Data-Recovery[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Data-Recovery.zip
Size

20.4MB
MD5

cc1b345ad385efbea9bea48472d78132
SHA1

90cad83034a98269bf70e074df1659204688ef0c
SHA256

f648037018ccb1d46e9f868bd79af73807ba4851b6a916e4182fd7841fdf19b8
SHA512

ff175365789f607a9e35f662ad4d6dd5cc576f8e29be26cd2c3ebdb78edbd16b769c9fb8c4523ce71f20c0e89e6365f5476e388f22249e4dde0ffe2db16948af
SSDEEP

393216:CDh2LvUlQToN/t9mAGIW8SVWC2QPh/jLvKsIv32FKD8uASIW87:CF2LvRTox5GIKVb2QPh7LrRSIT

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/EUEXTSearchDLL.dll
unpack001/DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/GDIPLUS.DLL
unpack001/DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/INETWH32.dll
unpack001/DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/ROBOEX32.DLL
unpack001/DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/dbghelp.dll
unpack001/DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/libcurl.dll
unpack001/DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/mfcm90.dll
unpack001/DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/mfcm90u.dll
unpack001/DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/msvcm90.dll

Files

Data-Recovery.zip
.zip
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/EULA.txt
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/Launcher/Custom.nsh
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/Launcher/DataRecoveryPortable.ini
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/Launcher/Source/!LAUNCHER/Languages.nsh
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/Launcher/Source/!LAUNCHER/PortableApps.comLauncher.nsi
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/Launcher/Source/!NSTALLER/PortableApps.comInstaller.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/Launcher/Source/!NSTALLER/PortableApps.comInstaller.ico
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/Launcher/Source/!NSTALLER/PortableApps.comInstaller.nsi
.js
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/Launcher/Source/_.txt
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/appicon.ico
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/appicon_128.png
.png

Password: infected
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/appicon_16.png
.png

Password: infected
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/appicon_32.png
.png

Password: infected
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/appinfo.ini
DataRecovery/DataRecovery (Windows 32 Bits)/App/AppInfo/installer.ini
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/AutoUpdate.dll
.dll windows:4 windows x86 arch:x86

Password: infected

38ad9d4ac65dcfa4c02ca5c90660704a

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:ba:aa:58:a1:7f:6c:e5:fe:c3:08:4f:00:4b:bc:dd:a3:71:d3:43
Signer

Actual PE Digest

15:ba:aa:58:a1:7f:6c:e5:fe:c3:08:4f:00:4b:bc:dd:a3:71:d3:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Common\AutoUpdate\Release\AutoUpdate.pdb

Imports

urlmon

URLDownloadToCacheFileA

kernel32

GetEnvironmentStrings
GetPrivateProfileStringA
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapReAlloc
HeapAlloc
TerminateProcess
GetCurrentProcess
HeapSize
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
RtlUnwind
LoadLibraryA
InterlockedExchange
VirtualQuery
VirtualAlloc
InitializeCriticalSection
VirtualProtect
GetSystemInfo

Exports

Exports

?GetAutoUpdateInstance@@YGPAVIAutoUpdate@@XZ

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Chinese.dat
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Chinese.data
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/ChineseTrad.dat
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/ChineseTrad.data
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/DRW.exe
.exe windows:5 windows x86 arch:x86

Password: infected

e31872437a1185838f6442458a725b82

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:4f:b5:da:d0:39:bf:1c:55:98:09:45:ef:0f:6c:41:5b:62:b4:5b
Signer

Actual PE Digest

89:4f:b5:da:d0:39:bf:1c:55:98:09:45:ef:0f:6c:41:5b:62:b4:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\DRW\_drw_main\DRWIntelligentScan\Bin\Release\DRW.pdb

Imports

publog

?DebugTrace@@YAXPBDZZ

kernel32

GetVersion
GetLastError
CreateMutexA
FreeLibrary
LoadLibraryA
UnmapViewOfFile
OutputDebugStringA
ReleaseMutex
GetCurrentThread
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
WriteFile
HeapSize
GetCurrentProcess
WaitForMultipleObjects
CreateProcessA
CloseHandle
GetModuleFileNameA
CreateFileA
CreateEventA
WaitForSingleObject
GetProcAddress
RtlUnwind
HeapFree
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStdHandle
Sleep
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RaiseException
InitializeCriticalSectionAndSpinCount

user32

MessageBoxA
LoadStringA

advapi32

RegQueryValueExA
RegCloseKey
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
FreeSid
GetTokenInformation
EqualSid
RegOpenKeyExA

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/DRW.exe.manifest
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/DRWUI.exe
.exe windows:5 windows x86 arch:x86

Password: infected

418be4c9bb9e09c3ba4ce027239e4ada

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:e8:a7:1f:93:25:bf:f6:b3:73:cd:e6:45:d0:92:ad:27:15:ec:70
Signer

Actual PE Digest

40:e8:a7:1f:93:25:bf:f6:b3:73:cd:e6:45:d0:92:ad:27:15:ec:70

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\DRW\_drw_main\DRWIntelligentScan\Bin\Release\DRWUI.pdb

Imports

gc

GC_free
GC_malloc
GC_register_finalizer_ignore_self
GC_malloc_atomic
GC_malloc_uncollectable

publog

?DebugTrace@@YAXPBDZZ
?LogInfo@@YAXPBDZZ
?LogError@@YAXPBDZZ
?ReleaseTrace@@YAXPBDZZ

mfc90

ord4644
ord2280
ord3056
ord6616
ord4248
ord2470
ord3157
ord3676
ord3678
ord3731
ord3158
ord306
ord4153
ord3491
ord783
ord582
ord571
ord6707
ord6330
ord4256
ord6329
ord1155
ord3831
ord3244
ord3554
ord693
ord1699
ord3997
ord4337
ord4760
ord3909
ord1716
ord3632
ord767
ord6507
ord6473
ord3940
ord2966
ord4516
ord6788
ord4757
ord4157
ord3815
ord2278
ord1771
ord1685
ord4642
ord3538
ord677
ord525
ord3612
ord6078
ord4527
ord4396
ord2327
ord4222
ord4223
ord3479
ord333
ord1358
ord1357
ord6048
ord613
ord337
ord4513
ord4311
ord6170
ord2587
ord2097
ord6074
ord6333
ord3534
ord2106
ord1183
ord3477
ord636
ord367
ord611
ord595
ord796
ord3480
ord3277
ord5647
ord4638
ord1497
ord6391
ord3346
ord1668
ord2274
ord4030
ord3757
ord2672
ord2481
ord4477
ord6613
ord2690
ord937
ord5997
ord1603
ord3390
ord1536
ord2267
ord586
ord789
ord1045
ord1607
ord3629
ord766
ord4254
ord2209
ord3351
ord664
ord405
ord1490
ord1938
ord524
ord2356
ord6475
ord6474
ord777
ord3643
ord1276
ord4646
ord1720
ord2283
ord5482
ord3796
ord3519
ord654
ord3179
ord6062
ord2263
ord3663
ord403
ord3506
ord4977
ord2286
ord1786
ord1723
ord4649
ord3269
ord316
ord2141
ord3674
ord3148
ord6527
ord2896
ord4384
ord3730
ord1359
ord6291
ord1254
ord1258
ord5851
ord4481
ord6682
ord6676
ord1303
ord2360
ord2590
ord5528
ord780
ord579
ord3141
ord4026
ord790
ord3654
ord3273
ord3931
ord2144
ord1691
ord1727
ord941
ord5963
ord1144
ord3627
ord1061
ord3726
ord1252
ord1087
ord1692
ord2100
ord686
ord436
ord5753
ord1555
ord6793
ord5520
ord663
ord404
ord4529
ord3528
ord4727
ord6584
ord6557
ord1108
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord2447
ord4333
ord4981
ord5663
ord5646
ord6001
ord3110
ord4890
ord4667
ord3659
ord1186
ord1098
ord4197
ord1220
ord1137
ord793
ord589
ord4029
ord4952
ord4993
ord2074
ord5633
ord3987
ord639
ord374
ord3783
ord2480
ord4392
ord1611
ord305
ord3213
ord5835
ord820
ord2691
ord945
ord300
ord2539
ord2692
ord5636
ord4116
ord2592
ord2364
ord6559
ord310
ord296
ord5922
ord5615
ord4617
ord5152
ord5309
ord2208
ord1810
ord1809
ord1678
ord3344
ord6388
ord1755
ord1752
ord4331
ord1496
ord4650
ord5585
ord5497
ord6780
ord4589
ord899
ord1556
ord4431
ord5924
ord3732
ord5139
ord3650
ord784
ord4022
ord2588
ord406
ord665
ord744
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2753
ord6352
ord6166
ord375
ord2490
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4895
ord4668
ord908
ord286
ord817
ord3178
ord4688
ord910
ord3177
ord812
ord2069
ord600
ord601

msvcr90

?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__clean_type_info_names_internal
_setmbcp
wcstombs
_vswprintf
strcat_s
_localtime32_s
abs
__RTtypeid
towupper
towlower
??8type_info@@QBE_NABV0@@Z
_setmode
_fdopen
_fileno
_strlwr
_wcsicmp
__RTDynamicCast
_CIlog
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_vsnprintf
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
exit
isdigit
fgetc
fflush
__iob_func
ungetc
_beginthread
_endthread
strcat
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
memcpy_s
memmove_s
sprintf
_purecall
sscanf
_atoi64
vsprintf_s
wcscpy_s
strstr
sprintf_s
swprintf_s
strncpy
_vsnprintf_s
_splitpath
_mbsrchr
strcpy_s
_mbsnbcpy_s
_splitpath_s
_stricmp
memmove
atoi
atof
fprintf
fopen_s
fclose
fseek
ftell
fread
fputc
ferror
sscanf_s
isspace
tolower
isalpha
isalnum
strchr
strncmp
srand
_time64
rand
_snprintf
strrchr
_mkdir
toupper
strftime
_localtime64_s
ceil
calloc
free
_recalloc
_memicmp
fopen
fwrite
memcpy
strlen
strcpy
memset
_CxxThrowException
__CxxFrameHandler3
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
memcmp
strcmp
malloc
_strnicmp
wcsncmp
wcslen
strncpy_s

kernel32

GetTickCount
QueryDosDeviceA
LCMapStringW
LCMapStringA
GetStringTypeExW
GetStringTypeExA
GetUserDefaultLCID
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceA
FreeResource
GlobalFree
OutputDebugStringA
SetFilePointer
WriteFile
DeleteFileA
lstrlenA
lstrcpynA
FreeLibrary
lstrcpyA
GetTempPathA
GetTempFileNameA
SystemTimeToFileTime
GetLocalTime
SetFileAttributesA
SetLastError
IsBadWritePtr
ResetEvent
FindFirstFileA
FindClose
MulDiv
FileTimeToSystemTime
FileTimeToLocalFileTime
LeaveCriticalSection
CompareFileTime
HeapAlloc
GetProcessHeap
HeapFree
GetStartupInfoA
CreateProcessA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileSize
CopyFileA
LocalFree
FormatMessageA
GetDiskFreeSpaceA
DebugBreak
QueryPerformanceCounter
QueryPerformanceFrequency
GetOverlappedResult
ReadFile
SetFileTime
CreateFileW
CreateDirectoryA
ReleaseMutex
SetFilePointerEx
FlushFileBuffers
GetFileSizeEx
RaiseException
WaitForMultipleObjects
DosDateTimeToFileTime
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemDirectoryA
GetLocaleInfoW
GetModuleHandleA
GlobalMemoryStatusEx
GetSystemInfo
MultiByteToWideChar
SetEvent
CreateEventA
SetUnhandledExceptionFilter
GetCurrentProcess
VirtualFree
VirtualAlloc
CreateFileA
DeviceIoControl
TerminateThread
GetVolumeInformationA
FindVolumeClose
FindFirstVolumeA
GetDiskFreeSpaceExA
GetDriveTypeA
Sleep
CloseHandle
GetVersionExA
WideCharToMultiByte
GetLogicalDrives
GetCurrentProcessId
GetPrivateProfileIntA
GetCurrentThreadId
CreateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLastError
CreateMutexA
LoadLibraryA
WaitForSingleObject
GetWindowsDirectoryA
IsBadReadPtr
InterlockedDecrement
InterlockedIncrement
lstrcmpA
FindNextVolumeA
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileStringW
GetModuleFileNameA
GetProcAddress
SetThreadPriority
LoadLibraryW

user32

LoadStringA
LoadStringW
EnableScrollBar
GetScrollPos
SetScrollPos
SetScrollRange
ShowScrollBar
GetDlgItem
EnumChildWindows
SetRectEmpty
AnimateWindow
SetLayeredWindowAttributes
UnregisterClassA
SetParent
EqualRect
TrackPopupMenu
InsertMenuItemA
IsRectEmpty
GetAsyncKeyState
DrawFocusRect
DrawFrameControl
UpdateWindow
RegisterClassA
MoveWindow
ScrollWindow
MapWindowPoints
SetScrollInfo
GetScrollInfo
GetDC
GetWindowTextA
SetWindowTextA
PeekMessageA
DrawIconEx
SetWindowRgn
GetClassLongA
EndPaint
BeginPaint
GetFocus
GetMessageA
DispatchMessageA
TranslateMessage
EndMenu
BringWindowToTop
SetCursor
LoadCursorA
TrackMouseEvent
ScreenToClient
SetWindowLongA
SetCapture
ReleaseCapture
KillTimer
LoadBitmapA
DrawStateA
GetIconInfo
OffsetRect
GetSysColor
DestroyIcon
GetParent
CopyRect
FillRect
GetWindowDC
GetWindowRect
SetTimer
ReleaseDC
ClientToScreen
CreateWindowExA
IsWindowVisible
RegisterDeviceNotificationA
DestroyMenu
TrackPopupMenuEx
SetMenuInfo
SetMenuItemBitmaps
LoadImageA
AppendMenuA
AppendMenuW
CreatePopupMenu
GetCursorPos
RedrawWindow
UnregisterDeviceNotification
DrawIcon
GetSystemMetrics
PostMessageA
RegisterHotKey
GetDesktopWindow
InflateRect
GetClientRect
LoadIconA
MessageBoxA
GetClassInfoA
FlashWindow
SetForegroundWindow
SetActiveWindow
IsIconic
FindWindowA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ShowWindow
SetFocus
SetWindowPos
PtInRect
InvalidateRect
CallWindowProcA
DefWindowProcA
GetWindowLongA
FrameRect
SendMessageA
CreateWindowExW
DestroyWindow
IsWindow
EnableWindow
DrawTextW
SetRect
DrawTextA

gdi32

DPtoLP
SetDIBits
GetDIBits
GetTextMetricsA
Polyline
GetDeviceCaps
StretchBlt
GetTextColor
LineTo
MoveToEx
CreatePen
ExcludeClipRect
CreateRoundRectRgn
SetBkColor
CreateBitmap
CreateFontA
GetStockObject
CreateFontIndirectA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode
SetBkMode
DeleteDC
GetObjectA
DeleteObject
CreateSolidBrush
SetTextColor
SelectObject
GetMapMode

msimg32

GradientFill

comdlg32

GetSaveFileNameA
CommDlgExtendedError

advapi32

WriteEncryptedFileRaw
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
OpenEncryptedFileRawA
CloseEncryptedFileRaw

shell32

SHGetSpecialFolderPathA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA
SHGetSpecialFolderLocation
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA

comctl32

ImageList_GetIconSize
ImageList_GetIcon
_TrackMouseEvent
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_LoadImageA
ImageList_Draw

shlwapi

StrRetToStrA

ole32

CoCreateInstance
StgOpenStorage
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
OleCreatePictureIndirect
OleLoadPicture
SysFreeString
SysAllocString
VariantChangeType
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
VarBstrFromDate
VariantCopy
VariantInit

urlmon

URLDownloadToFileA

gdiplus

GdipDrawImageI
GdipDrawImageRectRectI
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipSetPenMode
GdipFillPolygonI
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetPenColor
GdipFillRectangle
GdipDrawLinesI
GdiplusShutdown
GdipCreateBitmapFromGraphics
GdipGetImageThumbnail
GdipDrawRectangleI
GdipDrawImageRectI
GdipCreateSolidFill
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRectI
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipReleaseDC

msvcp90

?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?length@?$char_traits@D@std@@SAIPBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?length@?$char_traits@_W@std@@SAIPB_W@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@D@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$allocator@D@std@@QAE@XZ
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?max_size@?$allocator@D@std@@QBEIXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?flush@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@_W@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

mpr

WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA

dbghelp

MakeSureDirectoryPathExists

wininet

InternetCheckConnectionA

autoupdate

?GetAutoUpdateInstance@@YGPAVIAutoUpdate@@XZ

psapi

GetProcessMemoryInfo

ws2_32

WSAStartup
gethostname
gethostbyname

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 386KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/DRWUI.exe.manifest
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Deutsch.dat
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Deutsch.data
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Dutch.dat
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Dutch.data
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/EUEXFATSearchDLL.dll
.dll windows:5 windows x86 arch:x86

Password: infected

3465ead096f4fa20a4d04ba3141b8670

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:1c:ce:d1:3f:7c:e2:44:9c:60:e4:e7:4f:db:1d:9a:f7:cb:e5:dc
Signer

Actual PE Digest

39:1c:ce:d1:3f:7c:e2:44:9c:60:e4:e7:4f:db:1d:9a:f7:cb:e5:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DRW\_drw_main\DRWIntelligentScan\bin\Release\win32\EUEXFATSearchDLL.pdb

Imports

kernel32

DosDateTimeToFileTime
SystemTimeToFileTime
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcp90

?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$allocator@D@std@@QAE@XZ
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ

msvcr90

??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
??_V@YAXPAX@Z
_invalid_parameter_noinfo
memmove
memcpy
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memmove_s
memset
strlen
strcpy
wcsncmp
_stricmp
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
??0exception@std@@QAE@ABV01@@Z
_wcsicmp
wcslen
strcpy_s
memcpy_s
sprintf
_snprintf
sscanf
strncpy_s
__CxxFrameHandler3
_CxxThrowException
__RTDynamicCast

publog

?LogInfo@@YAXPBDZZ

Exports

Exports

EUCreateEXFATQuickSearcher
EUCreateEXFATSearcher

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 349KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/EUEXT2SearchDLL.dll
.dll windows:5 windows x86 arch:x86

Password: infected

90dff666fbb55f4484cab6077b310071

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c0:c3:f5:9a:af:33:17:50:0b:d5:36:e9:9f:eb:a6:c7:4d:1d:f4:2b
Signer

Actual PE Digest

c0:c3:f5:9a:af:33:17:50:0b:d5:36:e9:9f:eb:a6:c7:4d:1d:f4:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DRW\_drw_main\DRWIntelligentScan\bin\Release\win32\EUEXT2SearchDLL.pdb

Imports

gc

GC_free
GC_malloc
GC_register_finalizer_ignore_self
GC_malloc_atomic
GC_malloc_uncollectable

publog

?LogInfo@@YAXPBDZZ

kernel32

TerminateProcess
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LocalFree
FormatMessageA
MultiByteToWideChar
WideCharToMultiByte
SystemTimeToFileTime
Sleep
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedExchange

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$allocator@D@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?max_size@?$allocator@D@std@@QBEIXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ

msvcr90

??3@YAXPAX@Z
memcpy
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
__CxxFrameHandler3
?what@exception@std@@UBEPBDXZ
memset
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strcpy
strncpy
_invalid_parameter_noinfo
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
memmove_s
sprintf
memcmp
strlen
strcmp
free
malloc
__RTtypeid
_purecall
abs
sprintf_s
_endthread
_localtime32_s
_snprintf
sscanf
strncpy_s
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
__clean_type_info_names_internal
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
strcpy_s
memmove
??_V@YAXPAX@Z

Exports

Exports

EUCreateEXT2QuickSearcher
EUCreateEXT2Searcher
EUSetEXT2VerifySuperBlock

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 175KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/EUEXTSearchDLL.dll
.dll windows:5 windows x86 arch:x86

7e1c9fd2e1dae3d34ef0cb2ed508c9fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DRW\_drw_main\DRWIntelligentScan\bin\Release\win32\EUEXTSearchDLL.pdb

Imports

publog

?LogInfo@@YAXPBDZZ

kernel32

InterlockedExchange
TerminateProcess
SystemTimeToFileTime
Sleep
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
FreeLibrary
lstrcmpiA
GetModuleFileNameA
GetProcAddress
LoadLibraryW
CloseHandle
SetFilePointer
CreateFileA
ReadFile
WriteFile
lstrcpyA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalFree
FormatMessageA
InterlockedCompareExchange

msvcp90

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?width@ios_base@std@@QAEHH@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$allocator@D@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?uncaught_exception@std@@YA_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?max_size@?$allocator@D@std@@QBEIXZ

msvcr90

strlen
sprintf
sscanf
strcpy
strcpy_s
__CxxFrameHandler3
_localtime32_s
memcmp
strstr
strncmp
_memicmp
_strnicmp
wcsncmp
wcscmp
isprint
memcpy_s
strcmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_splitpath_s
_wcsnicmp
atol
malloc
strncpy
free
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
__clean_type_info_names_internal
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memset
_endthread
sprintf_s
??2@YAPAXI@Z
abs
_purecall
__RTtypeid
??_V@YAXPAX@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memmove_s
memcpy
_CxxThrowException
_stricmp
memmove
??3@YAXPAX@Z
strncpy_s

mfc90

ord2672
ord4481
ord2691
ord2505
ord2082
ord6675
ord3178
ord2481
ord820
ord663
ord1603
ord310
ord5997
ord945
ord406
ord2490
ord2501
ord5963
ord4392
ord3013
ord665
ord316
ord2539
ord300
ord910
ord601
ord6681
ord2327
ord404
ord4311
ord1607
ord817

ws2_32

ntohl

gc

GC_malloc
GC_free
GC_malloc_uncollectable
GC_malloc_atomic
GC_register_finalizer_ignore_self

Exports

Exports

EUCreateEXT2QuickSearcher
EUCreateEXT2Searcher

Sections

.text
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 340KB - Virtual size: 857KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/EUFATSearchDLL.dll
.dll windows:5 windows x86 arch:x86

8cb4169719c0eab720b46f0b86959dee

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1c:72:7d:dc:83:0b:95:1a:c7:3e:50:e6:b9:43:7d:c6:c5:fa:26
Signer

Actual PE Digest

42:1c:72:7d:dc:83:0b:95:1a:c7:3e:50:e6:b9:43:7d:c6:c5:fa:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DRW\_drw_main\DRWIntelligentScan\bin\Release\win32\EUFATSearchDLL.pdb

Imports

publog

?LogInfo@@YAXPBDZZ
?DebugTrace@@YAXPBDZZ
?ReleaseTrace@@YAXPBDZZ

kernel32

InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
FileTimeToDosDateTime
FreeLibrary
GetPrivateProfileIntA
FileTimeToSystemTime
GetProcAddress
LoadLibraryA
GetModuleFileNameA
DosDateTimeToFileTime
WideCharToMultiByte
lstrlenA
SystemTimeToFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLastError
Sleep
MultiByteToWideChar

msvcp90

?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$allocator@D@std@@QAE@XZ
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z

msvcr90

_invalid_parameter_noinfo
??_V@YAXPAX@Z
strcpy_s
__RTDynamicCast
_splitpath_s
??2@YAPAXI@Z
strcat
__CxxFrameHandler3
_snprintf
sscanf
strncpy_s
memcpy
_CxxThrowException
wcsncmp
wcslen
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
vsprintf_s
strcpy
strlen
memcmp
memmove
sprintf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_mktime64
sprintf
memmove_s
??3@YAXPAX@Z
_stricmp
_strnicmp
_wcsicmp
memset
_purecall

Exports

Exports

EUCreateFATQuickSearcher
EUCreateFATSearcher

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 349KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/EUHFSSearchDLL.dll
.dll windows:5 windows x86 arch:x86

f62430964798155fbbd0bba7d623e39c

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

93:17:47:17:f1:9f:80:97:8f:8d:8a:7e:53:a8:be:cc:58:2f:d9:d2
Signer

Actual PE Digest

93:17:47:17:f1:9f:80:97:8f:8d:8a:7e:53:a8:be:cc:58:2f:d9:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DRW\_drw_main\DRWIntelligentScan\bin\Release\win32\EUHFSSearchDLL.pdb

Imports

msvcp90

?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?width@ios_base@std@@QBEHXZ
??0?$allocator@D@std@@QAE@XZ
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?flush@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?width@ios_base@std@@QAEHH@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?uncaught_exception@std@@YA_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

msvcr90

strncpy_s
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
_onexit
_lock
__dllonexit
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
memset
__CxxFrameHandler3
??_V@YAXPAX@Z
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memmove_s
_unlock
__iob_func
fprintf
memcpy
memmove
strlen
strcpy
strcpy_s
sprintf
_snprintf
sscanf
__RTDynamicCast

publog

?LogInfo@@YAXPBDZZ

kernel32

QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
WideCharToMultiByte
IsBadReadPtr
MultiByteToWideChar
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
SystemTimeToFileTime
DosDateTimeToFileTime
IsDebuggerPresent

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
EUCreateHFSQuickSearcher
EUCreateHFSSearcher

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/EULicenseDLL.dll
.dll windows:5 windows x86 arch:x86

0381f0983ab2d2542093c18941a1297c

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:23:a2:db:3e:98:f9:78:66:6b:10:ac:0c:cf:84:59:c6:0d:a5:67
Signer

Actual PE Digest

25:23:a2:db:3e:98:f9:78:66:6b:10:ac:0c:cf:84:59:c6:0d:a5:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\workspace\TBNet\Output\Release\EULicenseDLL.pdb

Imports

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
DeregisterEventSource
ReportEventA
RegisterEventSourceA

kernel32

GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetFileType
GetVersion
GetLastError
GetCurrentThreadId
CloseHandle
FlushFileBuffers
GetModuleFileNameW
ReadFile
WriteFile
GlobalMemoryStatus
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
LCMapStringA
LCMapStringW
GetModuleHandleA
VirtualAlloc
GetConsoleCP
RtlUnwind
SetStdHandle
SetFilePointer
CreateFileA
HeapSize
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcessHeap

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

Exports

Exports

?EUReadLicenseRegistryKey@@YGIPA_WI@Z
?EUReadLicenseRegistryKeyA@@YGIPADI@Z
?EUWriteLicenseRegistryKey@@YGIPA_W@Z
?EUWriteLicenseRegistryKeyA@@YGIPAD@Z
EUConvToInnerLicencesKey
EUConvToInnerLicencesKeyA
EUConvToUserLicencesKey
EUConvToUserLicencesKeyA
EUGetCurPath
EUGetCurPathA
EUGetLicenseInfo
EUGetLicenseInfoA
EUGetSysTime
EUVerifyLicenseKey
EUVerifyLicenseKeyA

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/EUNTFSSearchDLL.dll
.dll windows:5 windows x86 arch:x86

35cc31d009133b27dca37160572a6359

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c3:54:8b:2c:80:88:6c:63:22:b4:1f:61:d7:23:80:44:9e:9b:36:cb
Signer

Actual PE Digest

c3:54:8b:2c:80:88:6c:63:22:b4:1f:61:d7:23:80:44:9e:9b:36:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DRW\_drw_main\DRWIntelligentScan\bin\Release\win32\EUNTFSSearchDLL.pdb

Imports

kernel32

GetTickCount
OutputDebugStringA
WideCharToMultiByte
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
SystemTimeToFileTime
InterlockedExchange

user32

LoadStringA

msvcp90

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$allocator@D@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z

msvcr90

_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_snprintf
wcsncmp
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
sprintf_s
strcpy_s
strcat
strcmp
strstr
memcmp
memmove_s
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
strlen
memset
memcpy
sprintf
strcpy
??_V@YAXPAX@Z
_purecall
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
sscanf
strncpy_s
_initterm_e
_stricmp
memmove
_wcsicmp
wcslen
_strnicmp
__RTDynamicCast

publog

?LogInfo@@YAXPBDZZ

Exports

Exports

EUCreateNTFSQuickSearcher
EUCreateNTFSSearcher

Sections

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 349KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/EURAWSearchDLL.dll
.dll windows:5 windows x86 arch:x86

21083398709d82744c394f303676d840

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:fe:b9:fe:58:e7:f1:3c:9e:fb:de:3a:b6:46:ed:97:7a:8a:0c:47
Signer

Actual PE Digest

bd:fe:b9:fe:58:e7:f1:3c:9e:fb:de:3a:b6:46:ed:97:7a:8a:0c:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DRW\_drw_main\DRWIntelligentScan\bin\Release\win32\EURAWSearchDLL.pdb

Imports

kernel32

GetProcAddress
LoadLibraryW
lstrcmpiA
GetModuleFileNameA
WideCharToMultiByte
CloseHandle
SetFilePointer
CreateFileA
ReadFile
WriteFile
MultiByteToWideChar
lstrcpyA
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep

mfc90

ord4311
ord2481
ord5963
ord4392
ord817
ord2691
ord2505
ord2082
ord6675
ord3178
ord2327
ord404
ord663
ord1603
ord310
ord5997
ord820
ord406
ord2490
ord2501
ord3013
ord1607
ord6681
ord665
ord314
ord4477
ord2692
ord4481
ord316
ord2539
ord300
ord910
ord601
ord265
ord266
ord798
ord2672
ord945
ord800

msvcr90

_strupr
_except_handler4_common
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__CxxFrameHandler3
_purecall
memset
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
memcpy_s
memcmp
memcpy
strstr
strncmp
strlen
_memicmp
_strnicmp
wcsncmp
wcscmp
isprint
strcmp
strncpy_s
_splitpath_s
_wcsnicmp
atol
strcpy
malloc
strncpy
free
memmove_s
sprintf
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
_stricmp

msvcp90

?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

ws2_32

ntohl

Exports

Exports

EUCreateRAWSearcher
EUGetAnalyserList

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 177KB - Virtual size: 695KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/English.dat
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/English.data
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/EuActiveOnline.dll
.dll windows:5 windows x86 arch:x86

7bed4cb3e808dd51c24f02e81c5df20f

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

95:66:55:fc:35:4f:1d:8d:ae:e7:a8:66:f8:68:85:bc:1c:45:fa:03
Signer

Actual PE Digest

95:66:55:fc:35:4f:1d:8d:ae:e7:a8:66:f8:68:85:bc:1c:45:fa:03

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\tb\EuActiveOnline\Output\Release\EuActiveOnline.pdb

Imports

wininet

HttpSendRequestW
InternetCloseHandle
InternetReadFile
InternetConnectW
HttpOpenRequestW
InternetOpenW

kernel32

HeapReAlloc
HeapAlloc
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetTickCount
CreateFileW
DeviceIoControl
CloseHandle
EnterCriticalSection
HeapSize
SetFilePointer
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
InterlockedExchange
WriteFile
FlushFileBuffers
TerminateProcess
InterlockedCompareExchange
Sleep
LeaveCriticalSection
GetCurrentThreadId
HeapDestroy
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess

advapi32

RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW

ole32

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize

oleaut32

SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
VariantInit
SysFreeString
SysAllocString

msvcp90

?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?max_size@?$allocator@D@std@@QBEIXZ
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0ABV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
??0?$allocator@_W@std@@QAE@XZ
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?destroy@?$allocator@D@std@@QAEXPAD@Z
?construct@?$allocator@D@std@@QAEXPADABD@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB

msvcr90

_CxxThrowException
memset
__CxxFrameHandler3
__clean_type_info_names_internal
memcpy
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
memmove_s
_invalid_parameter_noinfo
wcstol
??_V@YAXPAX@Z
_vswprintf
strcat_s
memcpy_s
_vscwprintf
vswprintf_s
swprintf_s
swscanf_s
_vswprintf_c_l
wcscat_s
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ

Exports

Exports

EaoDllGetClassObject

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/FileFilter.xml
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/French.dat
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/French.data
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/GDIPLUS.DLL
.dll windows:6 windows x86 arch:x86

c435c81e120e4837142e9074d88cf1cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\postbuild\opt\microsoftwindowsgdiplus-1100-gdiplus.pdb

Imports

kernel32

VirtualAlloc
GetSystemInfo
GetCommandLineA
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwind
VirtualQuery
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
IsValidLocale
ConvertDefaultLocale
GetLocaleInfoW
GetModuleFileNameW
GetModuleFileNameA
FindResourceA
LoadResource
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
HeapReAlloc
HeapFree
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
InterlockedExchange
GetProcessHeap
HeapAlloc
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
Sleep
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
SetEvent
lstrcmpiA
CreateThread
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
GetSystemDefaultLCID
GetACP
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryW
LoadLibraryA
HeapDestroy
FreeLibrary
GetModuleHandleW
LoadLibraryW
HeapCreate
GlobalFree
GlobalUnlock
GlobalSize
GlobalLock
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GlobalAlloc
SetLastError
VirtualFree
GetProfileSectionA
ReleaseSemaphore
CreateFileMappingW
GetSystemDirectoryA
CreateFileW
CreateSemaphoreA
IsDBCSLeadByteEx
GetLastError
FlushFileBuffers
LockFile
GetFileInformationByHandle
UnlockFile
ReadFile
SetFilePointer
SetEndOfFile
GetOEMCP
SearchPathA
SearchPathW
GetFileTime
LocalFree
LocalAlloc
MulDiv
LocalReAlloc
lstrcmpiW
GetProfileStringA
GetProfileIntA
LockResource
RaiseException

user32

ReleaseDC
GetDC
wsprintfA
GetSysColor
UnregisterClassA
DestroyWindow
LoadBitmapW
LoadBitmapA
IntersectRect
IsRectEmpty
wsprintfW
SystemParametersInfoA
GetClassLongA
GetWindowLongA
GetDCEx
GetIconInfo
CreateIconIndirect
WindowFromDC
GetWindowRect
GetDesktopWindow
GetClientRect
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
ClientToScreen
wvsprintfA
InflateRect
UnionRect
SetRectEmpty
OffsetRect
RegisterClassA
RegisterWindowMessageA
CreateWindowExA
DefWindowProcA
GetSystemMetrics

gdi32

ExtTextOutA
PolylineTo
Polyline
LineTo
GetCurrentPositionEx
PolyPolyline
StrokeAndFillPath
FillPath
SetPolyFillMode
GetGraphicsMode
StrokePath
CreateSolidBrush
SetMiterLimit
FillRgn
GetDIBColorTable
GetNearestPaletteIndex
ArcTo
SetArcDirection
SelectClipPath
GetPath
CloseFigure
AbortPath
FlattenPath
WidenPath
BeginPath
Ellipse
AngleArc
PolyBezierTo
PolyBezier
RoundRect
PolyDraw
Pie
Chord
Arc
EndPath
OffsetClipRgn
GetRgnBox
SetPaletteEntries
ResizePalette
CreatePalette
GetSystemPaletteEntries
GetSystemPaletteUse
GetDeviceCaps
ExtEscape
GetObjectType
GetPixel
DeleteObject
SelectPalette
GetTextFaceA
GetTextMetricsA
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExA
EnumFontFamiliesExW
SelectObject
CreateFontIndirectW
CreateFontIndirectA
GetRegionData
DeleteDC
DrawEscape
CreateDCA
CreateICA
CreateRectRgn
GetRandomRgn
LPtoDP
GetWindowExtEx
GetViewportExtEx
GetWindowOrgEx
GetViewportOrgEx
GetMapMode
SetICMMode
Escape
GetDCOrgEx
GetObjectA
GetCurrentObject
GetDIBits
CreateCompatibleDC
CreateDIBSection
RealizePalette
GetPaletteEntries
PatBlt
CreateBrushIndirect
GdiFlush
SetDIBits
SetBkMode
SetBkColor
SetTextColor
CreateBitmap
GetStockObject
EnumMetaFile
GetMetaFileBitsEx
PlayEnhMetaFileRecord
EnumEnhMetaFile
SetMetaRgn
DeleteMetaFile
DeleteEnhMetaFile
CloseEnhMetaFile
PlayMetaFile
SetWindowExtEx
SetWindowOrgEx
SetViewportExtEx
SetViewportOrgEx
SetMapMode
CreateEnhMetaFileA
SetEnhMetaFileBits
SetMetaFileBitsEx
GetEnhMetaFileHeader
CopyMetaFileA
CopyEnhMetaFileA
GetEnhMetaFileBits
GetEnhMetaFileA
GetEnhMetaFileW
RestoreDC
SetWorldTransform
SetGraphicsMode
SaveDC
GetMetaFileA
GetMetaFileW
GdiComment
CreateEnhMetaFileW
SetDIBColorTable
SetBitmapBits
ExtTextOutW
PlayMetaFileRecord
IntersectClipRect
PolyPolygon
SetROP2
SetTextJustification
SetTextAlign
StretchDIBits
SetStretchBltMode
GetNearestColor
CreateDIBPatternBrushPt
DPtoLP
GetObjectW
CreatePenIndirect
GetTextColor
GetBkColor
SelectClipRgn
GetClipRgn
SetBrushOrgEx
Polygon
Rectangle
GetROP2
GetWorldTransform
ExtCreatePen
CombineRgn
TranslateCharsetInfo
GetTextCharsetInfo
GetPolyFillMode
GetArcDirection
GetTextAlign
GetBkMode
GetMiterLimit
CreateCompatibleBitmap
ExtCreateRegion
ModifyWorldTransform
ExtSelectClipRgn
CreatePatternBrush
ExcludeClipRect
CreatePen
SetMapperFlags
CombineTransform
ScaleWindowExtEx
ScaleViewportExtEx
StretchBlt
OffsetViewportOrgEx
BitBlt
PlgBlt
GetWinMetaFileBits
PlayEnhMetaFile
MoveToEx
CreateDIBitmap

ole32

CoTaskMemFree
CoTaskMemAlloc
GetHGlobalFromStream
CreateStreamOnHGlobal

advapi32

RegSetValueExW
RegSetValueExA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegEnumKeyExW
RegEnumKeyExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueW
RegCloseKey
RegEnumValueA

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapApplyEffect
GdipBitmapConvertFormat
GdipBitmapCreateApplyEffect
GdipBitmapGetHistogram
GdipBitmapGetHistogramSize
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipConvertToEmfPlus
GdipConvertToEmfPlusToFile
GdipConvertToEmfPlusToStream
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateEffect
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteEffect
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageFX
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFindFirstImageItem
GdipFindNextImageItem
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEffectParameterSize
GdipGetEffectParameters
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImageItemData
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipGraphicsSetAbort
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipImageSetAbort
GdipInitializePalette
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPlayTSClientRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/INETWH32.dll
.dll windows:4 windows x86 arch:x86

2960e17b1e3514da75f38d206900933f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcmpA
lstrlenA
GlobalFree
GetProcAddress
lstrcmpiA
CreateProcessA
GetVersionExA
WideCharToMultiByte
GetFileAttributesA
lstrcpyA
CloseHandle
GetProfileStringA
GlobalUnlock
GlobalLock
GetVersion
ExitProcess
FlushFileBuffers
SetStdHandle
LoadLibraryA
RtlUnwind
SetFilePointer
GetStringTypeW
GetStringTypeA
WriteFile
VirtualAlloc
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoA
HeapAlloc
HeapFree
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
lstrcatA
GetCPInfo
GetACP
GetOEMCP
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
TlsSetValue
FreeEnvironmentStringsA
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
TlsGetValue
GetLastError
TlsAlloc
TlsFree
SetLastError
GetStdHandle
SetHandleCount
GetFileType

user32

LoadStringA
GetSystemMetrics
DialogBoxParamA
MoveWindow
OffsetRect
GetWindowRect
wsprintfA
MessageBoxA
GetParent
GetWindowTextA
GetClassNameA
GetWindowLongA
IsWindowEnabled
IsWindowVisible
GetWindowThreadProcessId
EnumWindows
EnumChildWindows
IsIconic
ShowWindow
SetDlgItemTextA
EndDialog

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

Exports

Exports

BrowserNameFromSystem
BrowserNameFromUser
FindActiveBrowser
INETWH_Initialize
Inet
Internet
LDLLHandler
LaunchBrowser
StoreBrowserName

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Italian.dat
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Italian.data
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Japanese.dat
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Japanese.data
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Microsoft.VC90.CRT.manifest
.xml
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Microsoft.VC90.MFC.manifest
.xml
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/OfficeViewer.exe
.exe windows:5 windows x86 arch:x86

aecfbd5112b646e260f4563955ebd809

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:fe:96:fa:c0:5d:f6:89:cc:4c:cb:a1:a0:a2:55:6d:90:92:c4:c7
Signer

Actual PE Digest

2b:fe:96:fa:c0:5d:f6:89:cc:4c:cb:a1:a0:a2:55:6d:90:92:c4:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\DRW\OfficeViewer_new\OfficeViewer\Release\OfficeViewer.pdb

Imports

kernel32

ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
Sleep
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RaiseException
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
RtlUnwind
SetErrorMode
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetOEMCP
GetCPInfo
GetFileSizeEx
LocalFileTimeToFileTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetModuleHandleW
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetStringTypeExA
DeleteFileA
MoveFileA
FileTimeToLocalFileTime
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetTickCount
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
InterlockedExchange
FreeResource
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
lstrcmpW
GetVersionExA
GetCurrentProcessId
LoadLibraryA
GlobalGetAtomNameA
GlobalAddAtomA
GetLastError
SetLastError
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
lstrlenA
GetModuleHandleA
GetProcAddress
GetFileAttributesA
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
MultiByteToWideChar
lstrcmpiA
lstrcmpA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
CreateFileA
CloseHandle
CopyFileW
DeleteFileW

user32

PostThreadMessageA
UnregisterClassA
SetCapture
CharUpperA
LoadCursorA
GetSysColorBrush
GetMenuItemInfoA
InflateRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
RegisterClipboardFormatA
MapDialogRect
ShowOwnedPopups
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
MessageBeep
TrackPopupMenu
SetForegroundWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
PtInRect
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetSysColor
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
WinHelpA
SetWindowPos
SetFocus
GetWindowThreadProcessId
IsWindowEnabled
EqualRect
GetDlgItem
SetWindowLongA
GetDlgCtrlID
GetKeyState
LoadIconA
SetCursor
PeekMessageA
GetCapture
wsprintfW
UpdateWindow
EnableWindow
EnumChildWindows
GetClassNameA
ReleaseCapture
LoadAcceleratorsA
SetActiveWindow
InvalidateRect
IsIconic
InsertMenuItemA
CreatePopupMenu
GetClassInfoA
OffsetRect
GetMenu
GetLastActivePopup
BringWindowToTop
SetMenu
GetDesktopWindow
GetWindow
GetNextDlgGroupItem
InvalidateRgn
CharNextA
DestroyIcon
GetWindowLongA
TranslateAcceleratorA
MoveWindow
ShowWindow
GetParent
GetClientRect
CreateMenu
DeleteMenu
GetMenuItemCount
GetSubMenu
InsertMenuA
RemoveMenu
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SendMessageA
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
InSendMessage
IsClipboardFormatAvailable
IsRectEmpty
SetRect
SetRectEmpty
CopyRect
IntersectRect
PostMessageA
SendNotifyMessageA
CopyAcceleratorTableA
GetActiveWindow
IsWindow
IsWindowVisible
GetMenuItemID
AppendMenuA
GetMenuStringA
GetWindowTextA
SetWindowContextHelpId

gdi32

ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
GetMapMode
CreateBitmap
GetPixel
BitBlt
GetViewportExtEx
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
CopyMetaFileA
GetDeviceCaps
GetWindowExtEx
PtVisible

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyExA
RegQueryValueExA

shell32

ExtractIconA
DragQueryFileA
SHGetFileInfoA
DragFinish

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

oledlg

ord7
ord1
ord5
ord8

ole32

WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CoTreatAsClass
CreateBindCtx
OleDuplicateData
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoDisconnectObject
OleGetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoGetClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CoUninitialize
CoInitializeEx
SetConvertStg
CreateItemMoniker
OleGetIconOfClass
OleSetContainedObject
StringFromCLSID
GetHGlobalFromILockBytes
StgOpenStorageOnILockBytes
OleCreateStaticFromData
OleLockRunning
CreateStreamOnHGlobal
OleSaveToStream
WriteClassStm
ReleaseStgMedium
OleSave
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgIsStorageFile
CreateFileMoniker
StgCreateDocfile
CoTaskMemAlloc
CoTaskMemFree
OleRun
StgOpenStorage
OleCreate
OleLoad
OleCreateFromFile
OleSetMenuDescriptor
CreateGenericComposite

oleaut32

SysFreeString
VariantChangeType
SysStringLen
SysAllocString
VariantCopy
SafeArrayDestroy
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringByteLen
VariantInit
OleCreateFontIndirect
VariantClear

Sections

.text
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/OfficeViewer15.exe
.exe windows:5 windows x86 arch:x86

b2d1246ac592f26cbbc86b23475dc513

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d0:48:e1:ab:44:13:c4:02:f2:c1:5a:3d:8d:74:7b:7e:5f:24:ba:a2
Signer

Actual PE Digest

d0:48:e1:ab:44:13:c4:02:f2:c1:5a:3d:8d:74:7b:7e:5f:24:ba:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\code\OfficeTestTemp\Release\OfficeViewer15.pdb

Imports

kernel32

GetConsoleMode
GetConsoleCP
CompareStringW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
VirtualFree
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
GetFileType
SetStdHandle
HeapSize
GetSystemTimeAsFileTime
SetEnvironmentVariableA
ExitThread
ExitProcess
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindResourceExA
VirtualProtect
GetTempPathA
SearchPathA
Sleep
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProfileIntA
GlobalFlags
GetCurrentDirectoryA
lstrcpyA
GetFileSizeEx
LocalFileTimeToFileTime
WriteConsoleW
GetConsoleOutputCP
CreateThread
WriteConsoleA
GetFileAttributesExA
FileTimeToLocalFileTime
CreateFileA
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetStringTypeExA
MoveFileA
GetModuleHandleW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
WaitForSingleObject
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
FreeResource
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
FreeLibrary
lstrcmpW
GetVersionExA
GetCurrentProcessId
LoadLibraryA
GlobalGetAtomNameA
GlobalAddAtomA
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
GetLastError
SetLastError
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
lstrlenA
GetModuleHandleA
GetProcAddress
GetFileAttributesA
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalFree
MultiByteToWideChar
GlobalLock
GlobalUnlock
lstrcmpA
lstrcmpiA
GetCurrentProcess
TerminateProcess
OpenProcess
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
DeleteFileA
SetErrorMode
CopyFileA
GetTickCount
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource

user32

EmptyClipboard
CloseClipboard
SetClipboardData
LoadImageA
CopyImage
UnregisterClassA
DestroyIcon
GetNextDlgGroupItem
InvalidateRgn
CharNextA
MapVirtualKeyA
GetKeyNameTextA
PostThreadMessageA
GetMenuDefaultItem
GetUpdateRect
FrameRect
LockWindowUpdate
SetMenuDefaultItem
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MessageBeep
KillTimer
SetTimer
GetSystemMenu
DrawIconEx
GetSysColorBrush
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
WaitMessage
LoadCursorA
SetCapture
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetDC
ReleaseDC
CharUpperA
ShowOwnedPopups
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatA
PostQuitMessage
IsDialogMessageA
SetDlgItemTextA
CheckDlgButton
RegisterWindowMessageA
SendDlgItemMessageA
IsChild
SetWindowsHookExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
SetCursorPos
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CallWindowProcA
PtInRect
GetWindowPlacement
UnpackDDElParam
ReuseDDElParam
LoadMenuA
WinHelpA
SetFocus
GetWindowThreadProcessId
IsWindowEnabled
EqualRect
GetDlgItem
SetWindowLongA
GetDlgCtrlID
LoadIconA
SetCursor
PeekMessageA
ReleaseCapture
LoadAcceleratorsA
InvalidateRect
InsertMenuItemA
GetClassInfoA
OffsetRect
GetMenu
GetLastActivePopup
BringWindowToTop
SetMenu
GetDesktopWindow
GetWindowLongA
TranslateAcceleratorA
GetWindowTextLengthA
SetRectEmpty
SetRect
IsClipboardFormatAvailable
InSendMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
GetSysColor
GetSystemMetrics
GetMenuStringA
DestroyMenu
GetMenuItemInfoA
InflateRect
DestroyAcceleratorTable
DestroyWindow
SetClassLongA
GetAsyncKeyState
SystemParametersInfoA
NotifyWinEvent
GetKeyState
GetIconInfo
CopyIcon
GetDoubleClickTime
CharUpperBuffA
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
IsCharLowerA
WindowFromPoint
SetParent
GetTopWindow
GetCapture
RedrawWindow
ScreenToClient
ClientToScreen
GetWindowRect
SetWindowRgn
IsZoomed
GetMenuState
DrawIcon
DestroyCursor
GetWindowRgn
SubtractRect
CreateAcceleratorTableA
UnhookWindowsHookEx
GetKeyboardState
GetMenuItemID
CheckMenuItem
AppendMenuA
CreatePopupMenu
GetWindow
IsWindow
GetActiveWindow
CopyAcceleratorTableA
SendNotifyMessageA
GetFocus
PostMessageA
SendMessageA
IntersectRect
CopyRect
IsRectEmpty
IsWindowVisible
RemoveMenu
InsertMenuA
GetSubMenu
GetMenuItemCount
DeleteMenu
CreateMenu
GetWindowTextA
FindWindowExA
MoveWindow
GetParent
DefWindowProcA
GetClientRect
EnumChildWindows
GetClassNameA
RegisterHotKey
OpenClipboard
CallNextHookEx
SetForegroundWindow
SetActiveWindow
SetWindowPos
ShowWindow
IsIconic
FindWindowA
EnableWindow
UpdateWindow
SetWindowTextA

gdi32

ExtSelectClipRgn
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateEllipticRgn
CreatePolygonRgn
GetBkColor
GetTextColor
Polyline
Ellipse
Polygon
CreateRoundRectRgn
CreateDIBSection
GetTextMetricsA
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetRgnBox
Rectangle
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
OffsetRgn
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
CreatePalette
GetPaletteEntries
ExtFloodFill
SetPaletteEntries
RoundRect
GetTextFaceA
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
SetPixelV
IntersectClipRect
ExcludeClipRect
SetMapMode
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetPixel
GetViewportExtEx
SelectClipRgn
SetTextAlign
MoveToEx
GetWindowOrgEx
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreatePatternBrush
DeleteObject
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateRectRgn
DeleteDC
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
StartDocA
DPtoLP
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateCompatibleBitmap
CreateDCA
CopyMetaFileA
GetDeviceCaps
CreateBitmap
GetTextExtentPoint32A
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateFontIndirectA
GetObjectA
GetWindowExtEx
LineTo

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
GetJobA
DocumentPropertiesA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
SetFileSecurityA
GetFileSecurityA
RegSetValueA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA
RegDeleteValueA
RegCloseKey
RegCreateKeyA
RegCreateKeyExA

shell32

DragFinish
DragQueryFileA
SHGetFileInfoA
SHAppBarMessage
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
ExtractIconA

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

oledlg

ord3
ord7
ord5
ord8
ord1

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleTranslateAccelerator
IsAccelerator
StgIsStorageFile
StgOpenStorage
CreateFileMoniker
StgCreateDocfile
OleSetMenuDescriptor
CreateGenericComposite
CoInitializeEx
OleGetIconOfClass
OleCreateLinkToFile
OleCreateFromFile
OleSetContainedObject
StringFromCLSID
GetHGlobalFromILockBytes
StgOpenStorageOnILockBytes
OleLoad
OleCreate
OleCreateStaticFromData
OleLockRunning
CreateStreamOnHGlobal
OleSaveToStream
WriteClassStm
ReleaseStgMedium
OleSave
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoRegisterMessageFilter
CoRevokeClassObject
CoGetClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleGetClipboard
CoDisconnectObject
GetClassFile
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleDuplicateData
CreateBindCtx
CoTreatAsClass
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CLSIDFromString
CLSIDFromProgID
CreateItemMoniker
CoCreateInstance

oleaut32

VariantClear
OleCreateFontIndirect
VariantInit
SysAllocStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
VariantCopy
SysAllocString
SysStringLen
VariantChangeType
SysFreeString
SafeArrayDestroy

gdiplus

GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromStreamICM
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdiplusStartup
GdipBitmapUnlockBits
GdipDisposeImage
GdiplusShutdown

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Portuguesa(Br).dat
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Portuguesa(Br).data
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/PubLog.dll
.dll windows:5 windows x86 arch:x86

5f9017aecaa6f6f30402302e93f88e95

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:7a:ca:a5:69:e6:ca:52:b7:f4:4c:f7:ad:ed:c1:d0:6b:ed:d4:9f
Signer

Actual PE Digest

72:7a:ca:a5:69:e6:ca:52:b7:f4:4c:f7:ad:ed:c1:d0:6b:ed:d4:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DRW\_drw_main\DRWIntelligentScan\Bin\Release\PubLog.pdb

Imports

kernel32

OutputDebugStringA
CloseHandle
CreateFileA
WriteFile
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
CreateMutexA
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
HeapFree
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
LoadLibraryA
GetLocaleInfoA
RaiseException
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

Exports

Exports

?DebugTrace@@YAXPBDPAPAD@Z
?DebugTrace@@YAXPBDZZ
?FileNameToFileCode@@YAGPAD@Z
?InitLog@@YAXPBDW4LOGLEVEL@@W4LOGTYPE@@@Z
?Log@@YAXW4LOGLEVEL@@PBDPAPAD@Z
?Log@@YAXW4LOGLEVEL@@PBDZZ
?LogError@@YAXPBDPAPAD@Z
?LogError@@YAXPBDZZ
?LogInfo@@YAXPBDPAPAD@Z
?LogInfo@@YAXPBDZZ
?LogWarning@@YAXPBDPAPAD@Z
?LogWarning@@YAXPBDZZ
?ReleaseTrace@@YAXPBDPAPAD@Z
?ReleaseTrace@@YAXPBDZZ

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/ROBOEX32.DLL
.dll windows:4 windows x86 arch:x86

49a08f9ad72a3cb6bd833a19a0fa5d39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

SetErrorMode
GlobalFlags
GetProcessVersion
TlsGetValue
GetCPInfo
GetOEMCP
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentDirectoryA
RtlUnwind
RaiseException
TlsSetValue
LocalReAlloc
CreateThread
ExitThread
ExitProcess
TerminateProcess
HeapReAlloc
SetStdHandle
GetFileType
HeapFree
GetACP
GetTimeZoneInformation
HeapAlloc
HeapSize
TlsFree
GetStringTypeA
GetStringTypeW
GetDriveTypeA
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
DeleteFileA
GetThreadLocale
SetUnhandledExceptionFilter
VirtualAlloc
UnhandledExceptionFilter
TlsAlloc
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsBadReadPtr
IsBadWritePtr
GetCurrentThread
MulDiv
SetLastError
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
LCMapStringW
LCMapStringA
LoadLibraryA
CreateProcessA
CloseHandle
FindResourceA
LoadResource
GetCurrentThreadId
GetPrivateProfileIntA
GetPrivateProfileStringA
GetCurrentProcessId
GetCommandLineA
GlobalReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GlobalHandle
GetWindowsDirectoryA
SearchPathA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
lstrcpynA
LocalAlloc
lstrlenA
GetLastError
UnlockFile
SetEndOfFile
SetFilePointer
LockFile
FlushFileBuffers
DuplicateHandle
ReadFile
GetCurrentProcess
SuspendThread
lstrcmpA
CreateEventA
SetEvent
SetThreadPriority
ResumeThread
WideCharToMultiByte
LocalFree
MultiByteToWideChar
GetVersion
InterlockedDecrement
InterlockedIncrement
GlobalAddAtomA
lstrcatA
GlobalGetAtomNameA
GetVersionExA
GlobalFindAtomA
GlobalDeleteAtom
MoveFileExA
WritePrivateProfileStringA
WaitForSingleObject
CreateDirectoryA
FormatMessageA
LeaveCriticalSection
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateFileMappingA
UnmapViewOfFile
GetFileSize
GetTempFileNameA
MapViewOfFile
GetTickCount
LockResource
GetTempPathA
SizeofResource
lstrcmpiA
CreateFileA
WriteFile
GetFileAttributesA
GlobalSize
FreeLibrary
GetProcAddress
GetSystemDirectoryA
GetModuleFileNameA
HeapCreate
Sleep
VirtualFree
IsBadCodePtr

user32

DrawTextA
SetWindowContextHelpId
MapDialogRect
DestroyMenu
CharNextA
UnregisterClassA
GetDesktopWindow
GetSysColorBrush
CopyAcceleratorTableA
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
SetWindowTextA
IsDialogMessageA
LoadIconA
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollRange
GetScrollPos
GetTopWindow
MessageBoxA
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenuItemID
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
GrayStringA
PostQuitMessage
EndDialog
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
GetAsyncKeyState
DrawMenuBar
GetMenu
GetWindowDC
GetUpdateRect
GetLastActivePopup
TrackPopupMenu
DestroyWindow
GetCursorPos
SetFocus
EnumThreadWindows
GetDC
ReleaseDC
FillRect
GetCapture
ReleaseCapture
SetCapture
ClientToScreen
PtInRect
LoadMenuA
GetSubMenu
RemoveMenu
ModifyMenuA
GetMenuStringA
GetMenuItemCount
InsertMenuA
DeleteMenu
IsChild
MoveWindow
EnumWindows
IsWindowVisible
RegisterWindowMessageA
IntersectRect
UnionRect
EqualRect
GetWindowRect
BeginPaint
EndPaint
IsRectEmpty
UpdateWindow
GetCursor
SetCursor
SetRect
GetWindowPlacement
SetWindowPlacement
FindWindowExA
PeekMessageA
TranslateMessage
DispatchMessageA
CreatePopupMenu
AppendMenuA
LoadCursorA
GetForegroundWindow
GetMessageTime
FindWindowA
TabbedTextOutA
GetMessageA
ValidateRect
GetNextDlgTabItem
IsIconic
GetActiveWindow
GetWindowThreadProcessId
CallNextHookEx
LoadStringA
SetWindowsHookExA
UnhookWindowsHookEx
GetFocus
GetKeyState
GetMessagePos
ScreenToClient
InvalidateRect
PostMessageA
SetWindowPos
GetWindowTextLengthA
GetDlgCtrlID
GetDlgItem
SetDlgItemTextA
GetClassNameA
CharUpperA
LoadImageA
GetSysColor
GetWindowTextA
OffsetRect
InflateRect
DrawFocusRect
GetParent
CallWindowProcA
IsWindowEnabled
GetWindow
SendMessageA
GetWindowLongA
DefWindowProcA
SetWindowLongA
GetClientRect
CopyRect
IsWindow
EnableWindow
SetForegroundWindow
ShowWindow
SystemParametersInfoA

gdi32

GetObjectA
RealizePalette
StretchBlt
ScaleWindowExtEx
ExcludeClipRect
LineTo
SetWindowExtEx
MoveToEx
GetDeviceCaps
GetViewportExtEx
CreatePen
GetWindowExtEx
CreateSolidBrush
CreatePatternBrush
RectVisible
TextOutA
PtVisible
GetMapMode
Escape
DPtoLP
GetTextColor
LPtoDP
ScaleViewportExtEx
SetViewportExtEx
SetViewportOrgEx
SetMapMode
OffsetViewportOrgEx
SetStretchBltMode
SelectPalette
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
DeleteObject
Rectangle
GetBkColor
SelectObject
PatBlt
GetStockObject
GetDIBColorTable
CreateHalftonePalette
CreatePalette
CreateCompatibleDC
BitBlt
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA

shell32

FindExecutableA
ShellExecuteA

comctl32

ImageList_Replace
ImageList_GetImageInfo
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA

oledlg

ord8

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
CreateStreamOnHGlobal
GetHGlobalFromStream
CreateFileMoniker
OleInitialize
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleFlushClipboard
CoTaskMemFree

olepro32

ord253

oleaut32

SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantTimeToSystemTime
VariantCopy
VariantChangeType
VariantClear
SysAllocStringLen

Exports

Exports

AboutWinHelp2000
InitWinHelp2000
JumpHtml
JumpUrlIEBack
JumpUrlIEBrowseNext
JumpUrlIEBrowsePrev
JumpUrlIEForward
JumpUrlIEPrint
JumpUrlIERefresh
JumpUrlIEStop
LDLLHandler
RoboHelpExAbout
RoboHelpExEHelp
RoboHelpExInitialize
RoboHelpExSeeAlso
RoboHelpExShowNavPane
RoboHelpExShowSeeAlso
RoboHelpExWatermark
RoboHelpExWatermarkNonScroll
Wh98About
Wh98Initialize
Wh98SeeAlso
Wh98ShowNavPane
Wh98ShowSeeAlso
Wh98Watermark
Wh98WatermarkNSR

Sections

.text
Size: 448KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Resource.xml
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Spanish.dat
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Spanish.data
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/Upgrade.ini
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/dbghelp.dll
.dll windows:6 windows x86 arch:x86

425b64334ee18e882811879422b116dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

kernel32

GetProcAddress
DeleteFileA
CreateDirectoryA
GetModuleFileNameA
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
UnmapViewOfFile
GetFullPathNameA
GetFileAttributesA
SetFilePointer
FindClose
VirtualProtect
VirtualAlloc
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
OpenProcess
GetCurrentProcessId
VirtualFree
ReadProcessMemory
WriteFile
DeleteFileW
CreateFileW
SetErrorMode
DebugBreak
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
FreeLibrary
OutputDebugStringA
lstrlenA
IsDBCSLeadByte
HeapFree
HeapAlloc
HeapReAlloc
TlsFree
TlsAlloc
GetVersionExA
InitializeCriticalSection
FlushViewOfFile
MapViewOfFileEx
GetFileType
CreateFileMappingW
DeviceIoControl
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
CopyFileA
SetFileAttributesA
CopyFileW
GetFileAttributesW
SetFileAttributesW
InterlockedIncrement
InterlockedDecrement
Sleep
FormatMessageA
GetThreadSelectorEntry
CreateThread
TerminateThread
LoadLibraryW
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
HeapCreate
DeleteCriticalSection
LocalFree
HeapDestroy
TlsGetValue
TlsSetValue
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
FindFirstFileA
FindNextFileA
SetLastError
GetEnvironmentVariableA
GetSystemInfo
GetVersionExW
SuspendThread

msvcrt

__dllonexit
_adjust_fdiv
_initterm
_wcsnicmp
isprint
_vsnwprintf
memmove
calloc
wcscat
strncat
_itoa
_vsnprintf
_write
strncpy
_strcmpi
strrchr
tolower
_close
_open
time
wcsncpy
_ltoa
_strnicmp
vsprintf
_stricmp
isspace
ctime
malloc
_strlwr
free
__CxxFrameHandler
fclose
_wcsicmp
_onexit
wcscmp
wcsncmp
_wsplitpath
towlower
__unDName
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
_osver
wcstol
wcsrchr
_wmakepath
wcscpy
_winminor
_winmajor
_wcsdup
ftell
_wgetenv
_mbsicmp
_fullpath
_access
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_get_osfhandle
_read
_lseeki64
_chsize
_open_osfhandle
_mbscmp
_memicmp
_mbsnbcpy
??1type_info@@UAE@XZ
?terminate@@YAXXZ
sprintf
_except_handler3
wcslen
qsort
strchr
strstr
strncmp
isxdigit
??2@YAPAXI@Z
??3@YAXPAX@Z
_splitpath
_purecall
atol

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymAddSymbol
SymCleanup
SymDeleteSymbol
SymEnumLines
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromIndex
SymFromName
SymFromToken
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetScope
SymGetSearchPath
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileToken
SymGetSourceVarFromToken
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymMatchStringW
SymNext
SymPrev
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSetContext
SymSetHomeDirectory
SymSetOptions
SymSetParentWindow
SymSetSearchPath
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
fptr
lm
lmi
omap
srcfiles
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 733KB - Virtual size: 732KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/gc.dll
.dll windows:4 windows x86 arch:x86

ef5b8d11f33ddf102de596e074913d24

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/09/2014, 00:00

Not After

02/10/2017, 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,OU=IT,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:e0:13:9d:d5:3e:87:b0:16:f8:6c:ad:d5:99:7f:81:1e:af:ff:59
Signer

Actual PE Digest

8a:e0:13:9d:d5:3e:87:b0:16:f8:6c:ad:d5:99:7f:81:1e:af:ff:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
InitializeCriticalSection
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
DebugBreak
WriteFile
CreateFileA
GetSystemInfo
GetVersion
VirtualAlloc
GlobalAlloc
GlobalFree
InterlockedExchange
VirtualProtect
SetUnhandledExceptionFilter
GetLastError
GetExitCodeThread
SuspendThread
CloseHandle
GetCurrentThreadId
ResumeThread
GetThreadContext
CreateThread
Sleep
DuplicateHandle
GetCurrentThread
GetCurrentProcess
InterlockedIncrement

user32

MessageBoxA

msvcrt

sprintf
_adjust_fdiv
exit
_errno
_except_handler3
atoi
atol
getenv
free
malloc
__dllonexit
_onexit
_initterm

Exports

Exports

GC_abort
GC_add_roots
GC_all_interior_pointers
GC_allocate_ml
GC_arrays
GC_base
GC_call_with_alloc_lock
GC_calloc_explicitly_typed
GC_change_stubborn
GC_clear_roots
GC_collect_a_little
GC_debug_change_stubborn
GC_debug_end_stubborn_change
GC_debug_free
GC_debug_invoke_finalizer
GC_debug_malloc
GC_debug_malloc_atomic
GC_debug_malloc_atomic_ignore_off_page
GC_debug_malloc_ignore_off_page
GC_debug_malloc_replacement
GC_debug_malloc_stubborn
GC_debug_malloc_uncollectable
GC_debug_realloc
GC_debug_realloc_replacement
GC_debug_register_displacement
GC_debug_register_finalizer
GC_debug_register_finalizer_ignore_self
GC_debug_register_finalizer_no_order
GC_debug_strdup
GC_disable
GC_dont_expand
GC_dont_gc
GC_dont_precollect
GC_enable
GC_enable_incremental
GC_end_stubborn_change
GC_err_printf
GC_exclude_static_roots
GC_expand_hp
GC_finalize_all
GC_finalize_on_demand
GC_finalizer_notifier
GC_find_leak
GC_fo_entries
GC_free
GC_free_space_divisor
GC_full_freq
GC_gc_no
GC_gcollect
GC_general_register_disappearing_link
GC_get_bytes_since_gc
GC_get_free_bytes
GC_get_heap_size
GC_get_total_bytes
GC_ignore_self_finalize_mark_proc
GC_incremental_protection_needs
GC_init
GC_invoke_finalizers
GC_is_marked
GC_is_valid_displacement
GC_is_valid_displacement_print_proc
GC_is_visible
GC_is_visible_print_proc
GC_java_finalization
GC_make_closure
GC_make_descriptor
GC_malloc
GC_malloc_atomic
GC_malloc_atomic_ignore_off_page
GC_malloc_explicitly_typed
GC_malloc_explicitly_typed_ignore_off_page
GC_malloc_ignore_off_page
GC_malloc_stubborn
GC_malloc_uncollectable
GC_max_retries
GC_no_dls
GC_non_gc_bytes
GC_noop
GC_normal_finalize_mark_proc
GC_null_finalize_mark_proc
GC_oom_fn
GC_parallel
GC_post_incr
GC_pre_incr
GC_printf
GC_quiet
GC_realloc
GC_register_disappearing_link
GC_register_displacement
GC_register_finalizer
GC_register_finalizer_ignore_self
GC_register_finalizer_inner
GC_register_finalizer_no_order
GC_same_obj
GC_same_obj_print_proc
GC_set_free_space_divisor
GC_set_max_heap_size
GC_set_warn_proc
GC_should_invoke_finalizers
GC_size
GC_stackbottom
GC_strdup
GC_time_limit
GC_try_to_collect
GC_unregister_disappearing_link
GC_use_entire_heap
GC_win32_free_heap
_GC_CreateThread@24

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/idfield
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/libcurl.dll
.dll windows:4 windows x86 arch:x86

8d970c7fb352cc798c570f6027abfe18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\sources\curl-7.17.1\lib\Release\libcurl.pdb

Imports

ws2_32

sendto
recvfrom
select
__WSAFDIsSet
inet_ntoa
gethostbyname
WSASetLastError
getprotobyname
setsockopt
htons
connect
getsockopt
ioctlsocket
WSAStartup
WSACleanup
accept
inet_addr
getsockname
socket
bind
ntohs
listen
recv
send
WSAGetLastError
closesocket

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

winmm

timeGetTime

kernel32

FindClose
HeapSize
SetConsoleCtrlHandler
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
CreateFileA
GetCurrentProcessId
QueryPerformanceCounter
GetSystemInfo
VirtualProtect
GetCPInfo
GetOEMCP
GetACP
VirtualQuery
InterlockedExchange
RtlUnwind
InitializeCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetTimeZoneInformation
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
TerminateProcess
FatalAppExitA
ExpandEnvironmentStringsA
PeekNamedPipe
WaitForMultipleObjects
ReadFile
GetFileType
GetStdHandle
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
SleepEx
SetLastError
FormatMessageA
CloseHandle
ReleaseMutex
SetEvent
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetTickCount
CreateEventA
CreateMutexA
DuplicateHandle
GetCurrentProcess
Sleep
SetFilePointer
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetLocaleInfoW
GetDriveTypeA
FindFirstFileA
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
HeapReAlloc
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
GetVersionExA
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
SetStdHandle
TlsAlloc
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
WriteFile
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
ExitProcess
FlushFileBuffers

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_reset
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/mfc90.dll
.dll windows:5 windows x86 arch:x86

2f560e716d78bd62ea5ff577466f3160

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:16:d4:55:00:2a:1d:40:0d:34:cb:ed:17:b9:94:52:3f:24:d5:d8
Signer

Actual PE Digest

98:16:d4:55:00:2a:1d:40:0d:34:cb:ed:17:b9:94:52:3f:24:d5:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mfc90.i386.pdb

Imports

kernel32

GetEnvironmentVariableA
GetEnvironmentVariableW
LoadLibraryExA
GetNumberFormatA
GetWindowsDirectoryA
Sleep
GetModuleHandleW
GetVersion
IsDBCSLeadByte
GetUserDefaultLCID
CopyFileA
GetTickCount
InterlockedIncrement
GetSystemTime
lstrcpyA
lstrcpyW
lstrlenW
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetErrorMode
InterlockedExchange
GetCurrentThread
EnumResourceLanguagesA
ConvertDefaultLocale
GetLocaleInfoA
SuspendThread
ResumeThread
SetThreadPriority
SetEvent
FindNextFileA
FormatMessageA
SearchPathA
GetTempPathA
LocalUnlock
LocalLock
GetTempFileNameA
GetDiskFreeSpaceA
GlobalFlags
RaiseException
FindResourceExA
VirtualProtect
GetProfileIntA
MulDiv
GetCurrentProcessId
GetCurrentThreadId
GlobalAddAtomA
CompareStringA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
lstrcmpW
WaitForMultipleObjects
CreateEventA
ReleaseMutex
CreateMutexA
ReleaseSemaphore
CreateSemaphoreA
WaitForSingleObject
TlsSetValue
LocalReAlloc
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GlobalHandle
TlsFree
GetLastError
InitializeCriticalSection
TlsAlloc
LocalFree
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
FreeLibrary
GetOEMCP
GetCPInfo
SetFileTime
SetFileAttributesA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalAlloc
GlobalSize
GlobalLock
GetShortPathNameA
GetModuleFileNameA
GetStringTypeExA
GetThreadLocale
lstrcmpiA
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
MultiByteToWideChar
GetProcAddress
LoadLibraryA
DeleteFileA
MoveFileA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
lstrcmpA
FindResourceA
LoadResource
LockResource
SizeofResource
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
WideCharToMultiByte
lstrlenA
GlobalGetAtomNameA
GetAtomNameA
SetLastError

msvcr90

_strlwr_s
_CxxThrowException
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
iswspace
_wcsrev
wcspbrk
_wcsicoll
wcsstr
_wcsupr_s
_wcslwr_s
vswprintf_s
_mbsrev
wcscoll
memmove
_vscwprintf
wcschr
_time64
_beginthread
_endthread
sscanf_s
atan2
_mbctolower
_mbctoupper
_ismbcprint
_ismbcalnum
_ismbcalpha
toupper
_mbsicoll
_mbscoll
__CxxFrameHandler3
exp
memcpy
fabs
floor
sin
cos
clock
sqrt
wcsspn
wcscspn
_itoa_s
wcsrchr
wcsncpy_s
_ultoa_s
_ltoa_s
_ismbcdigit
ceil
_snwprintf_s
wcscpy_s
_mbsnbcmp
_mbsupr_s
_mbsstr
_mbsnbicmp
__argv
__argc
_beginthreadex
_endthreadex
_fullpath
atol
_ismbcspace
_mbsdec
_strdup
_mbsspn
_mbscspn
_mbspbrk
_expand
atoi
_recalloc
_mbsrchr
_mbsicmp
strtod
strtoul
strtol
_resetstkoflw
_wcsicmp
wcscmp
_makepath_s
_splitpath_s
wcsnlen
_vsnprintf_s
_snscanf_s
labs
abs
_ismbblead
calloc
_msize
strcat_s
_mbschr
_snprintf_s
_errno
strncpy_s
_mbscmp
_localtime64_s
_mktime64
realloc
fclose
fflush
ftell
fseek
fgets
fputs
fwrite
clearerr_s
ferror
feof
fread
__doserrno
_fdopen
_open_osfhandle
_fileno
_get_osfhandle
_mbsinc
strcpy_s
wcslen
_vscprintf
vsprintf_s
abort
free
malloc
memcmp
memset
strnlen
strlen
memmove_s
memcpy_s
sprintf_s
_mbsnbcpy_s
_purecall
_mbslwr_s

user32

SetWindowRgn
DrawIcon
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassA
ShowOwnedPopups
InsertMenuA
RegisterClipboardFormatA
SendNotifyMessageA
CopyAcceleratorTableA
InSendMessage
PostThreadMessageA
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextA
InvalidateRgn
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
DrawIconEx
SubtractRect
SetClassLongA
CopyIcon
LoadImageA
GetIconInfo
CopyImage
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawStateA
GetUpdateRect
IsMenu
NotifyWinEvent
DestroyAcceleratorTable
CreateAcceleratorTableA
GetKeyboardState
ToAsciiEx
GetKeyboardLayout
MapVirtualKeyExA
IsCharLowerA
DrawFrameControl
UpdateLayeredWindow
EnableScrollBar
GetMenuDefaultItem
SetMenuDefaultItem
HideCaret
InvertRect
GetDoubleClickTime
GetWindowRgn
FrameRect
CharUpperBuffA
OemToCharBuffA
CharToOemBuffA
EnableMenuItem
MoveWindow
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetWindowTextA
GetSysColorBrush
GetMenuItemInfoA
GetMenuStringA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
GetDialogBaseUnits
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
FillRect
DrawFocusRect
LoadBitmapA
GetKeyNameTextA
MapVirtualKeyA
UnionRect
GrayStringA
DrawTextExA
DrawTextA
GetTabbedTextExtentA
GetDCEx
LockWindowUpdate
AppendMenuA
DeleteMenu
GetSystemMenu
DestroyCursor
SetParent
IsZoomed
ReleaseDC
GetDC
SetRect
SetTimer
KillTimer
InflateRect
RedrawWindow
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
DefFrameProcA
TranslateMessage
GetMessageA
ClientToScreen
WindowFromPoint
SetCapture
WaitMessage
GetCursorPos
LoadCursorA
GetMenuBarInfo
BringWindowToTop
InsertMenuItemA
CreatePopupMenu
InvalidateRect
ReuseDDElParam
UnpackDDElParam
DestroyMenu
LoadMenuA
GetActiveWindow
GetWindowThreadProcessId
ShowWindow
IsWindowEnabled
GetDesktopWindow
SetCursor
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
EnableWindow
LoadIconA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
DispatchMessageA
PeekMessageA
PtInRect
SetFocus
SetActiveWindow
GetFocus
AdjustWindowRectEx
DeferWindowPos
EqualRect
ScreenToClient
EndDeferWindowPos
BeginDeferWindowPos
GetClientRect
ScrollWindow
IsWindowVisible
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetParent
GetCapture
WinHelpA
RegisterClassA
GetClassInfoA
GetMenuItemID
GetSubMenu
GetMenuItemCount
TrackPopupMenuEx
TrackPopupMenu
SetWindowPlacement
GetDlgItem
GetWindowTextA
GetWindowTextLengthA
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
CallNextHookEx
RemovePropA
CallWindowProcA
GetPropA
DefWindowProcA
SetMenu
SetCursorPos
DestroyIcon
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
SetMenuItemBitmaps
IsRectEmpty
CheckMenuItem
GetMenu
GetMessagePos
GetMessageTime
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
SendMessageA
IsWindow
GetWindow
SetWindowPos
SetWindowLongA
GetWindowLongA
RegisterWindowMessageA
IntersectRect
OffsetRect
SystemParametersInfoA
GetWindowRect
GetWindowPlacement
IsIconic
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetSystemMetrics
CharUpperA
CopyRect

gdi32

RoundRect
Polyline
GetDIBits
SetDIBColorTable
StretchBlt
CreateRoundRectRgn
FillRgn
GetBoundsRect
SetPixelV
FrameRgn
PtInRegion
CreatePolygonRgn
ExtFloodFill
SetPixel
SetPaletteEntries
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
CreateDIBSection
GetSystemPaletteEntries
GetNearestPaletteIndex
RealizePalette
CreatePalette
GetPaletteEntries
Polygon
OffsetRgn
SetBrushOrgEx
GetRgnBox
CreateMetaFileA
CopyMetaFileA
LPtoDP
Ellipse
CreateEllipticRgn
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
DPtoLP
SetRectRgn
CombineRgn
GetMapMode
GetPixel
CreateDIBPatternBrushPt
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
EnumMetaFile
PlayMetaFile
PlayMetaFileRecord
GetObjectType
ExtSelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocA
EnumFontFamiliesExA
CreateDCA
BitBlt
CreateRectRgnIndirect
PatBlt
UnrealizeObject
Rectangle
CreatePen
CreatePatternBrush
CreateBitmap
TextOutA
DeleteMetaFile
CloseMetaFile
RectVisible
PtVisible
IntersectClipRect
SetWindowOrgEx
GetWindowOrgEx
GetViewportOrgEx
GetDeviceCaps
Escape
ExtTextOutA
MoveToEx
GetTextExtentPointA
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetViewportExtEx
GetWindowExtEx
CreateFontIndirectA
GetTextFaceA
GetTextColor
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetObjectA
SetBkColor
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
GetBkColor
SelectObject
StretchDIBits
DeleteDC
CreateFontA
GetCharWidthA
DeleteObject
GetTextExtentPoint32A
GetTextMetricsA
GetStockObject
SaveDC
RestoreDC
GetClipBox

shlwapi

UrlUnescapeA
PathRemoveExtensionA
PathFindExtensionA
PathRemoveFileSpecW
PathStripToRootA
PathIsUNCA
PathFindFileNameA

comctl32

ImageList_GetIcon
ImageList_DrawEx
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Remove
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ImageList_GetIconSize

msimg32

TransparentBlt
AlphaBlend

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/mfc90u.dll
.dll windows:5 windows x86 arch:x86

814d9e5c82b805568941908a38d8a5f5

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:30:4d:48:e3:b1:ec:6e:44:e0:67:a2:47:4b:75:ed:0c:1c:d3:6c
Signer

Actual PE Digest

6b:30:4d:48:e3:b1:ec:6e:44:e0:67:a2:47:4b:75:ed:0c:1c:d3:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mfc90u.i386.pdb

Imports

kernel32

GetSystemTime
InterlockedIncrement
GetTickCount
CopyFileW
GetUserDefaultLCID
IsDBCSLeadByte
lstrcpyA
LoadLibraryExW
GetEnvironmentVariableW
FormatMessageA
GetEnvironmentVariableA
lstrcpyW
GetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
SetErrorMode
CompareStringA
InterlockedExchange
GetCurrentThread
EnumResourceLanguagesW
ConvertDefaultLocale
GetLocaleInfoW
SuspendThread
ResumeThread
SetThreadPriority
SetEvent
FindNextFileW
FormatMessageW
SearchPathW
GetTempPathW
LocalUnlock
LocalLock
GetTempFileNameW
GetDiskFreeSpaceW
GlobalFlags
RaiseException
FindResourceExW
GetModuleHandleA
VirtualProtect
LoadLibraryA
GetProfileIntW
MulDiv
GetCurrentProcessId
GetVersionExW
GetCurrentThreadId
GlobalAddAtomW
CompareStringW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExA
lstrcmpW
WaitForMultipleObjects
CreateEventW
ReleaseMutex
CreateMutexW
ReleaseSemaphore
CreateSemaphoreW
WaitForSingleObject
TlsSetValue
LocalReAlloc
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GlobalHandle
TlsFree
InitializeCriticalSection
TlsAlloc
LocalFree
GetLastError
LocalAlloc
InterlockedDecrement
GetModuleHandleW
FreeLibrary
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalAlloc
GlobalSize
GlobalLock
GetShortPathNameW
GetModuleFileNameW
GetStringTypeExW
GetThreadLocale
lstrcmpiW
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
GetProcAddress
LoadLibraryW
DeleteFileW
MoveFileW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
CloseHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetCurrentProcess
DuplicateHandle
lstrlenA
lstrcmpA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
GlobalGetAtomNameW
GetAtomNameW
SetLastError
GetVersion
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent

msvcr90

_strlwr_s
_CxxThrowException
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_mbscspn
_vscprintf
_mbsinc
_mbsupr_s
_wcsrev
_mbsspn
_mbscoll
_wcsicoll
_mbsrchr
_mbschr
vsprintf_s
_ismbcspace
_mbsstr
_mbsicoll
_mbsrev
strlen
wcscoll
memmove
_mbsicmp
__CxxFrameHandler3
_mbslwr_s
_mbspbrk
_wcslwr_s
memcpy
strcpy_s
_itow_s
_ultow_s
_ltow_s
iswdigit
ceil
wcsncmp
_mbscmp
strnlen
_wcsupr_s
wcsstr
_wcsnicmp
__wargv
__argc
_beginthreadex
_endthreadex
_wfullpath
_wtol
_wcsdup
wcsspn
wcscspn
wcspbrk
_expand
_wtoi
_recalloc
wcsrchr
wcstod
wcstoul
wcstol
_resetstkoflw
_wcsicmp
_wmakepath_s
_wsplitpath_s
_vsnwprintf_s
_snwscanf_s
labs
abs
calloc
_msize
wcscat_s
wcschr
_snwprintf_s
_errno
wcscmp
_localtime64_s
_mktime64
realloc
fclose
fflush
ftell
fseek
fgetws
fputws
fwrite
clearerr_s
ferror
feof
fread
__doserrno
_fdopen
_open_osfhandle
_fileno
_get_osfhandle
wcscpy_s
_vscwprintf
vswprintf_s
abort
free
malloc
memcmp
memset
wcsnlen
wcslen
memmove_s
memcpy_s
swprintf_s
wcsncpy_s
_purecall
iswspace

user32

GetKeyNameTextW
LoadBitmapW
DrawFocusRect
FillRect
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutW
GetMenuStringW
SystemParametersInfoW
GetMenuItemInfoW
GetSysColorBrush
SetWindowTextW
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageW
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
ModifyMenuW
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
SetWindowRgn
DrawIcon
GetTabbedTextExtentW
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassW
ShowOwnedPopups
InsertMenuW
RegisterClipboardFormatW
SendNotifyMessageW
CopyAcceleratorTableW
InSendMessage
PostThreadMessageW
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextW
InvalidateRgn
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
OemToCharBuffA
CharToOemBuffA
AppendMenuW
DeleteMenu
GetSystemMenu
IsRectEmpty
SetParent
IsZoomed
ReleaseDC
GetDC
SetRect
SetTimer
KillTimer
InflateRect
RedrawWindow
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
DefFrameProcW
TranslateMessage
GetMessageW
ClientToScreen
WindowFromPoint
SetCapture
WaitMessage
GetCursorPos
LoadCursorW
MapVirtualKeyW
BringWindowToTop
InsertMenuItemW
CreatePopupMenu
InvalidateRect
ReuseDDElParam
UnpackDDElParam
DestroyMenu
LoadMenuW
GetActiveWindow
GetWindowThreadProcessId
ShowWindow
IsWindowEnabled
GetDesktopWindow
SetCursor
ReleaseCapture
TranslateAcceleratorW
LoadAcceleratorsW
SetRectEmpty
EnableWindow
LoadIconW
PostMessageW
UpdateWindow
SendDlgItemMessageA
SendDlgItemMessageW
MapWindowPoints
GetSysColor
DispatchMessageW
PeekMessageW
PtInRect
SetFocus
SetActiveWindow
GetFocus
AdjustWindowRectEx
DeferWindowPos
EqualRect
ScreenToClient
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
ScrollWindow
IsWindowVisible
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxW
IsChild
GetParent
GetCapture
WinHelpW
RegisterClassW
GetClassInfoW
GetSubMenu
GetMenuItemCount
TrackPopupMenuEx
TrackPopupMenu
SetWindowPlacement
GetDlgItem
GetWindowTextW
GetWindowTextLengthW
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExW
SetWindowsHookExW
SetPropW
GetClassNameW
GetClassInfoExW
GetClassLongW
CallNextHookEx
RemovePropW
CallWindowProcW
GetPropW
DefWindowProcW
SetMenu
GetMenu
GetMessagePos
GetMessageTime
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
SendMessageW
IsWindow
GetWindow
SetWindowPos
SetWindowLongW
GetWindowLongW
UnionRect
GrayStringW
DrawTextExW
DrawTextW
GetTabbedTextExtentA
GetDCEx
GetMenuBarInfo
LockWindowUpdate
RegisterWindowMessageW
IntersectRect
OffsetRect
SystemParametersInfoA
GetWindowRect
GetWindowPlacement
IsIconic
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetSystemMetrics
CharUpperW
GetMenuItemID

gdi32

GetClipBox
OffsetRgn
SetBrushOrgEx
GetRgnBox
CreateMetaFileW
CopyMetaFileW
LPtoDP
Ellipse
CreateEllipticRgn
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
DPtoLP
SetRectRgn
CombineRgn
GetMapMode
GetPixel
CreateDIBPatternBrushPt
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
EnumMetaFile
PlayMetaFile
PlayMetaFileRecord
GetObjectType
ExtSelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocW
EnumFontFamiliesExW
CreateDCW
BitBlt
CreateRectRgnIndirect
PatBlt
UnrealizeObject
Rectangle
CreatePen
CreatePatternBrush
CreateBitmap
TextOutW
DeleteMetaFile
CloseMetaFile
RectVisible
PtVisible
IntersectClipRect
SetWindowOrgEx
GetWindowOrgEx
GetViewportOrgEx
GetDeviceCaps
Escape
ExtTextOutW
MoveToEx
GetCurrentPositionEx
GetTextExtentPoint32A
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetViewportExtEx
GetWindowExtEx
CreateFontIndirectW
GetTextFaceW
GetTextColor
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
RestoreDC
SaveDC
GetStockObject
GetTextMetricsW
GetTextExtentPoint32W
DeleteObject
GetCharWidthW
CreateFontW
DeleteDC
StretchDIBits
SelectObject
GetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkColor
GetObjectW

shlwapi

UrlUnescapeW
PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

Sections

.text
Size: 986KB - Virtual size: 986KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/mfcm90.dll
.dll windows:5 windows x86 arch:x86

7dabdb1d81bc318202cca27aed9c03e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MFCM90.i386.pdb

Imports

msvcr90

_lock
_onexit
_except_handler4_common
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
_purecall
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__FrameUnwindFilter
_cexit
??_V@YAXPAX@Z
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
__dllonexit

mfc90

ord4114
ord2895
ord6558
ord4528
ord6556
ord6583
ord4383
ord2359
ord6289
ord6290
ord2342
ord1391
ord1401
ord5745
ord1866
ord4028
ord391
ord1241
ord1152
ord1137
ord4515
ord4512
ord2965
ord6006
ord6430
ord4279
ord4282
ord2125
ord1744
ord1745
ord2766
ord2978
ord3107
ord4714
ord2961
ord3122
ord2769
ord2888
ord2759
ord3227
ord4066
ord4067
ord4057
ord2886
ord910
ord601
ord274
ord819
ord4334
ord4890
ord4667
ord3485
ord6433
ord1252
ord6252
ord2157
ord1221
ord2246
ord1751
ord3418
ord3728
ord1377
ord721
ord474
ord3935
ord5634
ord3387
ord4040
ord5647
ord5607
ord2069
ord345
ord4679
ord1748
ord5005
ord1728
ord5403
ord4585
ord1144
ord1143
ord599

kernel32

InterlockedExchange
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
SetUnhandledExceptionFilter

msvcm90

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z

user32

GetWindow
GetClientRect
SendMessageA
PostMessageA
CopyRect
SetWindowPos

mscoree

_CorDllMain

Exports

Exports

AfxmReleaseManagedReferences

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/mfcm90u.dll
.dll windows:5 windows x86 arch:x86

8835e897cda95e4221fbfed49b505c04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MFCM90U.i386.pdb

Imports

msvcr90

_lock
_onexit
_except_handler4_common
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
_purecall
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__FrameUnwindFilter
_cexit
??_V@YAXPAX@Z
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
__dllonexit

mfc90u

ord4129
ord2900
ord6578
ord4542
ord6576
ord6603
ord4397
ord2359
ord6309
ord6310
ord2342
ord1387
ord1397
ord5762
ord1866
ord4042
ord391
ord1239
ord1152
ord1137
ord4529
ord4526
ord2970
ord6023
ord6450
ord4293
ord4296
ord2125
ord1743
ord1744
ord2771
ord2983
ord3112
ord4728
ord2966
ord3127
ord2774
ord2893
ord2764
ord3235
ord4080
ord4081
ord4071
ord2891
ord909
ord600
ord269
ord813
ord4348
ord4905
ord4681
ord3494
ord6453
ord1248
ord6270
ord2157
ord1221
ord2246
ord1750
ord3427
ord3739
ord1373
ord721
ord474
ord3948
ord5651
ord3396
ord4054
ord5664
ord5624
ord2069
ord345
ord4693
ord1747
ord5020
ord1727
ord5418
ord4599
ord1144
ord1143
ord598

kernel32

InterlockedExchange
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
SetUnhandledExceptionFilter

msvcm90

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z

user32

GetWindow
GetClientRect
SendMessageW
PostMessageW
CopyRect
SetWindowPos

mscoree

_CorDllMain

Exports

Exports

AfxmReleaseManagedReferences

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/msvcm90.dll
.dll windows:5 windows x86 arch:x86

2e705c0231c4d814c2d2191566905482

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcm90.i386.pdb

Imports

msvcr90

__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
__setusermatherr
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_query_new_handler@@YAP6AHI@ZXZ
signal
_invalid_parameter
_errno
_set_invalid_parameter_handler
_get_invalid_parameter_handler
?set_terminate@@YAP6AXXZP6AXXZ@Z
_get_terminate
_set_purecall_handler
_get_purecall_handler
?set_unexpected@@YAP6AXXZP6AXXZ@Z
_get_unexpected
_fpieee_flt
_cexit
strcpy_s
strlen
_exit
_XcptFilter
_endthread
_getptd
_freefls
___fls_setvalue@8
___fls_getvalue@4
__get_flsindex
__set_flsgetvalue
_dosmaperr
_initptd
calloc
_encode_pointer
memcpy_s
memcmp
memmove_s
memset
??_V@YAXPAX@Z
___mb_cur_max_func
_invalid_parameter_noinfo
_invoke_watson
_CxxThrowException
??2@YAPAXI@Z
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
abort
fgetc
fputc
ungetc
fflush
setvbuf
fwrite
fgetpos
fseek
fsetpos
fclose
__iob_func
fgetwc
fputwc
ungetwc
realloc
setlocale
sprintf_s
memcpy
___lc_handle_func
__crtGetStringTypeW
__pctype_func
___mb_cur_max_l_func
___lc_codepage_func
__crtLCMapStringW
__crtLCMapStringA
_wfsopen
mbstowcs_s
__uncaught_exception
isupper
islower
towlower
towupper
strcmp
__FrameUnwindFilter
__dllonexit
_unlock
??3@YAXPAX@Z
_ui64toa_s
_create_locale
malloc
_free_locale
_endthreadex
free

kernel32

WideCharToMultiByte
CreateThread
ResumeThread
GetLastError
ExitThread
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId

ole32

CoCreateInstance

mscoree

CorBindToRuntimeEx
_CorDllMain

Exports

Exports

?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?_Addstd@ios_base@std@@SAXPAV12@@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF_func@std@@YAABJXZ
?_Cerr_func@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@XZ
?_Cin_func@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@XZ
?_Clocptr_func@_Locimp@locale@std@@CAAAPAV123@XZ
?_Clog_func@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@XZ
?_Cout_func@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Fpz_func@std@@YAAA_JXZ
?_Getcvt@@YA?AU_Cvtvec@@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Id_cnt_func@id@locale@std@@CAAAHXZ
?_Id_func@?$codecvt@GDH@std@@SAAAVid@locale@2@XZ
?_Id_func@?$codecvt@_WDH@std@@SAAAVid@locale@2@XZ
?_Id_func@?$ctype@D@std@@SAAAVid@locale@2@XZ
?_Id_func@?$ctype@G@std@@SAAAVid@locale@2@XZ
?_Id_func@?$ctype@_W@std@@SAAAVid@locale@2@XZ
?_Index_func@ios_base@std@@CAAAHXZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Init_cnt_func@Init@ios_base@std@@CAAAHXZ
?_Init_ctor@Init@ios_base@std@@CAXPAV123@@Z
?_Init_dtor@Init@ios_base@std@@CAXPAV123@@Z
?_Init_locks_ctor@_Init_locks@std@@CAXPAV12@@Z
?_Init_locks_dtor@_Init_locks@std@@CAXPAV12@@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Locimp_dtor@_Locimp@locale@std@@CAXPAV123@@Z
?_Locinfo_Addcats@_Locinfo@std@@SAAAV12@PAV12@HPBD@Z
?_Locinfo_ctor@_Locinfo@std@@SAXPAV12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?_Locinfo_ctor@_Locinfo@std@@SAXPAV12@HPBD@Z
?_Locinfo_ctor@_Locinfo@std@@SAXPAV12@PBD@Z
?_Locinfo_dtor@_Locinfo@std@@SAXPAV12@@Z
?_Lockit_ctor@_Lockit@std@@CAXPAV12@@Z
?_Lockit_ctor@_Lockit@std@@CAXPAV12@H@Z
?_Lockit_ctor@_Lockit@std@@SAXH@Z
?_Lockit_dtor@_Lockit@std@@CAXPAV12@@Z
?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Mbrtowc@@YAHPAGPBDIPAHPBU_Cvtvec@@@Z
?_Mbrtowc@@YAHPA_WPBDIPAHPBU_Cvtvec@@@Z
?_Mtxdst@@YAXPAU_RTL_CRITICAL_SECTION@@@Z
?_Mtxinit@@YAXPAU_RTL_CRITICAL_SECTION@@@Z
?_Mtxlock@@YAXPAU_RTL_CRITICAL_SECTION@@@Z
?_Mtxunlock@@YAXPAU_RTL_CRITICAL_SECTION@@@Z
?_Mutex_Lock@_Mutex@std@@CAXPAV12@@Z
?_Mutex_Unlock@_Mutex@std@@CAXPAV12@@Z
?_Mutex_ctor@_Mutex@std@@CAXPAV12@@Z
?_Mutex_dtor@_Mutex@std@@CAXPAV12@@Z
?_Nomemory@std@@YAXXZ
?_Once@@YAXPAJP6AXXZ@Z
?_Setgloballocale@locale@std@@CAXPAX@Z
?_Sync_func@ios_base@std@@CAAA_NXZ
?_Wcerr_func@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@XZ
?_Wcerr_func@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@XZ
?_Wcin_func@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@1@XZ
?_Wcin_func@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@1@XZ
?_Wclog_func@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@XZ
?_Wclog_func@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@XZ
?_Wcout_func@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@XZ
?_Wcout_func@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@XZ
?_Wcrtomb@@YAHPADGPAHPBU_Cvtvec@@@Z
?_Wcrtomb@@YAHPAD_WPAHPBU_Cvtvec@@@Z
?_Xinvarg@_String_base@std@@SAXXZ
?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ
?__Wcrtomb_lk@@YAHPAD_WPAHPBU_Cvtvec@@@Z
?__get_default_appdomain@@YAJPAPAUIUnknown@@@Z
?__query_new_handler_m@@YAP6MHI@ZXZ
?__release_appdomain@@YAXPAUIUnknown@@@Z
?_beginthread@@YAIP6MXPAX@ZI0@Z
?_beginthreadex@@YAIPAXIP6MI0@Z0IPAI@Z
?_fpieee_flt@@YAHKPAU_EXCEPTION_POINTERS@@P6MHPAU_FPIEEE_RECORD@@@Z@Z
?_set_invalid_parameter_handler@@YAP6AXPB_W00II@ZH@Z
?_set_invalid_parameter_handler@@YAP6MXPB_W00II@ZP6MX000II@Z@Z
?_set_new_handler@@YAP6MHI@ZP6MHI@Z@Z
?_set_purecall_handler@@YAP6AXXZH@Z
?_set_purecall_handler@@YAP6MXXZP6MXXZ@Z
?_uncaught_exception_m@std@@YA_NXZ
?classic@locale@std@@SAABV12@XZ
?empty@locale@std@@SA?AV12@XZ
?global@locale@std@@SA?AV12@ABV12@@Z
?resetiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?set_new_handler@std@@YAP6MXXZP6MXXZ@Z
?set_terminate@@YAP6MXXZP6MXXZ@Z
?set_unexpected@@YAP6MXXZP6MXXZ@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?setprecision@std@@YA?AU?$_Smanip@H@1@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?signal@@YAP6MXH@ZHH@Z
?signal@@YAP6MXH@ZHP6MXH@Z@Z
__setusermatherr_m
towctrans
wctrans
wctype

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/msvcp90.dll
.dll windows:5 windows x86 arch:x86

c2219f463c61f3122c87331837e12c34

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:c4:fe:36:f3:bd:3e:f2:64:2c:75:13:e1:a7:62:07:ef:2f:ea:bf
Signer

Actual PE Digest

e9:c4:fe:36:f3:bd:3e:f2:64:2c:75:13:e1:a7:62:07:ef:2f:ea:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcp90.i386.pdb

Imports

msvcr90

fflush
setvbuf
fwrite
??0exception@std@@QAE@XZ
_Getdays
_Getmonths
fgetpos
fseek
fsetpos
fclose
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
__iob_func
_wfsopen
mbstowcs_s
atan2
cos
exp
ldexp
log
pow
sin
sqrt
tan
fgetwc
fputwc
ungetwc
memcpy
_Strftime
strcspn
sprintf_s
abort
??0exception@std@@QAE@ABQBDH@Z
_realloc_crt
setlocale
_malloc_crt
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
fputs
__uncaught_exception
ungetc
towupper
strcmp
_create_locale
_ui64toa_s
_free_locale
__pctype_func
_errno
___mb_cur_max_l_func
___lc_codepage_func
___lc_handle_func
__crtCompareStringA
___lc_collate_cp_func
__crtLCMapStringA
isupper
_calloc_crt
islower
__crtGetStringTypeW
__crtLCMapStringW
__crtCompareStringW
isspace
tolower
strtod
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
fputc
fgetc
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
_invalid_parameter_noinfo
___mb_cur_max_func
??_V@YAXPAX@Z
_Gettnames
localeconv
free
memset
memchr
strlen
memcmp
wcslen
memmove_s
memcpy_s
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
towlower
??0exception@std@@QAE@ABQBD@Z

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime

Exports

Exports

??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??$?5GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?5MDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5MGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5NDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5NGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5ODU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5OGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AA_W@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@PA_W@Z
??$?5_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?6MDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6MGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6NDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6NGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6ODU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6OGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@_W@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8M@std@@YA_NABMABV?$complex@M@0@@Z
??$?8M@std@@YA_NABV?$complex@M@0@0@Z
??$?8M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?8N@std@@YA_NABNABV?$complex@N@0@@Z
??$?8N@std@@YA_NABV?$complex@N@0@0@Z
??$?8N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?8O@std@@YA_NABOABV?$complex@O@0@@Z
??$?8O@std@@YA_NABV?$complex@O@0@0@Z
??$?8O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?9M@std@@YA_NABMABV?$complex@M@0@@Z
??$?9M@std@@YA_NABV?$complex@M@0@0@Z
??$?9M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?9N@std@@YA_NABNABV?$complex@N@0@@Z
??$?9N@std@@YA_NABV?$complex@N@0@0@Z
??$?9N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?9O@std@@YA_NABOABV?$complex@O@0@@Z
??$?9O@std@@YA_NABV?$complex@O@0@0@Z
??$?9O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?DN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?DO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?GM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?GN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?GO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?HN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?HO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_WABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?KN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?KO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$_Fabs@M@std@@YAMABV?$complex@M@0@PAH@Z
??$_Fabs@N@std@@YANABV?$complex@N@0@PAH@Z
??$_Fabs@O@std@@YAOABV?$complex@O@0@PAH@Z
??$abs@M@std@@YAMABV?$complex@M@0@@Z
??$abs@N@std@@YANABV?$complex@N@0@@Z
??$abs@O@std@@YAOABV?$complex@O@0@@Z
??$arg@M@std@@YAMABV?$complex@M@0@@Z
??$arg@N@std@@YANABV?$complex@N@0@@Z
??$arg@O@std@@YAOABV?$complex@O@0@@Z
??$conj@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$conj@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$conj@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cos@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cos@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cos@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cosh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cosh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cosh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$exp@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$exp@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$exp@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@G@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_W@Z
??$imag@M@std@@YAMABV?$complex@M@0@@Z
??$imag@N@std@@YANABV?$complex@N@0@@Z
??$imag@O@std@@YAOABV?$complex@O@0@@Z
??$log10@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log10@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log10@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$log@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$norm@M@std@@YAMABV?$complex@M@0@@Z
??$norm@N@std@@YANABV?$complex@N@0@@Z
??$norm@O@std@@YAOABV?$complex@O@0@@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM0@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN0@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO0@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@H@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@H@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@H@Z
??$real@M@std@@YAMABV?$complex@M@0@@Z
??$real@N@std@@YANABV?$complex@N@0@@Z
??$real@O@std@@YAOABV?$complex@O@0@@Z
??$sin@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sin@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sin@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sinh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sinh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sinh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sqrt@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sqrt@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sqrt@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tan@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tan@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tan@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tanh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tanh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tanh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??0?$_Complex_base@MU_C_float_complex@@@std@@QAE@ABM0@Z
??0?$_Complex_base@NU_C_double_complex@@@std@@QAE@ABN0@Z
??0?$_Complex_base@OU_C_ldouble_complex@@@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@IAE@PBDI_N1@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N1@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@IAE@PBDI_N1@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N1@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$_Mpunct@_W@std@@IAE@PBDI_N1@Z
??0?$_Mpunct@_W@std@@QAE@ABV_Locinfo@1@I_N1@Z
??0?$_Mpunct@_W@std@@QAE@I_N@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@IAE@V?$allocator@G@1@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@XZ
??0?$allocator@G@std@@QAE@ABV01@@Z
??0?$allocator@G@std@@QAE@XZ
??0?$allocator@X@std@@QAE@ABV01@@Z
??0?$allocator@X@std@@QAE@XZ
??0?$allocator@_W@std@@QAE@ABV01@@Z
??0?$allocator@_W@std@@QAE@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@V?$_String_const_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@1@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@IIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@IAE@PBDI@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
??0?$collate@D@std@@IAE@PBDI@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@IAE@PBDI@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$collate@_W@std@@IAE@PBDI@Z
??0?$collate@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@_W@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABU_C_double_complex@@@Z
??0?$complex@M@std@@QAE@ABU_C_float_complex@@@Z
??0?$complex@M@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABU_C_double_complex@@@Z
??0?$complex@N@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@IAE@PBDI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$messages@D@std@@IAE@PBDI@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@IAE@PBDI@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$messages@_W@std@@IAE@PBDI@Z
??0?$messages@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@_W@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@IAE@PBDI@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@IAE@PBDI@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$moneypunct@_W$00@std@@IAE@PBDI@Z
??0?$moneypunct@_W$00@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@_W$00@std@@QAE@I@Z
??0?$moneypunct@_W$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@_W$0A@@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$moneypunct@_W$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

Sections

.text
Size: 521KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DataRecovery/msvcr90.dll
.dll windows:5 windows x86 arch:x86

0fda4497453286b1daa098623dfc53ce

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:a2:0c:d7:08:3c:6d:9c:9c:e7:11:07:12:85:b9:f7:4e:10:16:d8
Signer

Actual PE Digest

4e:a2:0c:d7:08:3c:6d:9c:9c:e7:11:07:12:85:b9:f7:4e:10:16:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr90.i386.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetLongPathNameW
GetCurrentThreadId
TlsGetValue
DebugBreak
OutputDebugStringA
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetProcessHeap
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapSize
HeapReAlloc
VirtualAlloc
HeapValidate
HeapCompact
HeapWalk
VirtualProtect
GetSystemInfo
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateFileA
FlushFileBuffers
CreatePipe
CreateFileW
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetEndOfFile
GetFileInformationByHandle
PeekNamedPipe
InterlockedExchange
LockFile
UnlockFile
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
QueryPerformanceCounter
GetTickCount
GetStringTypeW
GetStringTypeA
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
GetModuleHandleA

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1exception@std@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_crt_debugger_hook
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_amblksiz
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_invalid_parameter_handler
_get_osfhandle
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_sbh_threshold
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getptd
_getsystime
_getw
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_global_unwind2
_gmtime32

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN-T/Arrange.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN-T/CheckState.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN-T/FileSelCtrl.xml
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN-T/actualsize.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN-T/bestfit.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN-T/button-preview.png
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/Arrange.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/CheckState.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/FileSelCtrl.xml
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/LostFile.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/actualsize.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/bestfit.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/button-preview.png
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/icon_time.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/icon_time_32.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/icon_type.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/icon_type_32.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/preview.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/slider_hover.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/slider_normal.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/slider_press.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/view_list.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/view_preview.bmp
DataRecovery/DataRecovery (Windows 32 Bits)/App/DefaultData/Resource/CHN/view_row.bmp

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

Password: infected

38ad9d4ac65dcfa4c02ca5c90660704a

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

15:ba:aa:58:a1:7f:6c:e5:fe:c3:08:4f:00:4b:bc:dd:a3:71:d3:43Signer

Headers

File Characteristics

PDB Paths

Imports

urlmon

kernel32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

Password: infected

e31872437a1185838f6442458a725b82

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

89:4f:b5:da:d0:39:bf:1c:55:98:09:45:ef:0f:6c:41:5b:62:b4:5bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

publog

kernel32

user32

advapi32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 424KB - Virtual size: 424KB

Password: infected

418be4c9bb9e09c3ba4ce027239e4ada

Code Sign

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

40:e8:a7:1f:93:25:bf:f6:b3:73:cd:e6:45:d0:92:ad:27:15:ec:70Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gc

publog

mfc90

msvcr90

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

15:ba:aa:58:a1:7f:6c:e5:fe:c3:08:4f:00:4b:bc:dd:a3:71:d3:43
Signer

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

89:4f:b5:da:d0:39:bf:1c:55:98:09:45:ef:0f:6c:41:5b:62:b4:5b
Signer

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 424KB - Virtual size: 424KB

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

40:e8:a7:1f:93:25:bf:f6:b3:73:cd:e6:45:d0:92:ad:27:15:ec:70
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 402KB - Virtual size: 402KB

.data
Size: 386KB - Virtual size: 1.4MB

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 122KB - Virtual size: 121KB

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

39:1c:ce:d1:3f:7c:e2:44:9c:60:e4:e7:4f:db:1d:9a:f7:cb:e5:dc
Signer

.text
Size: 205KB - Virtual size: 204KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 349KB - Virtual size: 352KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 9KB - Virtual size: 9KB

7f:86:b4:4c:3e:fb:81:fa:c8:c8:b6:70:58:05:4f:6a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c0:c3:f5:9a:af:33:17:50:0b:d5:36:e9:9f:eb:a6:c7:4d:1d:f4:2b
Signer