59c2e46de1906223af4c6800304d9c325c6b23dfc75c15ac436b16cabc807bd9

Sharing

Copy URL Twitter E-mail

General

Target

59c2e46de1906223af4c6800304d9c325c6b23dfc75c15ac436b16cabc807bd9
Size

2.7MB
MD5

0622fa4ddac7802def045e83a4ccb8c5
SHA1

2ad1bdf90f3c0cb18e58ce4f3d2097cb4bfb7087
SHA256

59c2e46de1906223af4c6800304d9c325c6b23dfc75c15ac436b16cabc807bd9
SHA512

233bde8b2fd64ffa9e529a90e772f651313c93ed24c78f25870a5d8a215093e12adf03c183dbf938c492faa8274b5c2b6c35676a0cb66b171080ed8af8364706
SSDEEP

49152:KqZQ0QKjXrK7DbGmzOL0hs3/9VwAH8C4gVRSO8qNmK7+r06tbdjM2sYS02VzrO:KqZQCG7nHq0sV5H8C4gVRSNqN17+r/tj

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
59c2e46de1906223af4c6800304d9c325c6b23dfc75c15ac436b16cabc807bd9
unpack001/$PLUGINSDIR/NSIS_Picasa_Unicode.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$SYSDIR/GPhotos.scr
unpack001/$TEMP/PicasaInstaller/srv2k3/cdrom.sys
unpack001/$TEMP/PicasaInstaller/srv2k3/imapi2.dll
unpack001/$TEMP/PicasaInstaller/srv2k3/imapi2fs.dll
unpack001/$TEMP/PicasaInstaller/winxp/cdrom.sys
unpack001/$TEMP/PicasaInstaller/winxp/imapi2.dll
unpack001/$TEMP/PicasaInstaller/winxp/imapi2fs.dll
unpack001/Picasa3.exe

Files

59c2e46de1906223af4c6800304d9c325c6b23dfc75c15ac436b16cabc807bd9
.exe windows:4 windows x86 arch:x86

fa87d05da8cd992552ea846b6a9a1bb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
GetUserDefaultLCID

user32

GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
GetClassInfoW
ScreenToClient
SystemParametersInfoW
RegisterClassW
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CreateWindowExW
CharNextW
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSIS_Picasa_Unicode.dll
.dll windows:4 windows x86 arch:x86

dd4d4b4320a71ab0c16c5077ded3ee8a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

p:\p\agents\hpac4.eem\recipes\662730680\base\googleclient\picasa39-stable\NSIS_Unicode\Plugins\NSIS_Picasa_Unicode.pdb

Imports

sti

StiCreateInstanceW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

lstrcpynW
MultiByteToWideChar
GlobalFree
GetLastError
GetProcAddress
FindFirstFileW
FindClose
LoadLibraryW
RemoveDirectoryW
GetLocaleInfoW
CreateProcessW
MoveFileExW
Sleep
lstrcatW
FindNextFileW
GetVersionExW
CreateDirectoryW
GetFileAttributesW
GetUserDefaultLCID
WaitForSingleObject
CreateFileW
CloseHandle
GetVersion
DeleteFileW
GetCommandLineW
GetModuleHandleW
lstrcpyW
GetPrivateProfileStringW
OpenProcess
GetExitCodeProcess
TerminateProcess
OpenMutexA
GetModuleHandleA
GetCurrentProcessId
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
WideCharToMultiByte
GlobalAlloc
HeapSize
CreateFileA
InitializeCriticalSection
WritePrivateProfileStringW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetConsoleCP
FreeEnvironmentStringsW
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
ExitProcess
WriteFile
GetModuleFileNameA
ReadFile
FreeEnvironmentStringsA
GetEnvironmentStrings
SetStdHandle

user32

MapWindowPoints
GetClassNameA
EnumWindows
GetWindowLongW
FindWindowA
MoveWindow
FindWindowExW
GetWindowRect
CreateWindowExW
MessageBoxW
SendMessageW
wsprintfW
GetDlgItem
SetWindowLongW
GetClientRect
CallWindowProcW
DestroyWindow

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW

ole32

CoCreateInstance

Exports

Exports

TokenizeVersionString
addlink
appopencheck
closelink
distrocheck
fixshortcuts
getlicenselangco
installdircheck
movenextbutton
ntusercheck
resizeokbutton
setie7registry
stiregister
stiseticon
uninstall
upgradedirectory
upgradewindow
versioncheck

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/GPhotos.scr
.exe windows:4 windows x86 arch:x86

8fb60ab5ea73162c8708c2b7e5a510ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

p:\p\agents\hpac4.eem\recipes\662730680\base\googleclient\picasa39-stable\build\GPhotos.pdb

Imports

comctl32

ImageList_Destroy
ImageList_Create
ImageList_Add
InitCommonControlsEx
PropertySheetW
CreatePropertySheetPageW
PropertySheetA
CreatePropertySheetPageA

psapi

GetModuleFileNameExA
GetModuleBaseNameA
EnumProcesses
EnumProcessModules

rasapi32

RasEnumEntriesA

wininet

InternetConnectA
InternetSetStatusCallback
InternetGetConnectedState
InternetQueryOptionA
InternetCloseHandle
InternetGetConnectedStateEx
InternetSetOptionA
HttpSendRequestExA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetErrorDlg
InternetOpenA
InternetReadFile
HttpEndRequestA
HttpOpenRequestA
HttpSendRequestA
InternetGetCookieExA
InternetWriteFile

kernel32

GetACP
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEvent
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
InterlockedCompareExchange
CloseHandle
GetLastError
GetCurrentProcess
CreateEventA
ExpandEnvironmentStringsA
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
LoadResource
SizeofResource
GetModuleFileNameA
FindResourceA
OpenProcess
GetProcAddress
lstrcmpiA
ReadProcessMemory
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
lstrlenW
FreeLibrary
CreateThread
RaiseException
IsDBCSLeadByte
GetCommandLineA
Sleep
GetModuleHandleA
lstrlenA
GetCurrentProcessId
TerminateProcess
ExitProcess
SetThreadAffinityMask
GetCurrentThread
CreateFileA
GetDevicePowerState
GetProcessTimes
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
GetCPInfo
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
HeapCreate
HeapDestroy
GetFileType
GetStartupInfoA
GetVersionExA
UnhandledExceptionFilter
GetSystemPowerStatus
GetTickCount
LoadLibraryA
SetStdHandle
ExitThread
RtlUnwind
HeapReAlloc
VirtualProtect
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetThreadLocale
SearchPathA
GetSystemTimeAsFileTime
Module32Next
Module32First
CreateToolhelp32Snapshot
GetSystemDefaultLCID
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemInfo
FindClose
FlushFileBuffers
SetEndOfFile
SetFilePointer
VirtualAlloc
VirtualFree
ReadFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetDriveTypeA
GetTempPathA
GetTempPathW
LockResource
QueryPerformanceFrequency
CompareFileTime
GetLocaleInfoA
SystemTimeToFileTime
GlobalLock
GlobalAlloc
GlobalUnlock
lstrcmpA
SetLastError
MulDiv
FlushInstructionCache
DisableThreadLibraryCalls
GlobalFree
WriteFile
GetStringTypeA
LocalFree
GetTimeZoneInformation
OutputDebugStringA
FormatMessageA
QueryPerformanceCounter
GetFileSize
LCMapStringW
GetUserDefaultLCID
DebugBreak
FindFirstFileW
LoadLibraryW
FindFirstFileA
CreateDirectoryW
LoadLibraryExW
CreateDirectoryExW
FindFirstFileExW
GetDateFormatA
FindFirstFileExA
SetFileAttributesA
GetTimeFormatA
FindNextFileW
GetFileAttributesExA
FindNextFileA
RemoveDirectoryA
GetShortPathNameW
GetShortPathNameA
CopyFileW
CreateFileW
MoveFileW
SetFileAttributesW
MoveFileExW
GetFileAttributesExW
CopyFileA
CreateProcessA
CreateDirectoryA
GetDateFormatW
MoveFileA
GetTimeFormatW
CreateDirectoryExA
RemoveDirectoryW
MoveFileExA
CopyFileExW
MoveFileWithProgressW
CreateProcessW
GetVersion
CopyFileExA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
MoveFileWithProgressA
CompareStringW
CompareStringA
GetFileAttributesW
GetModuleFileNameW
GetFileAttributesA
DeleteFileW
GetModuleHandleW
DeleteFileA
InterlockedExchange
TerminateThread
SetThreadPriority
GetThreadPriority
WaitForMultipleObjects
SetErrorMode
GetLongPathNameW
GetLongPathNameA
GetSystemDirectoryA
SetCurrentDirectoryA
GetDiskFreeSpaceExA
VirtualQuery
TzSpecificLocalTimeToSystemTime

user32

GetScrollBarInfo
IsWindowEnabled
CreateDialogIndirectParamA
DrawTextW
CharNextA
PostThreadMessageA
GetMessageA
DispatchMessageA
SetParent
EnumChildWindows
ShowWindow
GetKeyState
MoveWindow
PostMessageA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SendMessageA
DestroyWindow
DestroyAcceleratorTable
GetFocus
SetWindowPos
RegisterClassExA
FillRect
SetPropA
RemovePropA
BeginPaint
EndPaint
GetClassNameA
InvalidateRect
GetSysColor
CreateAcceleratorTableA
InvalidateRgn
ClientToScreen
ReleaseCapture
ScreenToClient
GetWindow
SetWindowTextA
IsChild
GetWindowTextLengthA
RedrawWindow
GetClassInfoExA
SetCapture
LoadCursorA
DialogBoxIndirectParamA
GetWindowRect
IsWindowVisible
GetPropA
GetWindowTextLengthW
GetWindowTextW
FlashWindowEx
SetActiveWindow
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
AppendMenuW
MessageBoxW
GetMenuItemInfoA
SetWindowLongW
GetWindowLongW
CallWindowProcW
RegisterClassW
UnregisterClassA
UnregisterClassW
GetClassInfoA
SetMenuItemInfoA
SetClassLongW
SetClassLongA
SetWindowTextW
InsertMenuItemA
DialogBoxParamW
SendMessageW
AppendMenuA
SetDlgItemTextW
DefWindowProcW
MessageBoxA
CreateDialogParamW
CreateWindowExW
CreateDialogParamA
IsIconic
DefWindowProcA
EnumThreadWindows
GetActiveWindow
MessageBeep
TranslateAcceleratorA
MsgWaitForMultipleObjects
GetAsyncKeyState
GetCursor
ShowCursor
IsDialogMessageA
DialogBoxIndirectParamW
FindWindowExA
GetTopWindow
UpdateWindow
AdjustWindowRectEx
GetMenu
GetClassLongA
KillTimer
SetTimer
GetDlgItem
EnableWindow
SetFocus
LoadBitmapA
GetMessagePos
MapWindowPoints
GetSystemMetrics
GetDC
ReleaseDC
FindWindowA
RegisterWindowMessageA
RegisterClassA
CreateWindowExA
TranslateMessage
PeekMessageA
DialogBoxParamA
IsWindow
SetCursor
PostQuitMessage
GetCursorPos
SystemParametersInfoA
GetClientRect
SetDlgItemTextA
CallNextHookEx
SetWindowsHookExA
LoadIconA
UnhookWindowsHookEx
GetUserObjectInformationA
GetThreadDesktop
CheckDlgButton
IsDlgButtonChecked
GetForegroundWindow
AllowSetForegroundWindow
GetParent
GetDesktopWindow
EndDialog
EnumWindows
SetForegroundWindow
GetWindowTextA
GetWindowModuleFileNameA

gdi32

GetTextExtentPoint32A
ExtTextOutA
TextOutA
GetTextExtentPoint32W
SelectObject
GetDeviceCaps
GetObjectA
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
GetTextMetricsA
TextOutW
ExtTextOutW
CreateFontIndirectA
CreatePen
Rectangle
CreateDIBSection
GetICMProfileA
SetBkMode
GetGlyphOutlineW
GetGlyphOutlineA
GetKerningPairsA
GetStockObject
GetClipBox
DeleteObject

advapi32

RegUnLoadKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueA
CryptReleaseContext
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptDecrypt
DeregisterEventSource
ReportEventA
RegisterEventSourceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegLoadKeyA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyExA

ole32

OleUninitialize
OleInitialize
OleLockRunning
CLSIDFromString
CoGetClassObject
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoInitializeEx
CoCreateGuid
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize

oleaut32

SysFreeString
LoadRegTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
VarDateFromStr
VarBstrCat
OleCreateFontIndirect
VariantInit
SysAllocStringLen
SysStringByteLen
VariantClear
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
VarUI4FromStr
SysStringLen

mscms

GetColorDirectoryA

shlwapi

SHDeleteValueA
SHDeleteKeyA

urlmon

FindMimeFromData
CoInternetGetSession

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA

ws2_32

gethostbyname

comdlg32

GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW

shell32

DragQueryFileA
SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHBrowseForFolderA
DragQueryFileW
SHFileOperationW
ShellExecuteExA
SHGetFileInfoW
SHGetFileInfoA
ShellExecuteA
SHGetSpecialFolderPathW
Shell_NotifyIconA
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW
SHGetPathFromIDListW
SHFileOperationA
SHGetMalloc
SHBrowseForFolderW

Exports

Exports

JSON_parser_char
JSON_parser_done
JSON_parser_is_legal_white_space_string
delete_JSON_parser
init_JSON_config
new_JSON_parser

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/spmsg.dll
.dll windows:5 windows x86 arch:x86

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5b:e0:42:c5:97:92:d2:a3:f3:f1:6f:84:2c:9a:ce:81:fb:43:5c:da
Signer

Actual PE Digest

5b:e0:42:c5:97:92:d2:a3:f3:f1:6f:84:2c:9a:ce:81:fb:43:5c:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/spuninst.exe
.exe .vbs windows:5 windows x86 arch:x86 polyglot

7e70b13b1b3b9a3dfbb06b778dced783

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d1:0d:93:d2:b5:86:e2:01:0d:61:a5:a1:f2:66:a4:71:64:23:d5:0f
Signer

Actual PE Digest

d1:0d:93:d2:b5:86:e2:01:0d:61:a5:a1:f2:66:a4:71:64:23:d5:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

spuninst.pdb

Imports

comctl32

CreatePropertySheetPageW
PropertySheetW

user32

GetWindow
EnumWindowStationsA
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
GetWindowThreadProcessId
wvsprintfW
EnableWindow
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
MessageBoxW
FindWindowExA
CloseDesktop
EnumWindows
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
CloseWindowStation
LoadIconA
MessageBoxA
SetDlgItemTextA
DialogBoxParamA
SetWindowTextA
DialogBoxParamW
KillTimer
CheckDlgButton
SetTimer
IsDlgButtonChecked
SetDlgItemTextW
DestroyWindow
EnumDesktopsA
SendDlgItemMessageA
ShowWindow
SendMessageA
GetDlgItem
LoadStringW
LoadStringA
EndDialog
SetForegroundWindow
SendMessageW
PostMessageA
SetWindowTextW
SetWindowLongA
GetWindowLongA
GetWindowTextA
GetParent

ntdll

RtlUnwind
strrchr
_strcmpi
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlUnicodeStringToAnsiString
strncat
_itoa
_chkstk
wcslen
wcscpy
_snwprintf
strtoul
_stricmp
_snprintf
strncpy
strchr
sprintf
_strnicmp
strstr
_vsnprintf
NtQueryVirtualMemory

ole32

CoUninitialize
CoInitialize

updspapi

UpdSpGetLineByIndexA
UpdSpGetFieldCount
UpdSpGetLineCountA
UpdSpSetDynamicStringA
UpdSpGetTargetPathA
UpdSpCopyErrorA
UpdSpPromptForDiskA
UpdSpSetDirectoryIdA
UpdSpGetSourceInfoA
UpdSpOpenFileQueue
UpdSpInstallFilesFromInfSectionA
UpdSpInitDefaultQueueCallbackEx
UpdSpScanFileQueueA
UpdSpDefaultQueueCallbackW
UpdSpDefaultQueueCallbackA
UpdSpInstallFromInfSectionA
UpdSpOpenAppendInfFileA
UpdSpDecompressOrCopyFileA
UpdSpGetLineTextW
UpdSpGetIntField
UpdSpCloseInfFile
UpdSpGetBinaryField
UpdSpGetLineTextA
UpdSpGetTargetPathW
UpdSpGetStringFieldW
UpdSpOpenInfFileA
UpdSpFindFirstLineA
UpdSpGetStringFieldA
UpdSpFindNextLine
UpdSpGetMultiSzFieldW
UpdSpFindFirstLineW
UpdSpCommitFileQueueA
UpdSpFindNextMatchLineW

msvcrt

wcscmp
toupper
strspn
atol
strpbrk
_close
_read
_open
mbstowcs
getenv
_ultoa
_wtoi64
_wcsicmp
swprintf
wcstoul
exit
_itow
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
calloc
isdigit
memmove
strcspn
malloc
free
_mbslwr
_strdup
strtok
_vsnwprintf
_lseek

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
OpenServiceW
EnumServicesStatusExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyA
InitiateSystemShutdownA
AbortSystemShutdownA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
GetFileSecurityA
LockServiceDatabase
QueryServiceConfigA
ChangeServiceConfigA
UnlockServiceDatabase
GetNamedSecurityInfoA
SetNamedSecurityInfoA
FreeSid
AdjustTokenPrivileges
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
RegQueryValueExW
EnumDependentServicesA
OpenSCManagerA
StartServiceA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetServiceDisplayNameA
ControlService
SetFileSecurityA
RegCreateKeyExA
RegRestoreKeyA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA

kernel32

DelayLoadFailureHook
DeleteFileA
GetStartupInfoA
CreateProcessW
DeleteFileW
MapViewOfFile
DuplicateHandle
GetSystemDefaultLangID
GetModuleFileNameW
ReleaseMutex
CopyFileW
GetWindowsDirectoryW
GetTempFileNameW
lstrlenW
VirtualFree
GetVersionExW
ExpandEnvironmentStringsW
SearchPathW
lstrcpyW
lstrcpynW
GetDriveTypeW
GetLocalTime
OpenEventA
GetTempFileNameA
CreateFileW
SetEndOfFile
InterlockedIncrement
OpenProcess
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
CreateEventA
CreateEventW
lstrcmpiA
QueryDosDeviceA
DefineDosDeviceA
lstrcmpA
LoadLibraryW
lstrcmpiW
FormatMessageW
GetFileSize
LocalFree
LocalAlloc
CreateFileMappingA
MapViewOfFileEx
FindResourceA
LoadResource
UnmapViewOfFile
ReadFile
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
FindClose
DeviceIoControl
GetSystemDirectoryA
GetDiskFreeSpaceA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
FreeLibrary
GetVersionExA
GetSystemInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentVariableA
CreateMutexA
SetUnhandledExceptionFilter
FormatMessageA
lstrcpynA
lstrcpyA
SetEvent
WaitForSingleObject
GetModuleHandleA
CreateThread
GetCurrentProcess
GetWindowsDirectoryA
SetCurrentDirectoryA
LoadLibraryA
Sleep
VirtualAlloc
WideCharToMultiByte
CopyFileA
SetFileAttributesA
MultiByteToWideChar
GetProcAddress
SetFilePointer
CreateFileA
WriteFile
CloseHandle
RemoveDirectoryA
MoveFileExA
lstrlenA
GetFullPathNameA
ExitProcess
SetLastError
GetModuleFileNameA
SetEnvironmentVariableA
GetFileAttributesA
MoveFileA
GetLastError

gdi32

GetObjectA
CreateFontIndirectA

shell32

SHGetSpecialFolderPathA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

psapi

GetModuleFileNameExA

userenv

ord119
ord138
ord121

rpcrt4

UuidFromStringA

imagehlp

EnumerateLoadedModules64

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/spupdsvc.exe
.exe windows:5 windows x86 arch:x86

e206a5499fa29af0ec1b23f008ea51f7

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e9:d7:8b:f7:b4:65:35:bd:af:ca:1a:dd:5d:d7:41:53:99:a5:5e:8f
Signer

Actual PE Digest

e9:d7:8b:f7:b4:65:35:bd:af:ca:1a:dd:5d:d7:41:53:99:a5:5e:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

spupdsvc.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyW
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
DeleteService
OpenServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW

ntdll

RtlUnwind
_wcsicmp
_snwprintf
wcsncpy
wcschr
wcscpy
wcsrchr
NtQuerySystemInformation
sprintf
_vsnprintf
NtQueryVirtualMemory

setupapi

SetupCloseInfFile
SetupGetLineTextW
SetupFindFirstLineW
SetupOpenInfFileW
SetupFindNextLine

msvcrt

_initterm
__wgetmainargs
exit
_controlfp
_XcptFilter
_exit
_c_exit
free
malloc
wprintf
printf
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_cexit
__setusermatherr
__winitenv

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
DeleteFileW
GetVersionExW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetFileAttributesW
GetModuleFileNameW
FlushFileBuffers
GetWindowsDirectoryA
SetFileAttributesA
DeleteFileA
CreateFileA
SetFilePointer
GetLocalTime
GetLastError
GetTickCount
WriteFile
SetLastError

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/srv2k3/cdrom.sys
.sys windows:5 windows x86 arch:x86

6cc5dc1a1393363f8ddd770ed1c89928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cdrom.pdb

Imports

ntoskrnl.exe

IoSetHardErrorOrVerifyDevice
_allshr
MmLockPagableDataSection
KeDelayExecutionThread
_allmul
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlGetVersion
KeInitializeSpinLock
MmUnlockPagableImageSection
RtlFreeUnicodeString
IoSetStartIoAttributes
strchr
memmove
_allshl
IoFreeWorkItem
IoReportTargetDeviceChangeAsynchronous
KeReleaseMutex
_aullshr
KeTickCount
ZwCreateKey
KeBugCheckEx
IoGetAttachedDeviceReference
ObfDereferenceObject
IoGetDriverObjectExtension
sprintf
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeMutex
KeSetEvent
KeClearEvent
IoReuseIrp
KeInitializeEvent
IofCompleteRequest
KeEnterCriticalRegion
KeWaitForSingleObject
KeLeaveCriticalRegion
IoStartPacket
IoAllocateWorkItem
IoQueueWorkItem
RtlWriteRegistryValue
IoOpenDeviceRegistryKey
RtlQueryRegistryValues
ZwClose
RtlInitUnicodeString
swprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoAllocateIrp
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
IoFreeIrp
ExAllocatePoolWithTag
IoBuildAsynchronousFsdRequest
ExFreePoolWithTag
IofCallDriver
IoGetConfigurationInformation
IoWMIRegistrationControl
WmiQueryTraceInformation
WmiTraceMessage
IoAllocateDriverObjectExtension
IoStartNextPacket

hal

KfRaiseIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel
KfLowerIrql

classpnp.sys

ClassGetVpb
ClassDisableMediaChangeDetection
ClassFindModePage
ClassSpinDownPowerHandler
ClassInitialize
ClassDeleteSrbLookasideList
ClassGetDriverExtension
ClassInitializeSrbLookasideList
ClassQueryTimeOutRegistryValue
ClassReadDriveCapacity
ClassInitializeMediaChangeDetection
ClassGetDeviceParameter
ClassSetDeviceParameter
ClassResetMediaChangeTimer
ClassScanForSpecial
ClassReleaseQueue
ClassBuildRequest
ClassSplitRequest
ClassClaimDevice
ClassCreateDeviceObject
ClassUpdateInformationInRegistry
ClassInterpretSenseInfo
ClassEnableMediaChangeDetection
ClassIoComplete
ClassSendSrbAsynchronous
ClassSendSrbSynchronous
ClassSendDeviceIoControlSynchronous
ClassAsynchronousCompletion
ClassSendStartUnit
ClassAcquireRemoveLockEx
ClassReleaseRemoveLock
ClassCompleteRequest
ClassDeviceControl

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEHIT2
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEHITA
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGETOSH
Size: 1024B - Virtual size: 534B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/srv2k3/imapi2.dll
.dll regsvr32 windows:6 windows x86 arch:x86

26c8e31b611b022d57aa8726567f3671

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imapi2.pdb

Imports

msvcrt

free
wcsncmp
_wcsnicmp
wcstol
iswdigit
malloc
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memset
??3@YAXPAX@Z
_onexit
_lock
__dllonexit
_unlock
realloc
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_wcslwr
_errno
memmove
_resetstkoflw
calloc
memcpy
??2@YAPAXI@Z

ntdll

RtlUnwind

user32

CharNextW
PostQuitMessage
GetWindowLongW
PostMessageW
DefWindowProcW
UnregisterDeviceNotification
DestroyWindow
UnregisterClassW
MsgWaitForMultipleObjects
RegisterClassExW
CreateWindowExW
SetWindowLongW
RegisterDeviceNotificationW

advapi32

UnregisterTraceGuids
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
StringFromGUID2

oleaut32

SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VariantClear
SysAllocStringByteLen
SafeArrayCreateVector
SysAllocStringLen
SafeArrayDestroy
SysAllocString
DispCallFunc
VariantInit
LoadTypeLi
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysFreeString
VarUI4FromStr
SysStringLen
LoadRegTypeLi

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

rpcrt4

NdrStubCall2
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported

kernel32

InterlockedExchange
GetVersionExA
GetThreadLocale
SetThreadLocale
WaitForSingleObject
InterlockedExchangeAdd
ResetEvent
CreateThread
ResumeThread
GetExitCodeThread
SetEvent
GetVolumeNameForVolumeMountPointW
CreateEventW
DeviceIoControl
GetOverlappedResult
GetVolumePathNamesForVolumeNameW
SetErrorMode
InterlockedCompareExchange
VirtualAlloc
GetNativeSystemInfo
VirtualFree
CloseHandle
InitializeCriticalSectionAndSpinCount
SetLastError
GetTickCount
Sleep
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
LocalAlloc
GetSystemTimeAsFileTime
LocalFree
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
OutputDebugStringA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 477B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/srv2k3/imapi2fs.dll
.dll regsvr32 windows:6 windows x86 arch:x86

3042d7185f81dda08a65ad7485a4a0ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imapi2fs.pdb

Imports

msvcrt

_vscwprintf
srand
_wstat
_localtime64
_gmtime64
_time64
__RTDynamicCast
rand
?name@type_info@@QBEPBDXZ
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
_onexit
__RTtypeid
__dllonexit
_unlock
realloc
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
_XcptFilter
??0exception@@QAE@ABV0@@Z
_resetstkoflw
calloc
wcsstr
wcsncmp
wcsrchr
qsort
mbtowc
wcschr
_wgetenv
swscanf
iswspace
_wcsicmp
memmove
_vsnprintf
_vsnwprintf
_errno
__CxxFrameHandler
memset
_CxxThrowException
_wtoi
_wremove
ceil
_wcsupr
_lock
memcpy
free
_amsg_exit

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlOemToUnicodeN
RtlMultiByteToUnicodeN
RtlUnicodeToOemN
RtlUnicodeToMultiByteN
NtDeviceIoControlFile
NtClose
NtReadFile
NtWriteFile
NtOpenFile
RtlInitUnicodeString
NtQueryInformationFile
RtlFreeUnicodeString
NtSetInformationFile
RtlDeleteElementGenericTable
RtlFindSetBits
RtlClearBits
RtlInitializeBitMap
RtlLookupElementGenericTable
RtlNumberOfSetBits
RtlEnumerateGenericTableWithoutSplaying
RtlSetBits
RtlInsertElementGenericTable
RtlInitializeGenericTable
RtlPrefixUnicodeString
DbgPrint
RtlQueryRegistryValues
RtlUnwind

user32

wsprintfW
UnregisterClassW
CharNextW

advapi32

RegQueryValueExW
RegEnumKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

CreateErrorInfo
SafeArrayUnlock
SafeArrayCreateVector
SafeArrayLock
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
VariantInit
VariantClear
SetErrorInfo
SysAllocStringLen
GetErrorInfo

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
OutputDebugStringA
InterlockedExchange
GetVersionExA
CreateEventA
GetOverlappedResult
GetTempPathW
GlobalFree
GetDriveTypeW
LocalAlloc
LocalFree
Sleep
HeapSize
GetModuleHandleExW
FormatMessageW
FindNextFileW
FindClose
SetLastError
GetFullPathNameW
GetSystemTime
SetUnhandledExceptionFilter
FileTimeToSystemTime
ReadFile
CreateFileW
CloseHandle
WriteFile
DeviceIoControl
WideCharToMultiByte
GetConsoleCP
InterlockedCompareExchange
FindFirstFileW
SetErrorMode
SleepEx
GetThreadLocale
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LockResource
FindResourceExW
GetDiskFreeSpaceExW
GetFileAttributesExW
SetFilePointer
SetEndOfFile
GetFileSize
GlobalAlloc
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SetThreadLocale
RaiseException
lstrlenW

rpcrt4

CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrClientCall2
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_QueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

shlwapi

SHCreateStreamOnFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 562KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/update/kb952011.cat
$TEMP/PicasaInstaller/update/spcustom.dll
.dll windows:5 windows x86 arch:x86

97061b17fbea6e074ad332f811a6f9c7

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b3:72:b8:94:fa:0c:6c:d6:43:3a:ad:01:54:17:da:b0:78:1b:f2:95
Signer

Actual PE Digest

b3:72:b8:94:fa:0c:6c:d6:43:3a:ad:01:54:17:da:b0:78:1b:f2:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

spcustom.pdb

Imports

msvcrt

_adjust_fdiv
_initterm
_stricmp
sprintf
_strlwr
_strnicmp
strstr
strchr
memmove
atoi
strrchr
_except_handler3
malloc
free

kernel32

TerminateProcess
GetCurrentProcess
GetVersionExA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnmapViewOfFile
CloseHandle
LoadResource
SetLastError
GetLastError
FindResourceA
MapViewOfFileEx
CreateFileMappingA
CreateFileA
GetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
FreeLibrary
lstrcpyA
GetProcAddress
LoadLibraryA
GetCurrentProcessId
GetSystemInfo
GetCommandLineA
Sleep
lstrlenA
ExpandEnvironmentStringsA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
UnhandledExceptionFilter

advapi32

OpenSCManagerA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
ControlService
RegCloseKey
OpenServiceA
CloseServiceHandle
StartServiceA
QueryServiceStatus

winspool.drv

GetPrinterDriverDirectoryA
GetPrintProcessorDirectoryA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

ArchivingComplete
BeginInstallation
BlockMSNCopy
ConfirmInstallation
CopyingComplete
EndInstallation
FailedInstallation
GetClusterPathName
GetFPNWPathName
GetHTRPathName
GetJVMStage
GetMSI20Stage
GetMtsPathName
GetOsProductType
GetPBAPath
GetPrintProcessorPath
GetPrinterDriverPath
GetRISAdminPathName
GetRISPathName
GetSmsPathName
GetSupportToolsPathName
IsMediaCenterPC
IsStartEdition
IsTabletPC
IsWMUpgradeable
OnACPower
SuccessInstallation
WindowsFirewallIsOpmodeOff

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 938B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/update/update.exe
.exe .vbs windows:5 windows x86 arch:x86 polyglot

6c65741b84ef10d29b294ed68e8a07f6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3f:cb:4c:3c:c4:0c:f2:69:46:65:03:a8:ba:e9:c7:20:67:de:80:0a
Signer

Actual PE Digest

3f:cb:4c:3c:c4:0c:f2:69:46:65:03:a8:ba:e9:c7:20:67:de:80:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

D:\binaries.x86fre\SCP_WPA\update.PDB

Imports

advapi32

QueryServiceConfigA
UnlockServiceDatabase
GetNamedSecurityInfoA
SetNamedSecurityInfoA
GetTokenInformation
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
RegLoadKeyA
RegUnLoadKeyA
AdjustTokenPrivileges
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
GetLengthSid
CopySid
GetAclInformation
SetFileSecurityW
AddAce
RegQueryInfoKeyA
RegSaveKeyA
RegFlushKey
EnumDependentServicesA
InitializeAcl
AddAccessAllowedAce
SetFileSecurityA
QueryServiceStatus
GetServiceDisplayNameA
RegOpenKeyA
RegDeleteValueA
OpenSCManagerA
OpenServiceA
StartServiceA
ControlService
CloseServiceHandle
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegSetKeySecurity
FreeSid
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LockServiceDatabase
GetFileSecurityA
RegOpenKeyExW
AbortSystemShutdownA
InitiateSystemShutdownA
OpenServiceW
EnumServicesStatusExA
ChangeServiceConfigA

comctl32

PropertySheetW
CreatePropertySheetPageW

crypt32

CertCreateCertificateContext
CertOpenStore
CryptEncodeObject
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CertCloseStore
CertFreeCertificateContext

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateCompatibleDC
GetDIBits
SelectObject
StretchBlt
BitBlt

imagehlp

EnumerateLoadedModules64

kernel32

GetCompressedFileSizeA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetCurrentProcess
GetTempPathA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
FreeResource
lstrlenA
GetSystemInfo
SetEnvironmentVariableA
SetUnhandledExceptionFilter
ExitProcess
GetFullPathNameA
GetVolumeInformationA
lstrcmpA
GetWindowsDirectoryW
GetVolumeInformationW
SetErrorMode
GetCommandLineA
GetCommandLineW
CreateMutexA
WaitForSingleObject
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
FileTimeToDosDateTime
GetModuleHandleA
FormatMessageW
ReadFile
GetTickCount
CreateEventA
CreateThread
SetThreadPriority
WaitForMultipleObjects
SetEvent
RemoveDirectoryA
EnterCriticalSection
GetExitCodeProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessA
MapViewOfFileEx
FreeLibrary
DeviceIoControl
GetFileAttributesExA
VirtualFree
WritePrivateProfileStringA
SetCurrentDirectoryA
GetModuleFileNameA
VirtualAlloc
FindNextFileW
GetEnvironmentVariableA
InitializeCriticalSection
Sleep
GetThreadLocale
lstrcmpiW
FindFirstFileW
GetLocaleInfoA
GetPrivateProfileStringA
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
GetStartupInfoA
GetFileTime
FlushFileBuffers
GetProcessHeap
GetComputerNameA
SetFilePointer
WriteFile
HeapFree
InterlockedCompareExchange
GetSystemDirectoryA
GetTempFileNameA
CopyFileA
OpenProcess
MoveFileExA
SetFileAttributesA
GetVersionExA
LocalAlloc
LocalFree
SetLastError
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetDriveTypeA
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
lstrcmpiA
FormatMessageA
GetFileAttributesA
CreateDirectoryA
GetSystemDirectoryW
LoadLibraryA
GetProcAddress
GetLastError
GetWindowsDirectoryA
DeleteFileA
lstrcpynA
DefineDosDeviceA
QueryDosDeviceA
CreateEventW
WriteProcessMemory
VirtualAllocEx
CreateRemoteThread
InterlockedIncrement
GetFullPathNameW
GetFileSizeEx
OpenEventA
GetLocalTime
lstrlenW
GetDriveTypeW
lstrcpynW
lstrcpyW
SearchPathW
ExpandEnvironmentStringsW
GetVersionExW
GetTempFileNameW
CopyFileW
ReleaseMutex
GetModuleFileNameW
GetSystemDefaultLangID
DuplicateHandle
CreateProcessW
OpenFileMappingA
RaiseException
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
HeapDestroy
HeapCreate
ReleaseSemaphore
SetEndOfFile
InterlockedDecrement
GetCurrentThread
GetExitCodeThread
CreateSemaphoreA
MoveFileA
HeapAlloc
DeleteFileW
CreateFileW
FlushViewOfFile
QueryPerformanceCounter
DelayLoadFailureHook
LeaveCriticalSection
FindClose
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemTime
VirtualProtect
InitializeCriticalSectionAndSpinCount
GetVersion
TlsFree

mpr

WNetGetUniversalNameA
WNetGetUserA

msvcrt

_itoa
strncpy
_except_handler3
strchr
_stricmp
sprintf
strrchr
mbstowcs
malloc
free
_vsnprintf
memmove
vsprintf
strncat
_wcsdup
_errno
_open
_read
_snprintf
_write
_close
_lseek
remove
_tempnam
wcscat
_vsnwprintf
ctime
_wcsicmp
_strnicmp
wcsstr
_snwprintf
_local_unwind2
_memicmp
atoi
realloc
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memchr
_strcmpi
wcscpy
_mbslwr
strstr
swprintf
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_ltoa
wcschr
fprintf
wcstoul
wcslen
_strdup
calloc
getenv
strtoul
strncmp
_mbsupr
rename
strcspn
isdigit
wcsrchr
wcscmp
wcsncat
wcsncpy
toupper
strspn
atol
strpbrk
isspace
_ultoa
_wtoi64
_wcslwr
strtok
_itow
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
__CxxFrameHandler
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
fclose
??2@YAPAXI@Z
fopen

ntdll

RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlRaiseStatus
RtlFreeHeap
RtlAllocateHeap
NtYieldExecution
NtSetSystemInformation
NtCreateSection
NtOpenFile
NtOpenSection
NtOpenDirectoryObject
RtlCompareUnicodeString
NtCreateFile
RtlDosPathNameToNtPathName_U
LdrUnloadDll
NtFreeVirtualMemory
NtQueryInformationThread
NtWaitForSingleObject
RtlCreateUserThread
NtWriteVirtualMemory
NtAllocateVirtualMemory
NtOpenProcess
LdrGetProcedureAddress
LdrLoadDll
RtlDestroyHeap
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlGetAce
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
RtlCreateHeap
DbgPrint
RtlFreeUnicodeString
NtQuerySystemTime
RtlTimeToTimeFields

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString

psapi

GetModuleFileNameExA

rpcrt4

UuidFromStringA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA
SHBrowseForFolderA

updspapi

UpdSpSetDynamicStringA
UpdSpCopyErrorA
UpdSpPromptForDiskA
UpdSpInitDefaultQueueCallbackEx
UpdSpIterateCabinetA
UpdSpGetLineCountW
UpdSpGetLineByIndexW
UpdSpGetStringFieldW
UpdSpCommitFileQueueA
UpdSpOpenFileQueue
UpdSpGetSourceInfoA
UpdSpGetSourceFileLocationA
UpdSpCloseFileQueue
UpdSpDefaultQueueCallbackW
UpdSpDefaultQueueCallbackA
UpdSpDecompressOrCopyFileA
UpdSpGetTargetPathW
UpdSpInstallFromInfSectionA
UpdSpQueueCopyA
UpdSpGetIntField
UpdSpGetBinaryField
UpdSpScanFileQueueA
UpdSpGetLineTextW
UpdSpOpenInfFileA
UpdSpCloseInfFile
UpdSpSetDirectoryIdA
UpdSpInstallFilesFromInfSectionA
UpdSpGetLineCountA
UpdSpGetLineByIndexA
UpdSpGetStringFieldA
UpdSpFindFirstLineA
UpdSpGetLineTextA
UpdSpGetFieldCount
UpdSpFindNextLine
UpdSpGetMultiSzFieldW
UpdSpFindFirstLineW
UpdSpFindNextMatchLineW
UpdSpGetTargetPathA

user32

ShowWindow
wvsprintfW
EnumWindowStationsA
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
EnumDesktopsA
CloseWindowStation
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
EnumWindows
CloseDesktop
GetClientRect
FindWindowExA
GetWindowThreadProcessId
GetWindow
RegisterClassA
CreateWindowExA
DefWindowProcA
MessageBoxW
GetSystemMetrics
LoadStringA
LoadStringW
MessageBoxA
PostQuitMessage
DestroyWindow
SendMessageA
SetDlgItemTextA
SystemParametersInfoA
EnableWindow
GetDlgItem
DispatchMessageA
TranslateMessage
GetMessageA
PostThreadMessageA
SetWindowTextW
RedrawWindow
SetWindowLongA
GetWindowLongA
GetWindowTextA
PostMessageA
EnumChildWindows
SetDlgItemTextW
LoadBitmapA
IsDlgButtonChecked
SetTimer
CheckDlgButton
KillTimer
ReleaseDC
GetDC
SetForegroundWindow
SetWindowTextA
EndDialog
DialogBoxParamA
GetDesktopWindow
SetFocus

userenv

ord138
ord121
ord119

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA

winspool.drv

GetPrinterDriverDirectoryA

Sections

.text
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/update/update.ver
$TEMP/PicasaInstaller/update/update_srv2k3.inf
$TEMP/PicasaInstaller/update/update_xp.inf
$TEMP/PicasaInstaller/update/updatebr.inf
$TEMP/PicasaInstaller/update/updspapi.dll
.dll windows:5 windows x86 arch:x86

48d33c128589c5c1581b1025133d0e4a

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

78:c3:2a:66:88:74:4e:47:d7:c1:e0:31:6a:e4:04:c8:d3:c1:97:4b
Signer

Actual PE Digest

78:c3:2a:66:88:74:4e:47:d7:c1:e0:31:6a:e4:04:c8:d3:c1:97:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

updspapi.pdb

Imports

msvcrt

swprintf
_wcsicmp
wcsrchr
_wcsnicmp
towupper
_endthread
_beginthread
wcstoul
memmove
wcscat
wcschr
wcscpy
_strnicmp
iswctype
_vsnwprintf
strrchr
wcscmp
wcslen
_abnormal_termination
free
_initterm
_adjust_fdiv
malloc
wcsncmp
_except_handler3

ntdll

NtQueryInformationProcess

advapi32

RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
SetFileSecurityW
GetFileSecurityW
IsTextUnicode
RegSetValueExW

gdi32

GetTextExtentExPointW
SelectObject

kernel32

HeapAlloc
CompareStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapReAlloc
FreeLibrary
GetProcAddress
GetSystemDirectoryA
LoadLibraryA
FindClose
ResetEvent
GetDriveTypeW
HeapFree
GetProcessHeap
CreateMutexW
InterlockedCompareExchange
OutputDebugStringW
GetModuleHandleW
FindFirstFileW
SetErrorMode
CreateDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
SetLastError
GetLastError
Sleep
FlushFileBuffers
SetEndOfFile
CloseHandle
UnmapViewOfFile
LocalFree
WriteFile
FormatMessageW
GetVersionExW
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
SetFilePointer
lstrlenA
GetCurrentProcessId
GetLocalTime
lstrlenW
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetFileAttributesW
InitializeCriticalSection
lstrcatW
lstrcpyW
DeleteFileW
SetFileAttributesW
GetTempFileNameW
lstrcpynW
lstrcmpiW
GetFileTime
SetFileTime
CopyFileW
MoveFileW
CreateFileA
ReadFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
RaiseException
TlsSetValue
LocalAlloc
TlsGetValue
GetModuleFileNameW
GetSystemDirectoryW
TlsAlloc
TlsFree
WaitForMultipleObjects
ReleaseMutex
GetLocaleInfoW
SetEvent
DuplicateHandle
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
CreateEventW
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
MoveFileExW
GetShortPathNameW
GetFullPathNameW
lstrcpyA
LoadLibraryW
lstrcmpiA
ExpandEnvironmentStringsW
GetStringTypeExW
GetThreadLocale
lstrcpynA
lstrcmpW
DeviceIoControl

mpr

WNetCancelConnection2W
WNetGetResourceInformationW
WNetAddConnection3W

ole32

OleUninitialize
OleInitialize

shell32

SHGetSpecialFolderPathW

user32

wvsprintfW
ClientToScreen
GetClientRect
GetSystemMetrics
MoveWindow
CharNextW
CharLowerW
CharPrevA
DialogBoxParamW
GetWindowTextLengthW
UpdateWindow
RemovePropW
LoadIconW
SendDlgItemMessageW
GetParent
EnableWindow
GetWindowLongW
MessageBeep
CharUpperW
GetDC
GetWindowRect
ReleaseDC
IsWindow
wsprintfW
CharPrevW
GetUserObjectInformationW
GetProcessWindowStation
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
SendMessageW
SetWindowTextW
ShowWindow
GetDlgItem
SetDlgItemTextW
GetWindowTextW
GetKeyboardType
PostMessageW
EndDialog
LoadStringW
GetDlgItemTextW
SetPropW
GetPropW
SetForegroundWindow
GetWindow
SetFocus
DestroyWindow
SetWindowLongW
RegisterWindowMessageW
SystemParametersInfoW
MessageBoxW

winspool.drv

GetPrintProcessorDirectoryW
GetPrinterDriverDirectoryW

Exports

Exports

UpdSpCloseFileQueue
UpdSpCloseInfFile
UpdSpCommitFileQueueA
UpdSpCommitFileQueueW
UpdSpCopyErrorA
UpdSpCopyErrorW
UpdSpDecompressOrCopyFileA
UpdSpDecompressOrCopyFileW
UpdSpDefaultQueueCallbackA
UpdSpDefaultQueueCallbackW
UpdSpDeleteErrorA
UpdSpDeleteErrorW
UpdSpEnumInfSectionsA
UpdSpEnumInfSectionsW
UpdSpFindFirstLineA
UpdSpFindFirstLineW
UpdSpFindNextLine
UpdSpFindNextMatchLineA
UpdSpFindNextMatchLineW
UpdSpGetBinaryField
UpdSpGetFieldCount
UpdSpGetIntField
UpdSpGetLineByIndexA
UpdSpGetLineByIndexW
UpdSpGetLineCountA
UpdSpGetLineCountW
UpdSpGetLineTextA
UpdSpGetLineTextW
UpdSpGetMultiSzFieldA
UpdSpGetMultiSzFieldW
UpdSpGetSourceFileLocationA
UpdSpGetSourceFileLocationW
UpdSpGetSourceInfoA
UpdSpGetSourceInfoW
UpdSpGetStringFieldA
UpdSpGetStringFieldW
UpdSpGetTargetPathA
UpdSpGetTargetPathW
UpdSpInitDefaultQueueCallback
UpdSpInitDefaultQueueCallbackEx
UpdSpInstallFilesFromInfSectionA
UpdSpInstallFilesFromInfSectionW
UpdSpInstallFromInfSectionA
UpdSpInstallFromInfSectionW
UpdSpIterateCabinetA
UpdSpIterateCabinetW
UpdSpOpenAppendInfFileA
UpdSpOpenAppendInfFileW
UpdSpOpenFileQueue
UpdSpOpenInfFileA
UpdSpOpenInfFileW
UpdSpPromptForDiskA
UpdSpPromptForDiskW
UpdSpQueueCopyA
UpdSpQueueCopySectionA
UpdSpQueueCopySectionW
UpdSpQueueCopyW
UpdSpQueueDeleteA
UpdSpQueueDeleteSectionA
UpdSpQueueDeleteSectionW
UpdSpQueueDeleteW
UpdSpScanFileQueueA
UpdSpScanFileQueueW
UpdSpSetDirectoryIdA
UpdSpSetDirectoryIdW
UpdSpSetDynamicStringA
UpdSpSetDynamicStringExA
UpdSpSetDynamicStringExW
UpdSpSetDynamicStringW
UpdSpTermDefaultQueueCallback

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/winxp/cdrom.sys
.sys windows:5 windows x86 arch:x86

f509526c57659135a7b9400d79e03340

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cdrom.pdb

Imports

ntoskrnl.exe

IoSetHardErrorOrVerifyDevice
_allshr
MmLockPagableDataSection
KeDelayExecutionThread
_allmul
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlGetVersion
KeInitializeSpinLock
MmUnlockPagableImageSection
RtlFreeUnicodeString
IoSetStartIoAttributes
strchr
memmove
_allshl
IoFreeWorkItem
IoReportTargetDeviceChangeAsynchronous
KeReleaseMutex
_aullshr
KeTickCount
ZwCreateKey
KeBugCheckEx
IoGetAttachedDeviceReference
ObfDereferenceObject
IoGetDriverObjectExtension
sprintf
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeMutex
KeSetEvent
KeClearEvent
IoReuseIrp
KeInitializeEvent
IofCompleteRequest
KeEnterCriticalRegion
KeWaitForSingleObject
KeLeaveCriticalRegion
IoStartPacket
IoAllocateWorkItem
IoQueueWorkItem
RtlWriteRegistryValue
IoOpenDeviceRegistryKey
RtlQueryRegistryValues
ZwClose
swprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoAllocateIrp
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
IoFreeIrp
ExAllocatePoolWithTag
IoBuildAsynchronousFsdRequest
ExFreePoolWithTag
IofCallDriver
IoGetConfigurationInformation
IoWMIRegistrationControl
RtlInitUnicodeString
WmiQueryTraceInformation
WmiTraceMessage
IoAllocateDriverObjectExtension
IoStartNextPacket

hal

KfRaiseIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel
KfLowerIrql

classpnp.sys

ClassGetVpb
ClassDisableMediaChangeDetection
ClassFindModePage
ClassSpinDownPowerHandler
ClassInitialize
ClassDeleteSrbLookasideList
ClassGetDriverExtension
ClassInitializeSrbLookasideList
ClassQueryTimeOutRegistryValue
ClassReadDriveCapacity
ClassInitializeMediaChangeDetection
ClassGetDeviceParameter
ClassSetDeviceParameter
ClassResetMediaChangeTimer
ClassScanForSpecial
ClassReleaseQueue
ClassBuildRequest
ClassSplitRequest
ClassClaimDevice
ClassCreateDeviceObject
ClassUpdateInformationInRegistry
ClassInterpretSenseInfo
ClassEnableMediaChangeDetection
ClassIoComplete
ClassSendSrbAsynchronous
ClassSendSrbSynchronous
ClassSendDeviceIoControlSynchronous
ClassAsynchronousCompletion
ClassSendStartUnit
ClassAcquireRemoveLockEx
ClassReleaseRemoveLock
ClassCompleteRequest
ClassDeviceControl

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEHIT2
Size: 128B - Virtual size: 101B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEHITA
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGETOSH
Size: 640B - Virtual size: 534B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 384B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/winxp/imapi2.dll
.dll regsvr32 windows:6 windows x86 arch:x86

fdf50ba05f0e81e8a26e5b6d120a441a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imapi2.pdb

Imports

msvcrt

free
wcsncmp
_wcsnicmp
wcstol
iswdigit
malloc
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memset
??3@YAXPAX@Z
_onexit
_lock
__dllonexit
_unlock
realloc
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_wcslwr
_errno
memmove
_resetstkoflw
calloc
memcpy
??2@YAPAXI@Z

ntdll

RtlUnwind

user32

MsgWaitForMultipleObjects
CharNextW
PostQuitMessage
GetWindowLongW
PostMessageW
DefWindowProcW
UnregisterDeviceNotification
DestroyWindow
UnregisterClassW
RegisterClassExW
CreateWindowExW
SetWindowLongW
RegisterDeviceNotificationW

advapi32

UnregisterTraceGuids
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
TraceMessage
RegEnumKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
RegSetValueExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
StringFromGUID2

oleaut32

SysAllocStringLen
SafeArrayCreateVector
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VariantInit
SafeArrayDestroy
SysAllocString
DispCallFunc
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysFreeString
VarUI4FromStr

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

rpcrt4

CStdStubBuffer_AddRef
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
CStdStubBuffer_QueryInterface
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface

kernel32

InterlockedExchange
GetVersionExA
GetThreadLocale
SetThreadLocale
WaitForSingleObject
InterlockedExchangeAdd
ResetEvent
CreateThread
ResumeThread
GetExitCodeThread
SetEvent
GetVolumeNameForVolumeMountPointW
CreateEventW
DeviceIoControl
GetOverlappedResult
GetVolumePathNamesForVolumeNameW
SetErrorMode
InterlockedCompareExchange
VirtualAlloc
GetNativeSystemInfo
VirtualFree
CloseHandle
InitializeCriticalSectionAndSpinCount
SetLastError
GetTickCount
Sleep
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
LocalAlloc
GetSystemTimeAsFileTime
LocalFree
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
OutputDebugStringA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 477B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/winxp/imapi2fs.dll
.dll regsvr32 windows:6 windows x86 arch:x86

983aad5138ce75b4be04c13b0e89bd90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imapi2fs.pdb

Imports

msvcrt

_vscwprintf
srand
_wstat
_localtime64
_gmtime64
_time64
__RTDynamicCast
rand
?name@type_info@@QBEPBDXZ
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
_onexit
_lock
__RTtypeid
_unlock
realloc
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
malloc
_XcptFilter
??0exception@@QAE@ABV0@@Z
_resetstkoflw
calloc
wcsstr
wcsncmp
wcsrchr
qsort
mbtowc
wcschr
_wgetenv
swscanf
iswspace
_wcsicmp
memmove
_vsnprintf
_vsnwprintf
memcpy
_errno
__CxxFrameHandler
memset
_CxxThrowException
_wtoi
_wremove
ceil
_wcsupr
__dllonexit
free
_initterm

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlOemToUnicodeN
RtlMultiByteToUnicodeN
RtlUnicodeToOemN
RtlUnicodeToMultiByteN
NtDeviceIoControlFile
NtClose
NtReadFile
NtWriteFile
NtOpenFile
RtlInitUnicodeString
NtQueryInformationFile
RtlFreeUnicodeString
NtSetInformationFile
RtlDeleteElementGenericTable
RtlFindSetBits
RtlClearBits
RtlInitializeBitMap
RtlLookupElementGenericTable
RtlNumberOfSetBits
RtlEnumerateGenericTableWithoutSplaying
RtlSetBits
RtlInsertElementGenericTable
RtlInitializeGenericTable
RtlPrefixUnicodeString
DbgPrint
RtlQueryRegistryValues
RtlUnwind

user32

wsprintfW
UnregisterClassW
CharNextW

advapi32

RegQueryValueExW
RegEnumKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

CreateErrorInfo
SafeArrayUnlock
SafeArrayCreateVector
SafeArrayLock
SafeArrayGetElement
SafeArrayGetUBound
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SafeArrayGetLBound
SafeArrayGetDim
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
VariantInit
VariantClear
SetErrorInfo
SysAllocStringLen
GetErrorInfo

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
OutputDebugStringA
InterlockedExchange
GetVersionExA
CreateEventA
GetOverlappedResult
GetTempPathW
GlobalFree
GetDriveTypeW
LocalAlloc
LocalFree
Sleep
HeapSize
GetModuleHandleExW
FormatMessageW
FindNextFileW
FindClose
SetLastError
GetFullPathNameW
GetSystemTime
SystemTimeToFileTime
SetUnhandledExceptionFilter
ReadFile
CreateFileW
CloseHandle
WriteFile
DeviceIoControl
WideCharToMultiByte
GetConsoleCP
InterlockedCompareExchange
FindFirstFileW
SetErrorMode
SleepEx
GetThreadLocale
SetThreadLocale
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
LockResource
FindResourceExW
GetDiskFreeSpaceExW
GetFileAttributesExW
SetFilePointer
SetEndOfFile
GetFileSize
GlobalAlloc
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetModuleHandleW

rpcrt4

CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_QueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
NdrClientCall2

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

shlwapi

SHCreateStreamOnFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 562KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Picasa3.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 912KB - Virtual size: 910KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa87d05da8cd992552ea846b6a9a1bb2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 1.5MB

.rsrc Size: 39KB - Virtual size: 38KB

dd4d4b4320a71ab0c16c5077ded3ee8a

Headers

File Characteristics

PDB Paths

Imports

sti

version

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 500B

.reloc Size: 8KB - Virtual size: 6KB

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 899B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 574B

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 48B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 590B

8fb60ab5ea73162c8708c2b7e5a510ee

Headers

File Characteristics

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 1.5MB

.rsrc
Size: 39KB - Virtual size: 38KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 500B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 574B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 424KB - Virtual size: 422KB

.data
Size: 92KB - Virtual size: 210KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

5b:e0:42:c5:97:92:d2:a3:f3:f1:6f:84:2c:9a:ce:81:fb:43:5c:da
Signer

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 8B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

d1:0d:93:d2:b5:86:e2:01:0d:61:a5:a1:f2:66:a4:71:64:23:d5:0f
Signer