreateEventW
TlsAlloc
DuplicateHandle
WriteProcessMemory
SuspendThread
ResumeThread
TlsGetValue
CreateProcessW
CreateRemoteThread
TlsSetValue
TerminateProcess
SetLastError
GetExitCodeThread
WaitForMultipleObjects
FatalAppExitW
GetModuleFileNameW
CreateFileW
HeapAlloc
HeapFree
IsBadReadPtr
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
DeleteCriticalSection
GetModuleHandleW
GetVersionExW
LoadLibraryA
HeapCreate
HeapDestroy
FreeLibrary
CreateToolhelp32Snapshot
FlsSetValue
GetCommandLineA
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
RtlUnwindEx
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
ExitProcess
FlsGetValue
FlsFree
FlsAlloc
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
ReadFile
HeapReAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
HeapSize

advapi32

StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
OpenProcessToken

Exports

Exports

DbgAttachDebugger
DbgDetachDebugger
DbgGetProcessIdByHandle
DbgGetThreadIdByHandle
DbgHandleToObjectName
DbgIsAvailable
DbgIsEnabled
GacCreateContext
GacInstallAssembly
GacReleaseContext
GacUninstallAssembly
HookCompleteInjection
LhBarrierBeginStackTrace
LhBarrierCallStackTrace
LhBarrierEndStackTrace
LhBarrierGetAddressOfReturnAddress
LhBarrierGetCallback
LhBarrierGetCallingModule
LhBarrierGetReturnAddress
LhBarrierPointerToModule
LhEnumModules
LhInstallHook
LhIsThreadIntercepted
LhSetExclusiveACL
LhSetGlobalExclusiveACL
LhSetGlobalInclusiveACL
LhSetInclusiveACL
LhUninstallAllHooks
LhUninstallHook
LhUpdateModuleInformation
LhWaitForPendingRemovals
RhCreateAndInject
RhCreateStealthRemoteThread
RhGetProcessToken
RhInjectLibrary
RhInstallDriver
RhInstallSupportDriver
RhIsAdministrator
RhIsX64Process
RhIsX64System
RhWakeUpProcess
RtlCreateSuspendedProcess
RtlGetLastError
RtlGetLastErrorString
RtlInstallService

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/mfc90.dll
.dll windows:5 windows x64 arch:x64

895ac7d0656b32c43268aca09a55c876

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:5b:ed:01:32:ff:c7:55:6a:1f:55:27:e0:d9:ac:bd:68:32:84:4d
Signer

Actual PE Digest

29:5b:ed:01:32:ff:c7:55:6a:1f:55:27:e0:d9:ac:bd:68:32:84:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mfc90.amd64.pdb

Imports

kernel32

CopyFileA
GetUserDefaultLCID
IsDBCSLeadByte
GetVersion
GetTickCount
LoadLibraryExA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetSystemTime
lstrcpyA
lstrcpyW
lstrlenW
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetErrorMode
GetCurrentThread
EnumResourceLanguagesA
ConvertDefaultLocale
GetLocaleInfoA
SuspendThread
ResumeThread
SetThreadPriority
SetEvent
FindNextFileA
FormatMessageA
SearchPathA
GetTempPathA
LocalUnlock
LocalLock
GetTempFileNameA
GetDiskFreeSpaceA
GlobalFlags
RaiseException
FindResourceExA
VirtualProtect
GetProfileIntA
MulDiv
GetCurrentProcessId
GetCurrentThreadId
GlobalAddAtomA
CompareStringA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
lstrcmpW
WaitForMultipleObjects
CreateEventA
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
WaitForSingleObject
TlsSetValue
LocalReAlloc
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GlobalHandle
TlsFree
InitializeCriticalSection
TlsAlloc
LocalFree
LocalAlloc
GetModuleFileNameW
GetModuleHandleA
FreeLibrary
GetOEMCP
GetCPInfo
SetFileTime
GetLastError
SetFileAttributesA
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalAlloc
GlobalSize
GlobalLock
GetShortPathNameA
GetModuleFileNameA
GetStringTypeExA
GetThreadLocale
lstrcmpiA
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
MultiByteToWideChar
GetProcAddress
LoadLibraryA
DeleteFileA
MoveFileA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
lstrcmpA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrlenA
GlobalGetAtomNameA
GetAtomNameA
SetLastError
GetModuleHandleW
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA

msvcr90

_strlwr_s
__CxxFrameHandler3
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
wcscspn
wcsspn
iswspace
_wcsrev
_mbscoll
wcspbrk
_wcsicoll
wcsstr
_wcsupr_s
_wcslwr_s
vswprintf_s
_mbsicoll
_mbsrev
wcscoll
memmove
_vscwprintf
wcschr
memcpy
_mbslwr_s
_itoa_s
wcsrchr
wcsncpy_s
_ultoa_s
_CxxThrowException
_ltoa_s
_ismbcdigit
ceil
_snwprintf_s
wcscpy_s
_mbsnbcmp
_mbsupr_s
_mbsstr
_mbsnbicmp
__argv
__argc
_beginthreadex
_endthreadex
_fullpath
atol
_ismbcspace
_mbsdec
_strdup
_mbscspn
_mbspbrk
_expand
atoi
_recalloc
_mbsrchr
_mbsicmp
strtod
strtoul
strtol
_resetstkoflw
_wcsicmp
wcscmp
_makepath_s
_splitpath_s
wcsnlen
_vsnprintf_s
_snscanf_s
labs
abs
_ismbblead
calloc
_msize
strcat_s
_mbschr
_snprintf_s
_errno
strncpy_s
_mbscmp
_localtime64_s
_mktime64
realloc
fclose
fflush
ftell
fseek
fgets
fputs
fwrite
clearerr_s
ferror
feof
fread
__doserrno
_fdopen
_open_osfhandle
_fileno
_get_osfhandle
_mbsinc
strcpy_s
wcslen
_vscprintf
vsprintf_s
abort
free
malloc
memcmp
memset
strnlen
strlen
memmove_s
memcpy_s
sprintf_s
_mbsnbcpy_s
_purecall
_mbsspn

user32

MapVirtualKeyA
GetKeyNameTextA
LoadBitmapA
DrawFocusRect
FillRect
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GetMenuStringA
GetMenuItemInfoA
GetSysColorBrush
SetWindowTextA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
ModifyMenuA
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
SetWindowRgn
DrawIcon
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassA
ShowOwnedPopups
InsertMenuA
RegisterClipboardFormatA
SendNotifyMessageA
CopyAcceleratorTableA
InSendMessage
PostThreadMessageA
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextA
InvalidateRgn
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
OemToCharBuffA
CharToOemBuffA
DeleteMenu
GetSystemMenu
IsRectEmpty
SetParent
IsZoomed
ReleaseDC
GetDC
SetRect
SetTimer
KillTimer
InflateRect
RedrawWindow
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
TranslateMessage
GetMessageA
ClientToScreen
WindowFromPoint
SetCapture
WaitMessage
GetCursorPos
LoadCursorA
GetMenuBarInfo
UnionRect
InsertMenuItemA
CreatePopupMenu
InvalidateRect
ReuseDDElParam
UnpackDDElParam
DestroyMenu
LoadMenuA
GetActiveWindow
GetWindowThreadProcessId
ShowWindow
IsWindowEnabled
GetDesktopWindow
SetCursor
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
EnableWindow
LoadIconA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
DispatchMessageA
PeekMessageA
PtInRect
SetFocus
SetActiveWindow
GetFocus
AdjustWindowRectEx
DeferWindowPos
EqualRect
ScreenToClient
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
ScrollWindow
IsWindowVisible
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetParent
GetCapture
WinHelpA
RegisterClassA
GetClassInfoA
GetMenuItemID
GetSubMenu
GetMenuItemCount
TrackPopupMenu
SetWindowPlacement
GetDlgItem
GetWindowTextA
GetWindowTextLengthA
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
SetPropA
GetWindowLongPtrA
GetClassNameA
GetClassLongPtrA
GetClassInfoExA
GetClassLongA
CallNextHookEx
RemovePropA
SetWindowLongPtrA
CallWindowProcA
GetPropA
DefWindowProcA
SetMenu
GetMenu
GetMessagePos
GetMessageTime
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
SendMessageA
IsWindow
GetWindow
SetWindowPos
GrayStringA
DrawTextExA
DrawTextA
GetTabbedTextExtentA
GetDCEx
LockWindowUpdate
BringWindowToTop
AppendMenuA
SetWindowLongA
GetWindowLongA
RegisterWindowMessageA
IntersectRect
OffsetRect
SystemParametersInfoA
GetWindowRect
GetWindowPlacement
IsIconic
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetSystemMetrics
CharUpperA
TrackPopupMenuEx

gdi32

GetClipBox
OffsetRgn
SetBrushOrgEx
GetRgnBox
CreateMetaFileA
CopyMetaFileA
LPtoDP
Ellipse
CreateEllipticRgn
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
DPtoLP
SetRectRgn
CombineRgn
GetMapMode
GetPixel
CreateDIBPatternBrushPt
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
EnumMetaFile
PlayMetaFile
PlayMetaFileRecord
GetObjectType
ExtSelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocA
EnumFontFamiliesExA
CreateDCA
BitBlt
CreateRectRgnIndirect
PatBlt
UnrealizeObject
Rectangle
CreatePen
CreatePatternBrush
CreateBitmap
TextOutA
DeleteMetaFile
CloseMetaFile
RectVisible
PtVisible
IntersectClipRect
SetWindowOrgEx
GetWindowOrgEx
GetViewportOrgEx
GetDeviceCaps
Escape
ExtTextOutA
MoveToEx
GetTextExtentPointA
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetViewportExtEx
GetWindowExtEx
CreateFontIndirectA
GetTextFaceA
GetTextColor
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
RestoreDC
SaveDC
GetStockObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteObject
GetCharWidthA
CreateFontA
DeleteDC
StretchDIBits
SelectObject
GetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkColor
GetObjectA

shlwapi

UrlUnescapeA
PathRemoveExtensionA
PathFindExtensionA
PathRemoveFileSpecW
PathStripToRootA
PathIsUNCA
PathFindFileNameA

Sections

.text
Size: 1020KB - Virtual size: 1020KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/mfcm90.dll
.dll windows:5 windows x64 arch:x64

b31cdce4e2ca62ad92f16401d90c7808

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFCM90.amd64.pdb

Imports

msvcr90

?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_unlock
__CppXcptFilter
_lock
_onexit
_purecall
__C_specific_handler
_amsg_exit
_decode_pointer
_encoded_null
free
__FrameUnwindFilter
_cexit
??_V@YAXPEAX@Z
_initterm_e
_initterm
_malloc_crt
_encode_pointer
__CxxFrameHandler3
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
__dllonexit

mfc90

ord3997
ord6070
ord5689
ord2784
ord4212
ord4215
ord4000
ord3850
ord2718
ord5920
ord4223
ord6191
ord6218
ord4086
ord2217
ord5949
ord5950
ord2200
ord1343
ord1351
ord5432
ord1770
ord3773
ord379
ord1203
ord1118
ord1103
ord1996
ord1651
ord1652
ord2602
ord2797
ord2904
ord4410
ord2780
ord2919
ord2605
ord2711
ord2598
ord3020
ord3809
ord3810
ord3800
ord2709
ord888
ord589
ord274
ord797
ord4042
ord4586
ord4363
ord3251
ord6073
ord1213
ord6193
ord2028
ord1187
ord2105
ord1658
ord3196
ord3484
ord1330
ord699
ord462
ord3681
ord5321
ord3166
ord3785
ord5334
ord5294
ord1949
ord344
ord4375
ord1655
ord4700
ord1635
ord5097
ord4281
ord1110
ord1109
ord587

kernel32

Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter

msvcm90

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXPE$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6AJPEAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@PE$AAVException@3@@Z

user32

GetWindow
CopyRect
GetClientRect
SendMessageA
PostMessageA
SetWindowPos

mscoree

_CorDllMain

Exports

Exports

AfxmReleaseManagedReferences

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 462B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/msvcm90.dll
.dll windows:5 windows x64 arch:x64

009188bdfd096960bdccff3d7f8e9ca1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msvcm90.amd64.pdb

Imports

msvcr90

__clean_type_info_names_internal
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__setusermatherr
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
?_query_new_handler@@YAP6AH_K@ZXZ
signal
_invalid_parameter
_errno
_set_invalid_parameter_handler
_get_invalid_parameter_handler
?set_terminate@@YAP6AXXZP6AXXZ@Z
_get_terminate
_set_purecall_handler
_get_purecall_handler
?set_unexpected@@YAP6AXXZP6AXXZ@Z
_get_unexpected
_fpieee_flt
_cexit
strcpy_s
strlen
_exit
_XcptFilter
_endthread
_getptd
_freefls
__fls_setvalue
__fls_getvalue
__get_flsindex
__set_flsgetvalue
_dosmaperr
_initptd
__C_specific_handler
_endthreadex
memcpy_s
memcmp
memmove_s
memset
??_V@YAXPEAX@Z
___mb_cur_max_func
_invalid_parameter_noinfo
_invoke_watson
_CxxThrowException
??2@YAPEAX_K@Z
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
abort
fgetc
fputc
ungetc
fflush
setvbuf
fwrite
fgetpos
fseek
fsetpos
fclose
__iob_func
fgetwc
fputwc
ungetwc
realloc
setlocale
sprintf_s
memcpy
___lc_handle_func
__crtGetStringTypeW
__pctype_func
___mb_cur_max_l_func
___lc_codepage_func
__crtLCMapStringW
__crtLCMapStringA
_wfsopen
mbstowcs_s
__uncaught_exception
isupper
islower
towlower
towupper
strcmp
__FrameUnwindFilter
??3@YAXPEAX@Z
_ui64toa_s
_create_locale
malloc
_free_locale
calloc
free

kernel32

ResumeThread
GetLastError
ExitThread
GetModuleHandleW
GetProcAddress
CreateThread
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId

ole32

CoCreateInstance

mscoree

CorBindToRuntimeEx
_CorDllMain

Exports

Exports

?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6AJPEAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXPE$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@PE$AAVException@3@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVException@System@@0@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF_func@std@@YAAEB_JXZ
?_Cerr_func@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@XZ
?_Cin_func@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@1@XZ
?_Clocptr_func@_Locimp@locale@std@@CAAEAPEAV123@XZ
?_Clog_func@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@XZ
?_Cout_func@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fpz_func@std@@YAAEA_JXZ
?_Getcvt@@YA?AU_Cvtvec@@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Id_cnt_func@id@locale@std@@CAAEAHXZ
?_Id_func@?$codecvt@GDH@std@@SAAEAVid@locale@2@XZ
?_Id_func@?$codecvt@_WDH@std@@SAAEAVid@locale@2@XZ
?_Id_func@?$ctype@D@std@@SAAEAVid@locale@2@XZ
?_Id_func@?$ctype@G@std@@SAAEAVid@locale@2@XZ
?_Id_func@?$ctype@_W@std@@SAAEAVid@locale@2@XZ
?_Index_func@ios_base@std@@CAAEAHXZ
?_Init@locale@std@@CAPEAV_Locimp@12@XZ
?_Init_cnt_func@Init@ios_base@std@@CAAEAHXZ
?_Init_ctor@Init@ios_base@std@@CAXPEAV123@@Z
?_Init_dtor@Init@ios_base@std@@CAXPEAV123@@Z
?_Init_locks_ctor@_Init_locks@std@@CAXPEAV12@@Z
?_Init_locks_dtor@_Init_locks@std@@CAXPEAV12@@Z
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Locimp_dtor@_Locimp@locale@std@@CAXPEAV123@@Z
?_Locinfo_Addcats@_Locinfo@std@@SAAEAV12@PEAV12@HPEBD@Z
?_Locinfo_ctor@_Locinfo@std@@SAXPEAV12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?_Locinfo_ctor@_Locinfo@std@@SAXPEAV12@HPEBD@Z
?_Locinfo_ctor@_Locinfo@std@@SAXPEAV12@PEBD@Z
?_Locinfo_dtor@_Locinfo@std@@SAXPEAV12@@Z
?_Lockit_ctor@_Lockit@std@@CAXPEAV12@@Z
?_Lockit_ctor@_Lockit@std@@CAXPEAV12@H@Z
?_Lockit_ctor@_Lockit@std@@SAXH@Z
?_Lockit_dtor@_Lockit@std@@CAXPEAV12@@Z
?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Mbrtowc@@YAHPEAGPEBD_KPEAHPEBU_Cvtvec@@@Z
?_Mbrtowc@@YAHPEA_WPEBD_KPEAHPEBU_Cvtvec@@@Z
?_Mtxdst@@YAXPEAU_RTL_CRITICAL_SECTION@@@Z
?_Mtxinit@@YAXPEAU_RTL_CRITICAL_SECTION@@@Z
?_Mtxlock@@YAXPEAU_RTL_CRITICAL_SECTION@@@Z
?_Mtxunlock@@YAXPEAU_RTL_CRITICAL_SECTION@@@Z
?_Mutex_Lock@_Mutex@std@@CAXPEAV12@@Z
?_Mutex_Unlock@_Mutex@std@@CAXPEAV12@@Z
?_Mutex_ctor@_Mutex@std@@CAXPEAV12@@Z
?_Mutex_dtor@_Mutex@std@@CAXPEAV12@@Z
?_Nomemory@std@@YAXXZ
?_Once@@YAXPEAJP6AXXZ@Z
?_Setgloballocale@locale@std@@CAXPEAX@Z
?_Sync_func@ios_base@std@@CAAEA_NXZ
?_Wcerr_func@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@XZ
?_Wcerr_func@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@XZ
?_Wcin_func@std@@YAAEAV?$basic_istream@GU?$char_traits@G@std@@@1@XZ
?_Wcin_func@std@@YAAEAV?$basic_istream@_WU?$char_traits@_W@std@@@1@XZ
?_Wclog_func@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@XZ
?_Wclog_func@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@XZ
?_Wcout_func@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@XZ
?_Wcout_func@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@XZ
?_Wcrtomb@@YAHPEADGPEAHPEBU_Cvtvec@@@Z
?_Wcrtomb@@YAHPEAD_WPEAHPEBU_Cvtvec@@@Z
?_Xinvarg@_String_base@std@@SAXXZ
?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ
?__Wcrtomb_lk@@YAHPEAD_WPEAHPEBU_Cvtvec@@@Z
?__get_default_appdomain@@YAJPEAPEAUIUnknown@@@Z
?__query_new_handler_m@@YAP6MH_K@ZXZ
?__release_appdomain@@YAXPEAUIUnknown@@@Z
?_beginthread@@YA_KP6MXPEAX@ZI0@Z
?_beginthreadex@@YA_KPEAXIP6MI0@Z0IPEAI@Z
?_fpieee_flt@@YAHKPEAU_EXCEPTION_POINTERS@@P6MHPEAU_FPIEEE_RECORD@@@Z@Z
?_set_invalid_parameter_handler@@YAP6AXPEB_W00I_K@ZH@Z
?_set_invalid_parameter_handler@@YAP6MXPEB_W00I_K@ZP6MX000I1@Z@Z
?_set_new_handler@@YAP6MH_K@ZP6MH0@Z@Z
?_set_purecall_handler@@YAP6AXXZH@Z
?_set_purecall_handler@@YAP6MXXZP6MXXZ@Z
?_uncaught_exception_m@std@@YA_NXZ
?classic@locale@std@@SAAEBV12@XZ
?empty@locale@std@@SA?AV12@XZ
?global@locale@std@@SA?AV12@AEBV12@@Z
?resetiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?set_new_handler@std@@YAP6MXXZP6MXXZ@Z
?set_terminate@@YAP6MXXZP6MXXZ@Z
?set_unexpected@@YAP6MXXZP6MXXZ@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?signal@@YAP6MXH@ZHH@Z
?signal@@YAP6MXH@ZHP6MXH@Z@Z
__setusermatherr_m
towctrans
wctrans
wctype

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/msvcp90.dll
.dll windows:5 windows x64 arch:x64

0710c2edb6d550175f0ccfb9bf56834a

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:64:01:3e:fd:c3:c6:26:72:93:86:09:80:7d:5b:e8:82:14:ca:dc
Signer

Actual PE Digest

df:64:01:3e:fd:c3:c6:26:72:93:86:09:80:7d:5b:e8:82:14:ca:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msvcp90.amd64.pdb

Imports

msvcr90

ungetc
fflush
setvbuf
fwrite
??0exception@std@@QEAA@XZ
_Getdays
_Getmonths
fgetpos
fseek
fsetpos
fclose
??0bad_cast@std@@QEAA@PEBD@Z
??1bad_cast@std@@UEAA@XZ
??0bad_cast@std@@QEAA@AEBV01@@Z
__iob_func
_wfsopen
mbstowcs_s
atan2
cos
exp
ldexp
log
pow
sin
sqrt
tan
atan2f
cosf
expf
logf
powf
sinf
sqrtf
tanf
fgetwc
fputwc
ungetwc
memcpy
_Strftime
strcspn
sprintf_s
abort
??0exception@std@@QEAA@AEBQEBDH@Z
_realloc_crt
fputc
_malloc_crt
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
fputs
__uncaught_exception
towlower
towupper
strcmp
_create_locale
_ui64toa_s
_free_locale
__pctype_func
_errno
___mb_cur_max_l_func
___lc_codepage_func
___lc_handle_func
__crtCompareStringA
___lc_collate_cp_func
__crtLCMapStringA
isupper
_calloc_crt
islower
__crtGetStringTypeW
__crtLCMapStringW
__crtCompareStringW
isspace
tolower
strtod
?terminate@@YAXXZ
__C_specific_handler
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_initterm
_initterm_e
_encoded_null
_amsg_exit
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__clean_type_info_names_internal
fgetc
__CxxFrameHandler3
??0exception@std@@QEAA@AEBV01@@Z
_CxxThrowException
??2@YAPEAX_K@Z
_invalid_parameter_noinfo
___mb_cur_max_func
??_V@YAXPEAX@Z
_Gettnames
localeconv
free
memset
memchr
strlen
memcmp
wcslen
memmove_s
memcpy_s
??3@YAXPEAX@Z
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
setlocale
??0exception@std@@QEAA@AEBQEBD@Z

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
GetLocaleInfoA
WideCharToMultiByte
MultiByteToWideChar
GetSystemTimeAsFileTime

Exports

Exports

??$?5DU?$char_traits@D@std@@@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@0@AEAV10@AEAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@0@AEAV10@PEAD@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@0@AEAV10@AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?5GU?$char_traits@G@std@@@std@@YAAEAV?$basic_istream@GU?$char_traits@G@std@@@0@AEAV10@AEAG@Z
??$?5GU?$char_traits@G@std@@@std@@YAAEAV?$basic_istream@GU?$char_traits@G@std@@@0@AEAV10@PEAG@Z
??$?5GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAEAV?$basic_istream@GU?$char_traits@G@std@@@0@AEAV10@AEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?5MDU?$char_traits@D@std@@@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@0@AEAV10@AEAV?$complex@M@0@@Z
??$?5MGU?$char_traits@G@std@@@std@@YAAEAV?$basic_istream@GU?$char_traits@G@std@@@0@AEAV10@AEAV?$complex@M@0@@Z
??$?5M_WU?$char_traits@_W@std@@@std@@YAAEAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AEAV10@AEAV?$complex@M@0@@Z
??$?5NDU?$char_traits@D@std@@@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@0@AEAV10@AEAV?$complex@N@0@@Z
??$?5NGU?$char_traits@G@std@@@std@@YAAEAV?$basic_istream@GU?$char_traits@G@std@@@0@AEAV10@AEAV?$complex@N@0@@Z
??$?5N_WU?$char_traits@_W@std@@@std@@YAAEAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AEAV10@AEAV?$complex@N@0@@Z
??$?5ODU?$char_traits@D@std@@@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@0@AEAV10@AEAV?$complex@O@0@@Z
??$?5OGU?$char_traits@G@std@@@std@@YAAEAV?$basic_istream@GU?$char_traits@G@std@@@0@AEAV10@AEAV?$complex@O@0@@Z
??$?5O_WU?$char_traits@_W@std@@@std@@YAAEAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AEAV10@AEAV?$complex@O@0@@Z
??$?5U?$char_traits@D@std@@@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@0@AEAV10@AEAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@0@AEAV10@AEAE@Z
??$?5U?$char_traits@D@std@@@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@0@AEAV10@PEAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@0@AEAV10@PEAE@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAEAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AEAV10@AEA_W@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAEAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AEAV10@PEA_W@Z
??$?5_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAEAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AEAV10@AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6GU?$char_traits@G@std@@@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@0@AEAV10@G@Z
??$?6GU?$char_traits@G@std@@@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@0@AEAV10@PEBG@Z
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@0@AEAV10@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?6MDU?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBV?$complex@M@0@@Z
??$?6MGU?$char_traits@G@std@@@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@0@AEAV10@AEBV?$complex@M@0@@Z
??$?6M_WU?$char_traits@_W@std@@@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AEAV10@AEBV?$complex@M@0@@Z
??$?6NDU?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBV?$complex@N@0@@Z
??$?6NGU?$char_traits@G@std@@@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@0@AEAV10@AEBV?$complex@N@0@@Z
??$?6N_WU?$char_traits@_W@std@@@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AEAV10@AEBV?$complex@N@0@@Z
??$?6ODU?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBV?$complex@O@0@@Z
??$?6OGU?$char_traits@G@std@@@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@0@AEAV10@AEBV?$complex@O@0@@Z
??$?6O_WU?$char_traits@_W@std@@@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AEAV10@AEBV?$complex@O@0@@Z
??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@C@Z
??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z
??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@E@Z
??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@PEBC@Z
??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@PEBD@Z
??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@PEBE@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AEAV10@PEB_W@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AEAV10@_W@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AEAV10@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPEBDAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PEBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPEBGAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8M@std@@YA_NAEBMAEBV?$complex@M@0@@Z
??$?8M@std@@YA_NAEBV?$complex@M@0@0@Z
??$?8M@std@@YA_NAEBV?$complex@M@0@AEBM@Z
??$?8N@std@@YA_NAEBNAEBV?$complex@N@0@@Z
??$?8N@std@@YA_NAEBV?$complex@N@0@0@Z
??$?8N@std@@YA_NAEBV?$complex@N@0@AEBN@Z
??$?8O@std@@YA_NAEBOAEBV?$complex@O@0@@Z
??$?8O@std@@YA_NAEBV?$complex@O@0@0@Z
??$?8O@std@@YA_NAEBV?$complex@O@0@AEBO@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PEB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPEB_WAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPEBDAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PEBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPEBGAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?9M@std@@YA_NAEBMAEBV?$complex@M@0@@Z
??$?9M@std@@YA_NAEBV?$complex@M@0@0@Z
??$?9M@std@@YA_NAEBV?$complex@M@0@AEBM@Z
??$?9N@std@@YA_NAEBNAEBV?$complex@N@0@@Z
??$?9N@std@@YA_NAEBV?$complex@N@0@0@Z
??$?9N@std@@YA_NAEBV?$complex@N@0@AEBN@Z
??$?9O@std@@YA_NAEBOAEBV?$complex@O@0@@Z
??$?9O@std@@YA_NAEBV?$complex@O@0@0@Z
??$?9O@std@@YA_NAEBV?$complex@O@0@AEBO@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PEB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPEB_WAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?DM@std@@YA?AV?$complex@M@0@AEBMAEBV10@@Z
??$?DM@std@@YA?AV?$complex@M@0@AEBV10@0@Z
??$?DM@std@@YA?AV?$complex@M@0@AEBV10@AEBM@Z
??$?DN@std@@YA?AV?$complex@N@0@AEBNAEBV10@@Z
??$?DN@std@@YA?AV?$complex@N@0@AEBV10@0@Z
??$?DN@std@@YA?AV?$complex@N@0@AEBV10@AEBN@Z
??$?DO@std@@YA?AV?$complex@O@0@AEBOAEBV10@@Z
??$?DO@std@@YA?AV?$complex@O@0@AEBV10@0@Z
??$?DO@std@@YA?AV?$complex@O@0@AEBV10@AEBO@Z
??$?GM@std@@YA?AV?$complex@M@0@AEBMAEBV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@AEBV10@0@Z
??$?GM@std@@YA?AV?$complex@M@0@AEBV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@AEBV10@AEBM@Z
??$?GN@std@@YA?AV?$complex@N@0@AEBNAEBV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@AEBV10@0@Z
??$?GN@std@@YA?AV?$complex@N@0@AEBV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@AEBV10@AEBN@Z
??$?GO@std@@YA?AV?$complex@O@0@AEBOAEBV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@AEBV10@0@Z
??$?GO@std@@YA?AV?$complex@O@0@AEBV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@AEBV10@AEBO@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@AEBV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@AEBV10@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@AEBV10@PEBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DAEBV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBDAEBV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@AEBV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@AEBV10@G@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@AEBV10@PEBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GAEBV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PEBGAEBV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@AEBMAEBV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@AEBV10@0@Z
??$?HM@std@@YA?AV?$complex@M@0@AEBV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@AEBV10@AEBM@Z
??$?HN@std@@YA?AV?$complex@N@0@AEBNAEBV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@AEBV10@0@Z
??$?HN@std@@YA?AV?$complex@N@0@AEBV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@AEBV10@AEBN@Z
??$?HO@std@@YA?AV?$complex@O@0@AEBOAEBV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@AEBV10@0@Z
??$?HO@std@@YA?AV?$complex@O@0@AEBV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@AEBV10@AEBO@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@PEB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PEB_WAEBV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_WAEBV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@AEBMAEBV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@AEBV10@0@Z
??$?KM@std@@YA?AV?$complex@M@0@AEBV10@AEBM@Z
??$?KN@std@@YA?AV?$complex@N@0@AEBNAEBV10@@Z
??$?KN@std@@YA?AV?$complex@N@0@AEBV10@0@Z
??$?KN@std@@YA?AV?$complex@N@0@AEBV10@AEBN@Z
??$?KO@std@@YA?AV?$complex@O@0@AEBOAEBV10@@Z
??$?KO@std@@YA?AV?$complex@O@0@AEBV10@0@Z
??$?KO@std@@YA?AV?$complex@O@0@AEBV10@AEBO@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPEBDAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PEBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPEBGAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PEB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPEB_WAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBD@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPEBDAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PEBG@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPEBGAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PEB_W@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPEB_WAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBD@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPEBDAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PEBG@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPEBGAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PEB_W@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPEB_WAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBD@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPEBDAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PEBG@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPEBGAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PEB_W@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPEB_WAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$_Fabs@M@std@@YAMAEBV?$complex@M@0@PEAH@Z
??$_Fabs@N@std@@YANAEBV?$complex@N@0@PEAH@Z
??$_Fabs@O@std@@YAOAEBV?$complex@O@0@PEAH@Z
??$abs@M@std@@YAMAEBV?$complex@M@0@@Z
??$abs@N@std@@YANAEBV?$complex@N@0@@Z
??$abs@O@std@@YAOAEBV?$complex@O@0@@Z
??$arg@M@std@@YAMAEBV?$complex@M@0@@Z
??$arg@N@std@@YANAEBV?$complex@N@0@@Z
??$arg@O@std@@YAOAEBV?$complex@O@0@@Z
??$conj@M@std@@YA?AV?$complex@M@0@AEBV10@@Z
??$conj@N@std@@YA?AV?$complex@N@0@AEBV10@@Z
??$conj@O@std@@YA?AV?$complex@O@0@AEBV10@@Z
??$cos@M@std@@YA?AV?$complex@M@0@AEBV10@@Z
??$cos@N@std@@YA?AV?$complex@N@0@AEBV10@@Z
??$cos@O@std@@YA?AV?$complex@O@0@AEBV10@@Z
??$cosh@M@std@@YA?AV?$complex@M@0@AEBV10@@Z
??$cosh@N@std@@YA?AV?$complex@N@0@AEBV10@@Z
??$cosh@O@std@@YA?AV?$complex@O@0@AEBV10@@Z
??$exp@M@std@@YA?AV?$complex@M@0@AEBV10@@Z
??$exp@N@std@@YA?AV?$complex@N@0@AEBV10@@Z
??$exp@O@std@@YA?AV?$complex@O@0@AEBV10@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@0@AEAV10@AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAEAV?$basic_istream@DU?$char_traits@D@std@@@0@AEAV10@AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAEAV?$basic_istream@GU?$char_traits@G@std@@@0@AEAV10@AEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAEAV?$basic_istream@GU?$char_traits@G@std@@@0@AEAV10@AEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@G@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAEAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AEAV10@AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAEAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AEAV10@AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_W@Z
??$imag@M@std@@YAMAEBV?$complex@M@0@@Z
??$imag@N@std@@YANAEBV?$complex@N@0@@Z
??$imag@O@std@@YAOAEBV?$complex@O@0@@Z
??$log10@M@std@@YA?AV?$complex@M@0@AEBV10@@Z
??$log10@N@std@@YA?AV?$complex@N@0@AEBV10@@Z
??$log10@O@std@@YA?AV?$complex@O@0@AEBV10@@Z
??$log@M@std@@YA?AV?$complex@M@0@AEBV10@@Z
??$log@N@std@@YA?AV?$complex@N@0@AEBV10@@Z
??$log@O@std@@YA?AV?$complex@O@0@AEBV10@@Z
??$norm@M@std@@YAMAEBV?$complex@M@0@@Z
??$norm@N@std@@YANAEBV?$complex@N@0@@Z
??$norm@O@std@@YAOAEBV?$complex@O@0@@Z
??$polar@M@std@@YA?AV?$complex@M@0@AEBM0@Z
??$polar@M@std@@YA?AV?$complex@M@0@AEBM@Z
??$polar@N@std@@YA?AV?$complex@N@0@AEBN0@Z
??$polar@N@std@@YA?AV?$complex@N@0@AEBN@Z
??$polar@O@std@@YA?AV?$complex@O@0@AEBO0@Z
??$polar@O@std@@YA?AV?$complex@O@0@AEBO@Z
??$pow@M@std@@YA?AV?$complex@M@0@AEBMAEBV10@@Z
??$pow@M@std@@YA?AV?$complex@M@0@AEBV10@0@Z
??$pow@M@std@@YA?AV?$complex@M@0@AEBV10@AEBM@Z
??$pow@M@std@@YA?AV?$complex@M@0@AEBV10@H@Z
??$pow@N@std@@YA?AV?$complex@N@0@AEBNAEBV10@@Z
??$pow@N@std@@YA?AV?$complex@N@0@AEBV10@0@Z
??$pow@N@std@@YA?AV?$complex@N@0@AEBV10@AEBN@Z
??$pow@N@std@@YA?AV?$complex@N@0@AEBV10@H@Z
??$pow@O@std@@YA?AV?$complex@O@0@AEBOAEBV10@@Z
??$pow@O@std@@YA?AV?$complex@O@0@AEBV10@0@Z
??$pow@O@std@@YA?AV?$complex@O@0@AEBV10@AEBO@Z
??$pow@O@std@@YA?AV?$complex@O@0@AEBV10@H@Z
??$real@M@std@@YAMAEBV?$complex@M@0@@Z
??$real@N@std@@YANAEBV?$complex@N@0@@Z
??$real@O@std@@YAOAEBV?$complex@O@0@@Z
??$sin@M@std@@YA?AV?$complex@M@0@AEBV10@@Z
??$sin@N@std@@YA?AV?$complex@N@0@AEBV10@@Z
??$sin@O@std@@YA?AV?$complex@O@0@AEBV10@@Z
??$sinh@M@std@@YA?AV?$complex@M@0@AEBV10@@Z
??$sinh@N@std@@YA?AV?$complex@N@0@AEBV10@@Z
??$sinh@O@std@@YA?AV?$complex@O@0@AEBV10@@Z
??$sqrt@M@std@@YA?AV?$complex@M@0@AEBV10@@Z
??$sqrt@N@std@@YA?AV?$complex@N@0@AEBV10@@Z
??$sqrt@O@std@@YA?AV?$complex@O@0@AEBV10@@Z
??$tan@M@std@@YA?AV?$complex@M@0@AEBV10@@Z
??$tan@N@std@@YA?AV?$complex@N@0@AEBV10@@Z
??$tan@O@std@@YA?AV?$complex@O@0@AEBV10@@Z
??$tanh@M@std@@YA?AV?$complex@M@0@AEBV10@@Z
??$tanh@N@std@@YA?AV?$complex@N@0@AEBV10@@Z
??$tanh@O@std@@YA?AV?$complex@O@0@AEBV10@@Z
??0?$_Complex_base@MU_C_float_complex@@@std@@QEAA@AEBM0@Z
??0?$_Complex_base@NU_C_double_complex@@@std@@QEAA@AEBN0@Z
??0?$_Complex_base@OU_C_ldouble_complex@@@std@@QEAA@AEBO0@Z
??0?$_Mpunct@D@std@@IEAA@PEBD_K_N2@Z
??0?$_Mpunct@D@std@@QEAA@AEBV_Locinfo@1@_K_N2@Z
??0?$_Mpunct@D@std@@QEAA@_K_N@Z
??0?$_Mpunct@G@std@@IEAA@PEBD_K_N2@Z
??0?$_Mpunct@G@std@@QEAA@AEBV_Locinfo@1@_K_N2@Z
??0?$_Mpunct@G@std@@QEAA@_K_N@Z
??0?$_Mpunct@_W@std@@IEAA@PEBD_K_N2@Z
??0?$_Mpunct@_W@std@@QEAA@AEBV_Locinfo@1@_K_N2@Z
??0?$_Mpunct@_W@std@@QEAA@_K_N@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IEAA@V?$allocator@D@1@@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@QEAA@AEBV01@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@IEAA@V?$allocator@G@1@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@QEAA@AEBV01@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IEAA@V?$allocator@_W@1@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@QEAA@AEBV01@@Z
??0?$allocator@D@std@@QEAA@AEBV01@@Z
??0?$allocator@D@std@@QEAA@XZ
??0?$allocator@G@std@@QEAA@AEBV01@@Z
??0?$allocator@G@std@@QEAA@XZ
??0?$allocator@X@std@@QEAA@AEBV01@@Z
??0?$allocator@X@std@@QEAA@XZ
??0?$allocator@_W@std@@QEAA@AEBV01@@Z
??0?$allocator@_W@std@@QEAA@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QEAA@PEAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QEAA@PEAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QEAA@PEAU_iobuf@@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QEAA@PEAU_iobuf@@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QEAA@PEBDHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QEAA@PEBGHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QEAA@PEB_WHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QEAA@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QEAA@PEAU_iobuf@@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QEAA@PEBDHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QEAA@PEBGHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QEAA@PEB_WHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QEAA@XZ
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAU_iobuf@@@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QEAA@PEBDHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QEAA@PEBGHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QEAA@PEB_WHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QEAA@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QEAA@PEAU_iobuf@@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QEAA@PEBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QEAA@PEBGHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QEAA@PEB_WHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QEAA@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QEAA@PEAU_iobuf@@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QEAA@PEBDHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QEAA@PEBGHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QEAA@PEB_WHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QEAA@XZ
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAU_iobuf@@@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QEAA@PEBDHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QEAA@PEBGHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QEAA@PEB_WHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@PEAU_iobuf@@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@PEBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@PEBGHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@PEB_WHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QEAA@PEAU_iobuf@@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QEAA@PEBDHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QEAA@PEBGHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QEAA@PEB_WHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QEAA@XZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAU_iobuf@@@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QEAA@PEBDHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QEAA@PEBGHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QEAA@PEB_WHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@_K1@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@_K1AEBV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBDAEBV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD_K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD_KAEBV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@_KD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@_KDAEBV?$allocator@D@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV01@_K1@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV01@_K1AEBV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBG0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBGAEBV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBG_K@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBG_KAEBV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@V?$_String_const_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@1@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@_KG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@_KGAEBV?$allocator@G@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@_K1@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@_K1AEBV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_WAEBV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W_K@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W_KAEBV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@_K_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@_K_WAEBV?$allocator@_W@1@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@H@Z
??0?$codecvt@DDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDH@std@@QEAA@_K@Z
??0?$codecvt@GDH@std@@IEAA@PEBD_K@Z
??0?$codecvt@GDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDH@std@@QEAA@_K@Z
??0?$codecvt@_WDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDH@std@@QEAA@_K@Z
??0?$collate@D@std@@IEAA@PEBD_K@Z
??0?$collate@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$collate@D@std@@QEAA@_K@Z
??0?$collate@G@std@@IEAA@PEBD_K@Z
??0?$collate@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$collate@G@std@@QEAA@_K@Z
??0?$collate@_W@std@@IEAA@PEBD_K@Z
??0?$collate@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$collate@_W@std@@QEAA@_K@Z
??0?$complex@M@std@@QEAA@AEBM0@Z
??0?$complex@M@std@@QEAA@AEBU_C_double_complex@@@Z
??0?$complex@M@std@@QEAA@AEBU_C_float_complex@@@Z
??0?$complex@M@std@@QEAA@AEBU_C_ldouble_complex@@@Z
??0?$complex@M@std@@QEAA@AEBV?$complex@N@1@@Z
??0?$complex@M@std@@QEAA@AEBV?$complex@O@1@@Z
??0?$complex@N@std@@QEAA@AEBN0@Z
??0?$complex@N@std@@QEAA@AEBU_C_double_complex@@@Z
??0?$complex@N@std@@QEAA@AEBU_C_ldouble_complex@@@Z
??0?$complex@N@std@@QEAA@AEBV?$complex@M@1@@Z
??0?$complex@N@std@@QEAA@AEBV?$complex@O@1@@Z
??0?$complex@O@std@@QEAA@AEBO0@Z
??0?$complex@O@std@@QEAA@AEBU_C_ldouble_complex@@@Z
??0?$complex@O@std@@QEAA@AEBV?$complex@M@1@@Z
??0?$complex@O@std@@QEAA@AEBV?$complex@N@1@@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@IEAA@PEBD_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$messages@D@std@@IEAA@PEBD_K@Z
??0?$messages@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$messages@D@std@@QEAA@_K@Z
??0?$messages@G@std@@IEAA@PEBD_K@Z
??0?$messages@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$messages@G@std@@QEAA@_K@Z
??0?$messages@_W@std@@IEAA@PEBD_K@Z
??0?$messages@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$messages@_W@std@@QEAA@_K@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$moneypunct@D$00@std@@IEAA@PEBD_K@Z
??0?$moneypunct@D$00@std@@QEAA@AEBV_Locinfo@1@_K_N@Z
??0?$moneypunct@D$00@std@@QEAA@_K@Z
??0?$moneypunct@D$0A@@std@@IEAA@PEBD_K@Z
??0?$moneypunct@D$0A@@std@@QEAA@AEBV_Locinfo@1@_K_N@Z
??0?$moneypunct@D$0A@@std@@QEAA@_K@Z
??0?$moneypunct@G$00@std@@IEAA@PEBD_K@Z
??0?$moneypunct@G$00@std@@QEAA@AEBV_Locinfo@1@_K_N@Z
??0?$moneypunct@G$00@std@@QEAA@_K@Z
??0?$moneypunct@G$0A@@std@@IEAA@PEBD_K@Z
??0?$moneypunct@G$0A@@std@@QEAA@AEBV_Locinfo@1@_K_N@Z
??0?$moneypunct@G$0A@@std@@QEAA@_K@Z
??0?$moneypunct@_W$00@std@@IEAA@PEBD_K@Z
??0?$moneypunct@_W$00@std@@QEAA@AEBV_Locinfo@1@_K_N@Z
??0?$moneypunct@_W$00@std@@QEAA@_K@Z
??0?$moneypunct@_W$0A@@std@@IEAA@PEBD_K@Z
??0?$moneypunct@_W$0A@@std@@QEAA@AEBV_Locinfo@1@_K_N@Z
??0?$moneypunct@_W$0A@@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z

Sections

.text
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/msvcr90.dll
.dll windows:5 windows x64 arch:x64

78d931040351d53199b8eea44e33c764

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:8d:d0:d8:24:d1:f5:b3:bd:fd:a7:25:1b:e7:ac:0d:03:ea:44:fd
Signer

Actual PE Digest

b5:8d:d0:d8:24:d1:f5:b3:bd:fd:a7:25:1b:e7:ac:0d:03:ea:44:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msvcr90.amd64.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetLongPathNameW
GetCurrentThreadId
FlsSetValue
FlsGetValue
DebugBreak
OutputDebugStringA
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
EncodePointer
DecodePointer
FlsFree
SetLastError
GetCurrentThread
FlsAlloc
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetDateFormatA
GetTimeFormatA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapSetInformation
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
HeapQueryInformation
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
HeapWalk
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateFileA
FlushFileBuffers
CreatePipe
CreateFileW
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetEndOfFile
GetProcessHeap
GetFileInformationByHandle
PeekNamedPipe
LockFile
UnlockFile
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
QueryPerformanceCounter
GetTickCount
GetStringTypeW
GetStringTypeA
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryW

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QEAA@AEBV01@@Z
??0__non_rtti_object@std@@QEAA@PEBD@Z
??0bad_cast@std@@AEAA@PEBQEBD@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
??0bad_cast@std@@QEAA@PEBD@Z
??0bad_typeid@std@@QEAA@AEBV01@@Z
??0bad_typeid@std@@QEAA@PEBD@Z
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@XZ
??1__non_rtti_object@std@@UEAA@XZ
??1bad_cast@std@@UEAA@XZ
??1bad_typeid@std@@UEAA@XZ
??1exception@std@@UEAA@XZ
??1type_info@@UEAA@XZ
??2@YAPEAX_K@Z
??2@YAPEAX_KHPEBDH@Z
??3@YAXPEAX@Z
??4__non_rtti_object@std@@QEAAAEAV01@AEBV01@@Z
??4bad_cast@std@@QEAAAEAV01@AEBV01@@Z
??4bad_typeid@std@@QEAAAEAV01@AEBV01@@Z
??4exception@std@@QEAAAEAV01@AEBV01@@Z
??8type_info@@QEBA_NAEBV0@@Z
??9type_info@@QEBA_NAEBV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QEAAXXZ
??_Fbad_typeid@std@@QEAAXXZ
??_U@YAPEAX_K@Z
??_U@YAPEAX_KHPEBDH@Z
??_V@YAXPEAX@Z
?_Name_base@type_info@@CAPEBDPEBV1@PEAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPEBDPEBV1@PEAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPEAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPEAV1@@Z
?_ValidateExecute@@YAHP6A_JXZ@Z
?_ValidateRead@@YAHPEBXI@Z
?_ValidateWrite@@YAHPEAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPEBG00I_K@Z
?_is_exception_typeof@@YAHAEBVtype_info@@PEAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
?_open@@YAHPEBDHH@Z
?_query_new_handler@@YAP6AH_K@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AH_K@ZH@Z
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPEBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?_wopen@@YAHPEB_WHH@Z
?_wsopen@@YAHPEB_WHHH@Z
?before@type_info@@QEBAHAEBV1@@Z
?name@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
?raw_name@type_info@@QEBAPEBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@std@@UEBAPEBDXZ
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_SetImageBase
_SetThrowImageBase
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__crt_debugger_hook
__daylight
__dllonexit
__doserrno
__dstbias
__fls_getvalue
__fls_setvalue
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abs64
_access
_access_s
_acmdln
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_finitef
_flsbuf
_flushall
_fmode
_fpclass
_fpclassf
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_amblksiz
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_invalid_parameter_handler
_get_osfhandle
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_sbh_threshold
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getptd
_getsystime
_getw
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initptd
_initterm
_initterm_e
_invalid_parameter
_invalid_parameter_noinfo
_invoke_watson
_iob
_isalnum_l
_isalpha_l
_isatty
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l

Sections

.text
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/skin/status_green.bmp
$PROGRAMFILES64/RF_L/skin/status_red.bmp
$PROGRAMFILES64/RF_L/tc1_form.sys
$PROGRAMFILES64/RF_L/tc_8SR.exe
.exe windows:5 windows x64 arch:x64

c92efab4aaaa003749eca63054659c37

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:ba:82:a4:74:83:51:db:15:5a:ea:63:57:fb:96:95:38:00:48:bd:b2:dd:61:ac:76:da:b4:8a:82:d0:56:1b
Signer

Actual PE Digest

67:ba:82:a4:74:83:51:db:15:5a:ea:63:57:fb:96:95:38:00:48:bd:b2:dd:61:ac:76:da:b4:8a:82:d0:56:1b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
GetLongPathNameA
GetLastError
GetModuleFileNameW
ReadFile
WideCharToMultiByte
GetCurrentProcess
GetTempPathA
CreateFileA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
Sleep
GetSystemTimeAsFileTime

advapi32

AdjustTokenPrivileges
RegOpenKeyA
LookupPrivilegeValueA
RegCreateKeyA
RegSetValueExA
OpenProcessToken
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

msvcr90

_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_amsg_exit
strncpy
atoi
strchr
strstr
sprintf
_cexit

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/tc_Default.sys
$PROGRAMFILES64/RF_L/tc_Prih.dll
.dll windows:5 windows x64 arch:x64

a359327112ab193c82d75c0273bb14d9

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

28:17:7a:20:70:10:64:c1:51:8f:0d:e1:61:01:3a:e7:f6:dd:6f:d6:f9:21:3b:40:c0:6c:c4:8c:43:c3:ac:e7
Signer

Actual PE Digest

28:17:7a:20:70:10:64:c1:51:8f:0d:e1:61:01:3a:e7:f6:dd:6f:d6:f9:21:3b:40:c0:6c:c4:8c:43:c3:ac:e7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

imm32

ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext

kernel32

GetLastError
lstrlenW
CompareStringW
CompareStringA
ReadFile
GetUserDefaultLangID
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetModuleFileNameW
WideCharToMultiByte
GetLongPathNameA
GetModuleHandleA
GetTickCount
GetProcessHeap
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
RaiseException
RtlPcToFileHeader
HeapFree
GetCurrentThreadId
FlsSetValue
GetCommandLineA
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
GetTimeZoneInformation
HeapAlloc
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
CreateFileA
SetEnvironmentVariableA

user32

UnhookWindowsHookEx
SetWindowsHookExA
SendMessageTimeoutA
IsWindowEnabled
CallNextHookEx
MapVirtualKeyA
IsWindowVisible
MessageBoxA
GetClassNameA
FindWindowExA
FindWindowA
PostMessageA
GetActiveWindow
GetWindowTextA
GetAsyncKeyState

advapi32

RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shlwapi

StrStrIA

Exports

Exports

InstallRecord
RecordProc
UnInstallRecord

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/tc_svr.exe
.exe windows:5 windows x86 arch:x86

42cccb59fb52078015be74288575c424

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:0c:12:5a:e6:54:d0:06:96:f3:a6:1b
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/07/2019, 08:29

Not After

31/08/2020, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e2:b0:41:42:fc:96:4d:16:d4:ff:fa:03:a3:2f:b9:50:c4:d2:7e:9a
Signer

Actual PE Digest

e2:b0:41:42:fc:96:4d:16:d4:ff:fa:03:a3:2f:b9:50:c4:d2:7e:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
GetDesktopWindow

kernel32

GetLastError
ExitThread
Sleep
CreateProcessA
SetCurrentDirectoryA
ExitProcess
OpenEventA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
GetCurrentProcess
SetEvent
CloseHandle
TerminateProcess
GetSystemTimeAsFileTime

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__getmainargs
exit
_cexit
_XcptFilter
_exit
_c_exit
_open
_read
_lseek
_close
_except_handler3
strncmp
_stricmp
malloc
free
__initenv

advapi32

SetServiceStatus
RegCloseKey
RegQueryValueExA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegOpenKeyExA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PROGRAMFILES64/RF_L/tc_un.exe
.exe windows:5 windows x64 arch:x64

8aef33b19ab2eb85e31b1907dd5589ba

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2020, 07:59

Not After

01/10/2021, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,O=TrueCut Security\, Inc.,STREET=525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:a9:90:70:16:ef:64:15:d9:a7:8f:89:2a:d3:ff:44:3a:97:6c:d6:1a:3e:51:68:6c:f3:dd:37:9a:9e:6a:bb
Signer

Actual PE Digest

3d:a9:90:70:16:ef:64:15:d9:a7:8f:89:2a:d3:ff:44:3a:97:6c:d6:1a:3e:51:68:6c:f3:dd:37:9a:9e:6a:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlUnwindEx
HeapReAlloc
ExitProcess
RaiseException
RtlPcToFileHeader
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapQueryInformation
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetACP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
LCMapStringA
LCMapStringW
HeapSetInformation
RtlLookupFunctionEntry
GetStdHandle
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
SetErrorMode
GetOEMCP
GetCPInfo
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
FileTimeToSystemTime
GetThreadLocale
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
MulDiv
LoadLibraryA
GlobalUnlock
FreeResource
GlobalFree
WritePrivateProfileStringA
GlobalAddAtomA
GetCurrentProcessId
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
GlobalLock
GlobalAlloc
lstrcpyA
DeleteFileA
LocalFree
OutputDebugStringA
CreateToolhelp32Snapshot
FindNextFileA
GetModuleFileNameA
Process32Next
SetFileAttributesA
RemoveDirectoryA
GetLongPathNameA
MultiByteToWideChar
lstrcatA
GetModuleFileNameW
TerminateProcess
GetExitCodeProcess
OpenProcess
FormatMessageA
GetProcessHeap
GetTickCount
Process32First
HeapFree
HeapAlloc
FreeLibrary
MoveFileExA
lstrlenA
lstrcmpA
CloseHandle
GetCurrentDirectoryA
GetModuleHandleA
LockResource
FindClose
CopyFileA
GetProcAddress
GetLastError
FindFirstFileA
SetCurrentDirectoryA
CreateDirectoryA
SizeofResource
Sleep
WideCharToMultiByte
GetWindowsDirectoryA
GetModuleHandleW
GetCurrentProcess
LoadResource
HeapCreate
FindResourceA

user32

UnregisterClassA
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
CharUpperA
LoadCursorA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
UnhookWindowsHookEx
GetSysColor
EndPaint
BeginPaint
GetWindowDC
FindWindowA
EnableWindow
SendMessageW
GetSystemMetrics
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextLengthA
GetWindowTextA
SetFocus
GetMenuItemID
GetMenuItemCount
GetSubMenu
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
DestroyMenu
RegisterClipboardFormatA
PostThreadMessageA
GetNextDlgTabItem
EndDialog
RegisterClassA
DispatchMessageA
PostMessageA
PeekMessageA
TranslateMessage
SendMessageA
GetClientRect
DrawIcon
wsprintfA
LoadIconA
LoadStringA
IsIconic
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
SetCursor
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetWindowThreadProcessId
SetWindowPos
MapDialogRect
SetWindowContextHelpId
GetWindow
ValidateRect
GetCursorPos
GetKeyState
IsWindowVisible
GetActiveWindow
GetMessageA
SetWindowsHookExA
CallNextHookEx
GetClassLongA

gdi32

GetMapMode
GetRgnBox
GetTextColor
GetBkColor
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateBitmap
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateRectRgnIndirect
Escape

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CryptEncrypt
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
CryptHashData
CryptDestroyHash
CryptDecrypt
ControlService
CryptDestroyKey
OpenSCManagerA
QueryServiceStatusEx
CryptCreateHash
OpenProcessToken
RegDeleteValueA
RegOpenKeyExA
CryptAcquireContextA
RegEnumKeyExA
CryptReleaseContext
EnumDependentServicesA
CryptDeriveKey
CloseServiceHandle
OpenServiceA
CryptGetHashParam
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyA
LookupPrivilegeValueA
RegQueryValueExA

shell32

ShellExecuteExA
SHFileOperationA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFolderPathA
ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

StrStrIA
SHDeleteValueA
SHDeleteKeyA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CLSIDFromString
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysAllocStringLen

ws2_32

WSASetLastError
WSACleanup
WSAStartup

psapi

GetModuleFileNameExA

Sections

.text
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/RF_L/vcomp90.dll
.dll windows:5 windows x64 arch:x64

67edffeed65f875a3c6ad8202aac4805

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:97:35:30:bb:6e:d7:13:c8:49:75:c6:d0:c1:81:80:5b:5d:9a:e5
Signer

Actual PE Digest

f4:97:35:30:bb:6e:d7:13:c8:49:75:c6:d0:c1:81:80:5b:5d:9a:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vcomp90.amd64.pdb

Imports

kernel32

TlsGetValue
FormatMessageW
OutputDebugStringW
GetConsoleWindow
GetConsoleScreenBufferInfo
WriteConsoleW
WideCharToMultiByte
WriteFile
GetLastError
LocalFree
GetStdHandle
ExitProcess
HeapFree
GetProcessHeap
TlsSetValue
Sleep
UnhandledExceptionFilter
GetTickCount
HeapAlloc
CreateEventW
CloseHandle
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateSemaphoreW
ReleaseSemaphore
GetCurrentThreadId
TryEnterCriticalSection
QueryPerformanceCounter
TlsAlloc
TlsFree
GetSystemInfo
QueryPerformanceFrequency
GetSystemTimeAdjustment
GetEnvironmentVariableW
lstrlenW
lstrcmpiW
GetStringTypeExW
SleepEx
SwitchToThread
QueueUserAPC
CreateThread
QueueUserWorkItem
GetFileAttributesW
GetUserDefaultUILanguage
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
LoadResource
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlUnwindEx

user32

MessageBoxW

Exports

Exports

_vcomp_atomic_add_i1
_vcomp_atomic_add_i2
_vcomp_atomic_add_i4
_vcomp_atomic_add_i8
_vcomp_atomic_add_r4
_vcomp_atomic_add_r8
_vcomp_atomic_and_i1
_vcomp_atomic_and_i2
_vcomp_atomic_and_i4
_vcomp_atomic_and_i8
_vcomp_atomic_div_i1
_vcomp_atomic_div_i2
_vcomp_atomic_div_i4
_vcomp_atomic_div_i8
_vcomp_atomic_div_r4
_vcomp_atomic_div_r8
_vcomp_atomic_div_ui1
_vcomp_atomic_div_ui2
_vcomp_atomic_div_ui4
_vcomp_atomic_div_ui8
_vcomp_atomic_mul_i1
_vcomp_atomic_mul_i2
_vcomp_atomic_mul_i4
_vcomp_atomic_mul_i8
_vcomp_atomic_mul_r4
_vcomp_atomic_mul_r8
_vcomp_atomic_or_i1
_vcomp_atomic_or_i2
_vcomp_atomic_or_i4
_vcomp_atomic_or_i8
_vcomp_atomic_shl_i1
_vcomp_atomic_shl_i2
_vcomp_atomic_shl_i4
_vcomp_atomic_shl_i8
_vcomp_atomic_shr_i1
_vcomp_atomic_shr_i2
_vcomp_atomic_shr_i4
_vcomp_atomic_shr_i8
_vcomp_atomic_shr_ui1
_vcomp_atomic_shr_ui2
_vcomp_atomic_shr_ui4
_vcomp_atomic_shr_ui8
_vcomp_atomic_sub_i1
_vcomp_atomic_sub_i2
_vcomp_atomic_sub_i4
_vcomp_atomic_sub_i8
_vcomp_atomic_sub_r4
_vcomp_atomic_sub_r8
_vcomp_atomic_xor_i1
_vcomp_atomic_xor_i2
_vcomp_atomic_xor_i4
_vcomp_atomic_xor_i8
_vcomp_barrier
_vcomp_copyprivate_broadcast
_vcomp_copyprivate_receive
_vcomp_enter_critsect
_vcomp_flush
_vcomp_for_dynamic_init
_vcomp_for_dynamic_init_i8
_vcomp_for_dynamic_next
_vcomp_for_dynamic_next_i8
_vcomp_for_static_end
_vcomp_for_static_init
_vcomp_for_static_init_i8
_vcomp_for_static_simple_init
_vcomp_for_static_simple_init_i8
_vcomp_fork
_vcomp_get_thread_num
_vcomp_leave_critsect
_vcomp_master_barrier
_vcomp_master_begin
_vcomp_master_end
_vcomp_ordered_begin
_vcomp_ordered_end
_vcomp_ordered_loop_end
_vcomp_reduction_i1
_vcomp_reduction_i2
_vcomp_reduction_i4
_vcomp_reduction_i8
_vcomp_reduction_r4
_vcomp_reduction_r8
_vcomp_reduction_u1
_vcomp_reduction_u2
_vcomp_reduction_u4
_vcomp_reduction_u8
_vcomp_sections_init
_vcomp_sections_next
_vcomp_set_num_threads
_vcomp_single_begin
_vcomp_single_end
omp_destroy_lock
omp_destroy_nest_lock
omp_get_dynamic
omp_get_max_threads
omp_get_nested
omp_get_num_procs
omp_get_num_threads
omp_get_thread_num
omp_get_wtick
omp_get_wtime
omp_in_parallel
omp_init_lock
omp_init_nest_lock
omp_set_dynamic
omp_set_lock
omp_set_nest_lock
omp_set_nested
omp_set_num_threads
omp_test_lock
omp_test_nest_lock
omp_unset_lock
omp_unset_nest_lock

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3abe302b6d9a1256e6a915429af4ffd2

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

44:b4:b7:91:21:b0:24:0b:08:b5:87:71Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

74:8f:6c:0e:52:6b:b0:93:ba:54:b7:d9:25:53:c9:f2:57:e4:11:c6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 66KB - Virtual size: 66KB

610235b90207a63ccf481f0d4375d329

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 606B

cce05dea98cbac3a9d486b233588f528

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 692B

.rdata Size: 1024B - Virtual size: 673B

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

74:8f:6c:0e:52:6b:b0:93:ba:54:b7:d9:25:53:c9:f2:57:e4:11:c6
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 66KB - Virtual size: 66KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 606B

.text
Size: 1024B - Virtual size: 692B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 512B - Virtual size: 240B

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

52:6f:54:d3:c0:6d:81:c3:35:14:82:0e:53:31:6b:a0:5e:40:d7:8f
Signer

.rsrc
Size: 36KB - Virtual size: 35KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

44:b4:b7:91:21:b0:24:0b:08:b5:87:71
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

e8:7d:4a:6d:c0:7e:80:ac:e8:29:2f:4f:c1:3b:06:51:f7:6a:a4:b1:85:88:86:55:47:d3:64:4e:71:5c:56:2f
Signer