9da15fbc0c20586b6fa19a2fed2495a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9da15fbc0c20586b6fa19a2fed2495a6_JaffaCakes118
Size

2.9MB
MD5

9da15fbc0c20586b6fa19a2fed2495a6
SHA1

75284f4cd932565f7f3a43968ae503f29c046f95
SHA256

fe941bcf1e0222579e29a5d305910cd2b96e72f46c78c6f3e3119620c9aeac52
SHA512

0aa2308966fc0e886695893c94cdcc3d27ba08a4ad6d8b94cdef7db8354fa15431eea2c84d89f028bc9e02da55fefc45639e7ad48a27679ad2cb52ac705daeec
SSDEEP

49152:HcGccpccUccL7cc2ccOcc9cc4VcbcoHcIykOA8ojMxY8ka/AcJcdTa32qb7OAWV+:HcGccpccUccL7cc2ccOcc9cc4VcbcoHO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallHelper.dll

Files

9da15fbc0c20586b6fa19a2fed2495a6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:bb:7e:65:86:c7:d0:0d:36:17:00:e4:13:9f:e7:72
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/02/2015, 00:00

Not After

06/02/2016, 23:59

Subject

CN=BeiJing Baidu Netcom Science Technology Co.\, Ltd,OU=Engineering Excellence,O=BeiJing Baidu Netcom Science Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:ab:0b:9c:05:4d:8c:7d:9a:26:12:ac:bd:e8:2a:11:70:60:40:4b
Signer

Actual PE Digest

64:ab:0b:9c:05:4d:8c:7d:9a:26:12:ac:bd:e8:2a:11:70:60:40:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 596KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallHelper.dll
.dll windows:4 windows x86 arch:x86

7a684334bd5ac333f8402194b2c870bc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:37:04:52:d4:a8:58:c9:c7:8d:14:8c:09:c9:4c:c1:7a:aa:45:b8
Signer

Actual PE Digest

1a:37:04:52:d4:a8:58:c9:c7:8d:14:8c:09:c9:4c:c1:7a:aa:45:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Install\NSIS\Plugins\InstallHelper.pdb

Imports

kernel32

GetDiskFreeSpaceW
TerminateProcess
GetModuleHandleW
GetFileAttributesW
SetFileAttributesW
MoveFileExW
SizeofResource
CreateFileW
GlobalFree
LockResource
lstrcpyW
LoadResource
GlobalAlloc
OpenProcess
GetSystemDirectoryW
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
Process32NextW
CloseHandle
GetLastError
FreeLibrary
FlushFileBuffers
FindResourceW
lstrcpynW
Sleep
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
ExpandEnvironmentStringsW
MultiByteToWideChar
LoadLibraryW
OutputDebugStringW
GetProcAddress
GetCurrentProcess
FindResourceExW
GetTickCount
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

FindWindowW
UnregisterClassA
ShowWindow
SetForegroundWindow

advapi32

RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
OpenProcessToken
CheckTokenMembership
QueryServiceStatus
AllocateAndInitializeSid
StartServiceW
OpenServiceW
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysStringLen
SysFreeString
SysAllocString

shlwapi

PathStripToRootW

Exports

Exports

DeleteDirectory
DoInstallService
FireWallAddApp
FireWallRemoveApp
Function1
Function10
Function2
Function3
Function4
Function5
Function6
Function7
Function8
Function9
GetAllUserAppDataDir
InstallCheck
InstallDrivers
IsProcessRunning
IsWow64
KillRunningProcess
RefreshPolicies
RenameAndDeleteFile
ReportInstallData
ReportUninstallData
ShowMainWnd
ShowMessageBox
UninstallDrivers

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/ActivityAssistant.exe
.exe windows:4 windows x86 arch:x86

b38ae1c3d962d097564a6092adcb8326

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:63:97:3e:b1:9c:e7:5f:e4:ce:a8:bc:28:78:3c:69:14:0b:c3:09
Signer

Actual PE Digest

bc:63:97:3e:b1:9c:e7:5f:e4:ce:a8:bc:28:78:3c:69:14:0b:c3:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Output\BinRelease\ActivityAssistant.pdb

Imports

basedll

?as_string@JSONNode@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?name@JSONNode@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
??1JSONNode@@QAE@XZ
?parse@Libjson@Base@@YA?AVJSONNode@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?end@JSONNode@@QAE?AUiterator@1@XZ
?begin@JSONNode@@QAE?AUiterator@1@XZ
?DeleteFileEx@FileMisc@Base@@YAHPB_W@Z
?IsFullScreenWnd@SysMisc@Base@@YAHPAUHWND__@@@Z
?IsFileExist@FileMisc@Base@@YAHPB_W@Z

utilsdll

?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
?GetModuleDirectory@Misc@Utils@@YAPA_WPA_WH@Z
?GetSupplyID@Misc@Utils@@YAHAAH@Z
??0CConfig@Config@Utils@@QAE@XZ
?GetInstallVer@Misc@Utils@@YAHPA_WK@Z
?GetSoftID@Misc@Utils@@YAIXZ

reportdll

GetReportMgr

kernel32

Sleep
RaiseException
lstrlenW
InterlockedIncrement
InterlockedDecrement
CloseHandle
SizeofResource
InterlockedExchange
LoadResource
GetModuleHandleW
FindResourceW
LoadLibraryExW
CreateEventA
WaitForSingleObject
LockResource
FindResourceExW
GetLocalTime
TlsGetValue
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
InterlockedCompareExchange
TlsSetValue
SetLastError
HeapAlloc
CreateWaitableTimerW
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTempPathW
WaitForMultipleObjects
TerminateThread
QueueUserAPC
CreateEventW
SleepEx
GetProcAddress
OutputDebugStringW
LoadLibraryW
WideCharToMultiByte
MoveFileW
CreateToolhelp32Snapshot
Process32FirstW
CreateFileW
Process32NextW
lstrcpynW
CreateDirectoryW
GetCurrentProcess
GetFileAttributesW
GetVersionExA
GetACP
OpenEventA
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapReAlloc
WriteFile
IsBadReadPtr
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchangeAdd
TlsFree
MultiByteToWideChar
GetLastError
LeaveCriticalSection
TlsAlloc
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
PostQueuedCompletionStatus
FreeLibrary
lstrcmpiW
CreateMutexW
SetEvent
HeapSize
ReleaseSemaphore
GetCurrentThreadId
TerminateProcess
GetStartupInfoW
FormatMessageA
LocalFree
CreateWaitableTimerA
SystemTimeToFileTime
GetTickCount
ResumeThread
ResetEvent
GetCurrentProcessId

user32

SystemParametersInfoW
GetMonitorInfoW
MonitorFromWindow
GetForegroundWindow
CharNextW
WindowFromPoint
SetTimer
UnregisterClassA
SetWindowPos
wsprintfW
KillTimer
GetWindowRect
PostQuitMessage

advapi32

RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteExW

ole32

CoFreeLibrary
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx
IIDFromString
CoInitialize
CoLoadLibrary
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
VariantTimeToSystemTime
VarDateFromStr
VarUI4FromStr

shlwapi

PathFileExistsW

msvcp80

?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
_Inf
_Nan
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
_FNan
_FInf
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

ws2_32

WSAStartup
WSACleanup

msvcr80

??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
wcsncpy_s
??0exception@std@@QAE@ABQBDH@Z
_recalloc
memcpy_s
??0exception@std@@QAE@XZ
malloc
_purecall
free
??_V@YAXPAX@Z
_time64
rand
srand
memmove_s
wcsftime
_localtime64_s
_invalid_parameter_noinfo
_mktime64
_gmtime64
??8type_info@@QBE_NABV0@@Z
_beginthreadex
wcsrchr
_vswprintf_p
_vscwprintf_p
strncpy_s
_wcsicmp
sprintf
_wtoi
wcschr
_wsplitpath
tolower
__RTDynamicCast
__CxxFrameHandler3
_snprintf
fflush
fprintf
__iob_func
_CxxThrowException
memcpy
ldiv
_strtoi64
_strtoui64
memset
strtoul
strtol
strchr
_errno
memmove
strtod
strerror
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_waccess
vswprintf_s
_itoa
_vscwprintf
wcsncat_s
_wsplitpath_s
wcscpy_s
_snwprintf
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW
HttpOpenRequestW
InternetReadFile
HttpSendRequestW
HttpQueryInfoW

sensapi

IsNetworkAlive

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 584KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/AppUpdater.exe
.exe windows:4 windows x86 arch:x86

7db405e54cc0958c27ce21947b26d2a4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:e7:87:23:13:93:4a:23:47:09:3e:58:63:88:57:e7:0f:05:f3:24
Signer

Actual PE Digest

a0:e7:87:23:13:93:4a:23:47:09:3e:58:63:88:57:e7:0f:05:f3:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Output\BinRelease\AppUpdater.pdb

Imports

basedll

?as_string@JSONNode@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?name@JSONNode@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
??1JSONNode@@QAE@XZ
?parse@Libjson@Base@@YA?AVJSONNode@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?end@JSONNode@@QAE?AUiterator@1@XZ
?begin@JSONNode@@QAE?AUiterator@1@XZ
?IsFileExist@FileMisc@Base@@YAHPB_W@Z

utilsdll

?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
??0CConfig@Config@Utils@@QAE@XZ
?GetInstallVer@Misc@Utils@@YAHPA_WK@Z
?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetSoftID@Misc@Utils@@YAIXZ

reportdll

GetReportMgr

kernel32

WideCharToMultiByte
GetFileAttributesW
MoveFileW
CreateToolhelp32Snapshot
Process32FirstW
CreateFileW
Process32NextW
CreateDirectoryW
GetProcAddress
LoadLibraryW
Sleep
CreateEventW
GetTempPathW
GlobalFree
FreeResource
lstrcpynW
RaiseException
InitializeCriticalSection
MultiByteToWideChar
lstrcmpW
SizeofResource
FindResourceExW
LockResource
WriteFile
GetLocalTime
IsBadReadPtr
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
CreateWaitableTimerA
SystemTimeToFileTime
GetTickCount
ResumeThread
ResetEvent
OpenEventA
GetCurrentProcessId
ReleaseSemaphore
GetSystemTimeAsFileTime
FormatMessageA
LocalFree
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetVersionExA
InitializeCriticalSectionAndSpinCount
SetLastError
GetCurrentThreadId
MulDiv
FlushInstructionCache
CreateIoCompletionPort
TerminateThread
FreeLibrary
WaitForSingleObject
lstrcmpiW
GetQueuedCompletionStatus
lstrlenW
GlobalLock
HeapFree
GetCurrentProcess
TlsGetValue
HeapAlloc
TlsSetValue
FindResourceW
LoadLibraryExW
GetProcessHeap
GetModuleHandleW
SetWaitableTimer
QueueUserAPC
InterlockedCompareExchange
LoadResource
WaitForMultipleObjects
GlobalUnlock
GlobalAlloc
DeleteCriticalSection
InterlockedDecrement
PostQueuedCompletionStatus
TlsAlloc
CloseHandle
EnterCriticalSection
InterlockedExchange
CreateMutexW
InterlockedExchangeAdd
SetEvent
LeaveCriticalSection
CreateEventA
InterlockedIncrement
GetLastError
TlsFree
GetModuleFileNameW
HeapDestroy
HeapReAlloc
HeapSize

user32

MonitorFromWindow
SystemParametersInfoW
GetMonitorInfoW
LoadImageW
ShowWindow
IsWindowEnabled
CreateDialogParamW
AdjustWindowRectEx
GetDesktopWindow
GetCapture
SetWindowRgn
OffsetRect
PtInRect
InflateRect
UpdateWindow
DrawFocusRect
DrawEdge
GetMenu
GetSystemMetrics
GetWindowTextLengthW
InvalidateRect
EndPaint
GetDlgCtrlID
SetForegroundWindow
TrackPopupMenu
GetSubMenu
LoadMenuW
GetCursorPos
SetTimer
KillTimer
DestroyMenu
LoadCursorW
GetDlgItem
IsWindow
PostMessageW
CreateWindowExW
RegisterWindowMessageW
PeekMessageW
ReleaseDC
GetClassNameW
SetCapture
GetDC
GetWindowRect
BeginPaint
RedrawWindow
SetWindowTextW
UnregisterClassA
FillRect
SetWindowPos
SetFocus
DefWindowProcW
GetWindow
TranslateMessage
GetClassInfoExW
DispatchMessageW
ClientToScreen
GetClientRect
GetFocus
ReleaseCapture
ScreenToClient
CallWindowProcW
GetSysColor
DestroyWindow
MoveWindow
CreateAcceleratorTableW
RegisterClassExW
GetMessageW
InvalidateRgn
GetWindowTextW
GetParent
GetWindowLongW
CharNextW
DestroyAcceleratorTable
IsChild
SendMessageW
SetWindowLongW

gdi32

SetDIBColorTable
CreateDIBSection
Rectangle
SetBkMode
TextOutW
SetViewportOrgEx
RoundRect
CreateFontIndirectW
GetTextExtentPoint32W
SetTextColor
MoveToEx
DeleteObject
BitBlt
CreateCompatibleBitmap
GetDeviceCaps
CreateSolidBrush
SelectObject
DeleteDC
CreateCompatibleDC
GetStockObject
GetObjectW
GetDIBColorTable
CreatePen
CreateRoundRectRgn
StretchBlt

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW

shell32

ShellExecuteExW
Shell_NotifyIconW

ole32

CoLoadLibrary
CoFreeLibrary
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx
IIDFromString
StringFromGUID2
CLSIDFromString
CoGetClassObject
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CreateStreamOnHGlobal
CLSIDFromProgID
OleUninitialize
OleInitialize
OleLockRunning
CoCreateInstance

oleaut32

SysAllocString
SysAllocStringByteLen
VariantClear
OleCreateFontIndirect
LoadTypeLi
SysStringLen
SysStringByteLen
SysAllocStringLen
VarUI4FromStr
SysFreeString
VariantInit
LoadRegTypeLi

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_Add
ImageList_Destroy
_TrackMouseEvent
ImageList_GetIconSize
ImageList_Draw

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipGetImagePixelFormat
GdipBitmapLockBits
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipBitmapUnlockBits
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFont
GdipDisposeImage
GdipLoadImageFromFile
GdipGetImageHeight
GdipGetImageGraphicsContext
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipDrawImageI
GdipGetLogFontW
GdipGetGenericFontFamilySansSerif
GdipAlloc
GdipDrawImageRectI
GdipFree
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipCloneImage
GdipDeleteGraphics
GdiplusShutdown
GdiplusStartup

msvcp80

?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
_FNan
_FInf
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
_Nan
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
_Inf
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z

ws2_32

WSACleanup
WSAStartup

msvcr80

_CxxThrowException
_waccess
vswprintf_s
_vscwprintf
wcsncat_s
_wsplitpath_s
_snwprintf
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_beginthreadex
_gmtime64
strerror
strtod
_errno
strchr
strtol
strtoul
memset
ldiv
_strtoui64
_strtoi64
memcpy
_itoa
__iob_func
fprintf
fflush
_snprintf
__CxxFrameHandler3
__RTDynamicCast
tolower
_wtoi
sprintf
wcschr
_wcsicmp
_wsplitpath
strncpy_s
_vscprintf_p
_vsprintf_p
_vswprintf_p
_vscwprintf_p
printf
_time64
rand
srand
swscanf
memmove
_resetstkoflw
wcscpy_s
memmove_s
_recalloc
wcsncpy_s
_invalid_parameter_noinfo
free
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_purecall
??_V@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
memcpy_s
malloc
swprintf_s

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetReadFile
InternetOpenW
HttpOpenRequestW
InternetConnectW
HttpQueryInfoW
HttpSendRequestW
InternetCrackUrlW
InternetCloseHandle

sensapi

IsNetworkAlive

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 644KB - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/BDKitUtils.dll
.dll windows:4 windows x86 arch:x86

1f78e69b56ee87c438f5501a8265f830

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:e1:ff:c3:37:7d:1c:ec:53:48:dd:bf:66:f3:35:2f:15:22:f6:9e
Signer

Actual PE Digest

cd:e1:ff:c3:37:7d:1c:ec:53:48:dd:bf:66:f3:35:2f:15:22:f6:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\bdm_v3.0_fix2\Basic\kvoutput\binrelease\bdmantivirus\BDKitUtils.pdb

Imports

kernel32

CreateFileW
SetLastError
DeleteCriticalSection
CopyFileW
GetProcAddress
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
InterlockedIncrement
GetModuleFileNameW
GetWindowsDirectoryW
InitializeCriticalSection
LoadLibraryA
GetSystemInfo
FreeLibrary
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetLastError
DeviceIoControl
GetFileAttributesExW
GetProcessHeap
GetModuleHandleW
GetCurrentProcess
OpenProcess
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId

user32

wsprintfW

advapi32

AdjustTokenPrivileges
CreateServiceW
OpenSCManagerW
LookupPrivilegeValueW
OpenServiceW
DeleteService
OpenProcessToken
StartServiceW
CloseServiceHandle
ControlService

msvcp80

?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

msvcr80

_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3
__clean_type_info_names_internal
memset
wcsncpy
free
??2@YAPAXI@Z
??3@YAXPAX@Z
??_V@YAXPAX@Z
wcscpy_s
wcscat_s
malloc
memcpy

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
GetBDKitInterface
QueryInterfaceExist

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/BDMNetGetInfo.dll
.dll windows:4 windows x86 arch:x86

b5832237a783ba20396b1e9e67eefb6d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:bd:09:ef:75:ed:d5:bf:04:d7:00:0b:c8:11:85:b5:6c:39:99:e0
Signer

Actual PE Digest

71:bd:09:ef:75:ed:d5:bf:04:d7:00:0b:c8:11:85:b5:6c:39:99:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\minisetup_bdmnetgetinfo_compile\client_proj\Output\Release\BDMNetGetInfo.pdb

Imports

kernel32

GetLocalTime
GetTickCount
SystemTimeToFileTime
FormatMessageA
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
GetLocaleInfoW
LoadLibraryA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetVersionExW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
CreateMutexW
CloseHandle
WaitForSingleObject
ReleaseMutex
CreateFileW
CopyFileW
DeleteFileW
GetFileSize
ReadFile
WriteFile
FindFirstFileW
FindClose
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
GetLastError
MultiByteToWideChar
DeviceIoControl
CreateFileA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
CreateDirectoryW
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetFullPathNameW
GetCurrentDirectoryA
GetUserDefaultLCID
GetLocaleInfoA

ws2_32

recvfrom
select
socket
__WSAFDIsSet
htonl
gethostbyname
connect
closesocket
send
ntohl
getsockopt
sendto
ioctlsocket
WSACleanup
recv
htons
WSAStartup
WSAGetLastError

netapi32

Netbios

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetSpecialFolderPathW

Exports

Exports

CreateRpc
RpcRequestDownloadAddr
RpcRequestDownloadAddrV2

Sections

.text
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/BaseDll.dll
.dll windows:4 windows x86 arch:x86

a7f67f6ab315a9d4d55188055e8e6375

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:b5:96:c6:33:32:a2:cb:72:50:80:2c:52:8f:99:e0:cc:42:16:f4
Signer

Actual PE Digest

83:b5:96:c6:33:32:a2:cb:72:50:80:2c:52:8f:99:e0:cc:42:16:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Output\BinRelease\BaseDll.pdb

Imports

wininet

InternetCrackUrlW

iphlpapi

GetIpForwardTable

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW

kernel32

SetFilePointer
lstrcpynW
CreateDirectoryW
SizeofResource
FindResourceExW
FindResourceW
LoadResource
LockResource
GetCurrentDirectoryW
WriteFile
GlobalLock
GlobalUnlock
CopyFileW
MoveFileExW
RemoveDirectoryW
GetCurrentProcess
GlobalAlloc
DeleteFileW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetTickCount
GetTempPathW
CreateToolhelp32Snapshot
WaitForSingleObject
GetExitCodeProcess
Process32NextW
Process32FirstW
lstrcmpiW
GetProcessTimes
OpenProcess
GetComputerNameW
GetDriveTypeW
DebugBreak
MoveFileW
IsBadReadPtr
GetBinaryTypeW
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryW
MapViewOfFile
UnmapViewOfFile
GetFileSizeEx
CreateFileMappingW
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
EnterCriticalSection
OutputDebugStringA
InterlockedCompareExchange
OpenEventW
GetModuleFileNameA
InitializeCriticalSection
SetEvent
LeaveCriticalSection
DeleteCriticalSection
SetLastError
OpenFileMappingW
CreateFileA
VirtualFree
DosDateTimeToFileTime
SetFileTime
VirtualAlloc
FileTimeToDosDateTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
DeviceIoControl
FindNextFileW
GetExitCodeThread
CreateEventW
WaitForMultipleObjects
ResetEvent
TerminateThread
QueryPerformanceCounter
HeapDestroy
LoadLibraryA
FindClose
GetTempPathA
HeapCreate
CreateFileMappingA
LocalFree
HeapValidate
AreFileApisANSI
UnlockFile
GetFullPathNameW
DeleteFileA
LockFile
GetFullPathNameA
GetDiskFreeSpaceA
OutputDebugStringW
UnlockFileEx
HeapReAlloc
GetSystemTimeAsFileTime
FlushFileBuffers
CreateMutexW
FormatMessageA
GetFileAttributesExW
HeapSize
SetEndOfFile
GetVersionExA
LockFileEx
SystemTimeToFileTime
GetDiskFreeSpaceW
GetFileAttributesW
GetSystemTime
CreateWaitableTimerA
ResumeThread
OpenEventA
ReleaseSemaphore
RaiseException
GetThreadLocale
GetLocaleInfoA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
QueryPerformanceFrequency
QueueUserAPC
SleepEx
GetCurrentThread
SetThreadPriority
GetQueuedCompletionStatus
CreateWaitableTimerW
WaitForSingleObjectEx
TlsSetValue
SetWaitableTimer
SetNamedPipeHandleState
InitializeCriticalSectionAndSpinCount
WaitNamedPipeA
GetNamedPipeInfo
InterlockedExchangeAdd
DisconnectNamedPipe
DuplicateHandle
InterlockedExchange
TlsAlloc
TlsGetValue
InterlockedIncrement
TlsFree
CreateIoCompletionPort
CreateNamedPipeA
ConnectNamedPipe
GetVersionExW
GetProcAddress
GetSystemDefaultLangID
GetModuleFileNameW
GetSystemInfo
GetLocalTime
InterlockedDecrement
FindFirstFileW
GetFileTime
GetFileSize
CreateFileW
ReadFile
SetFileAttributesW
FreeLibrary
GetFileAttributesA
lstrcpynA
GetModuleHandleW
lstrlenA
CloseHandle
lstrlenW
Sleep
HeapFree
GetWindowsDirectoryW
HeapAlloc
GetProcessHeap
GetACP
GetLastError
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
CreateEventA
PostQueuedCompletionStatus

user32

PostThreadMessageW
SetTimer
KillTimer
GetMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
CloseClipboard
SetClipboardData
EmptyClipboard
DestroyIcon
OpenClipboard
FindWindowExW
UnregisterClassA
SetForegroundWindow
SendMessageW
BringWindowToTop
SetFocus
FindWindowW
SendMessageTimeoutW
FindWindowA
SystemParametersInfoW
ShowWindow
GetClientRect
GetParent
EnableWindow
SetWindowLongW
GetWindowLongW
SetWindowTextW
SetWindowPos
MessageBoxW
SetActiveWindow
ExitWindowsEx
GetSystemMetrics
IsWindowVisible
GetWindowRect
GetWindowTextW
GetClassNameW
IsWindow
EnumWindows
IsIconic
GetDesktopWindow
LoadBitmapW
LoadImageW

gdi32

GetDeviceCaps
GetObjectW
DeleteDC
DeleteObject
CreateDCW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExA
RegQueryValueExA
GetUserNameW
IsValidSid
LookupPrivilegeValueW
CheckTokenMembership
AdjustTokenPrivileges
LookupAccountSidW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetKeySecurity
RegDeleteValueW
RegQueryValueExW
RegEnumKeyW
RegSetValueExW
RegEnumValueW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegFlushKey
RegGetKeySecurity
AllocateAndInitializeSid
InitializeSecurityDescriptor
OpenProcessToken
InitializeAcl
FreeSid
SetSecurityDescriptorDacl
SetFileSecurityW
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAce
RegNotifyChangeKeyValue

shell32

SHGetDesktopFolder
SHGetFolderPathW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHCreateDirectoryExW
DuplicateIcon
ShellExecuteW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize
CoCreateGuid
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

OleCreatePictureIndirect

msvcp80

?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

msvcr80

wcstombs_s
realloc
_beginthreadex
??8type_info@@QBE_NABV0@@Z
printf
??0exception@std@@QAE@ABQBDH@Z
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
__CxxFrameHandler3
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
memset
_gmtime64
_CxxThrowException
memcpy
??2@YAPAXI@Z
memmove
fseek
ftell
wcsstr
fclose
wcsncmp
_wfopen_s
fwrite
??3@YAXPAX@Z
??_V@YAXPAX@Z
wcschr
swprintf_s
fflush
wcstol
fread
_purecall
__iob_func
isspace
tolower
sscanf_s
_vsnprintf_s
ferror
atoi
fopen_s
atof
fprintf
fputc
strncmp
strchr
isalnum
isalpha
??0exception@std@@QAE@ABQBD@Z
wcsncat_s
??0exception@std@@QAE@ABV01@@Z
wcsncpy_s
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_wcsnicmp
??0exception@std@@QAE@XZ
free
malloc
strncpy_s
_wcsicmp
strtoul
memmove_s
_errno
_snprintf_s
_strnicmp
_snwprintf_s
_wtol
_mktime64
swscanf_s
_localtime64_s
_time64
wcsftime
wcscpy_s
_wtoi
memcpy_s
_wcslwr_s
wcsrchr
wcstoul
_vsnwprintf_s
strrchr
_fsopen
setlocale
_memicmp
printf_s
rand
vswprintf_s
_mbsinc
calloc
strerror
_ftelli64
_fseeki64
fopen
srand
isprint
_wstat64
_wsplitpath_s
_wmkdir
_vswprintf_c_l

shlwapi

StrStrIW
PathFindFileNameW
PathAppendW
StrRChrIW
PathFindExtensionW
PathIsDirectoryW
PathAddBackslashW
SHDeleteKeyW
SHDeleteValueW
SHGetValueW
StrRStrIW
StrChrW
StrRChrW
PathFileExistsW
PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoW

netapi32

Netbios

ws2_32

WSACleanup
WSAStartup

Exports

Exports

??0?$json_auto@D@@QAE@I@Z
??0?$json_auto@PAVJSONNode@@@@QAE@I@Z
??0?$json_auto@_W@@QAE@XZ
??0CIPCClient@IPC@Base@@QAE@XZ
??0CIPCServer@IPC@Base@@QAE@XZ
??0CMarkup@Xml@Base@@QAE@ABV012@@Z
??0CMarkup@Xml@Base@@QAE@H@Z
??0CMarkup@Xml@Base@@QAE@UMCD_CSTR@@@Z
??0CMarkup@Xml@Base@@QAE@XZ
??0CShortcut@FileMisc@Base@@QAE@ABV012@@Z
??0CShortcut@FileMisc@Base@@QAE@H@Z
??0CShortcut@FileMisc@Base@@QAE@PB_WH@Z
??0CWin64Helper@Win64Helper@Base@@QAE@XZ
??0CWow64FsRedrt@Win64Helper@Base@@QAE@XZ
??0FileDefaultIconPicker@FileMisc@Base@@QAE@XZ
??0IBackupAndRecoveryRegister@Register@Base@@QAE@ABU012@@Z
??0IBackupAndRecoveryRegister@Register@Base@@QAE@XZ
??0IRegistryHandle@Register@Base@@QAE@ABV012@@Z
??0IRegistryHandle@Register@Base@@QAE@XZ
??0IShortcut@FileMisc@Base@@QAE@ABV012@@Z
??0IShortcut@FileMisc@Base@@QAE@XZ
??0JSONNode@@AAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0JSONNode@@AAE@PAVinternalJSONNode@@@Z
??0JSONNode@@AAE@_NAAV0@@Z
??0JSONNode@@QAE@ABV0@@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@D@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@E@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@F@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@G@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@I@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@J@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@M@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@N@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@O@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_J@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_K@Z
??0JSONNode@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
??0JSONNode@@QAE@D@Z
??0Sqlite3Command@Database@Base@@QAE@AAVSqlite3Connection@12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Sqlite3Command@Database@Base@@QAE@AAVSqlite3Connection@12@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0Sqlite3Command@Database@Base@@QAE@AAVSqlite3Connection@12@PBD@Z
??0Sqlite3Command@Database@Base@@QAE@AAVSqlite3Connection@12@PB_W@Z
??0Sqlite3Connection@Database@Base@@QAE@PBD@Z
??0Sqlite3Connection@Database@Base@@QAE@PB_W@Z
??0Sqlite3Connection@Database@Base@@QAE@XZ
??0Sqlite3Reader@Database@Base@@AAE@PAVSqlite3Command@12@@Z
??0Sqlite3Reader@Database@Base@@QAE@ABV012@@Z
??0Sqlite3Reader@Database@Base@@QAE@XZ
??0Sqlite3Transaction@Database@Base@@QAE@AAVSqlite3Connection@12@_N@Z
??0TiXmlAttribute@Xml@Base@@QAE@PBD0@Z
??0TiXmlAttribute@Xml@Base@@QAE@XZ
??0TiXmlAttributeSet@Xml@Base@@QAE@XZ
??0TiXmlBase@Xml@Base@@QAE@XZ
??0TiXmlComment@Xml@Base@@QAE@ABV012@@Z
??0TiXmlComment@Xml@Base@@QAE@PBD@Z
??0TiXmlComment@Xml@Base@@QAE@XZ
??0TiXmlCursor@Xml@Base@@QAE@XZ
??0TiXmlDeclaration@Xml@Base@@QAE@ABV012@@Z
??0TiXmlDeclaration@Xml@Base@@QAE@PBD00@Z
??0TiXmlDeclaration@Xml@Base@@QAE@XZ
??0TiXmlDocument@Xml@Base@@QAE@ABV012@@Z
??0TiXmlDocument@Xml@Base@@QAE@PBD@Z
??0TiXmlDocument@Xml@Base@@QAE@XZ
??0TiXmlElement@Xml@Base@@QAE@ABV012@@Z
??0TiXmlElement@Xml@Base@@QAE@PBD@Z
??0TiXmlHandle@Xml@Base@@QAE@ABV012@@Z
??0TiXmlHandle@Xml@Base@@QAE@PAVTiXmlNode@12@@Z
??0TiXmlNode@Xml@Base@@IAE@W4NodeType@012@@Z
??0TiXmlOutStream@Xml@Base@@QAE@ABV012@@Z
??0TiXmlOutStream@Xml@Base@@QAE@XZ
??0TiXmlParsingData@Xml@Base@@AAE@PBDHHH@Z
??0TiXmlPrinter@Xml@Base@@QAE@ABV012@@Z
??0TiXmlPrinter@Xml@Base@@QAE@XZ
??0TiXmlString@Xml@Base@@QAE@ABV012@@Z
??0TiXmlString@Xml@Base@@QAE@PBD@Z
??0TiXmlString@Xml@Base@@QAE@PBDI@Z
??0TiXmlString@Xml@Base@@QAE@XZ
??0TiXmlText@Xml@Base@@QAE@ABV012@@Z
??0TiXmlText@Xml@Base@@QAE@PBD@Z
??0TiXmlUnknown@Xml@Base@@QAE@ABV012@@Z
??0TiXmlUnknown@Xml@Base@@QAE@XZ
??0TiXmlVisitor@Xml@Base@@QAE@ABV012@@Z
??0TiXmlVisitor@Xml@Base@@QAE@XZ
??0iteratorKeeper@jsonChildren@@QAE@PAV1@AAPAPAVJSONNode@@_N@Z
??0jsonChildren@@QAE@XZ
??0md5_engine@Base@@QAE@XZ
??1?$json_auto@D@@QAE@XZ
??1?$json_auto@PAVJSONNode@@@@QAE@XZ
??1?$json_auto@_W@@QAE@XZ
??1CIPCClient@IPC@Base@@QAE@XZ
??1CIPCServer@IPC@Base@@QAE@XZ
??1CMarkup@Xml@Base@@QAE@XZ
??1CShortcut@FileMisc@Base@@UAE@XZ
??1CWin64Helper@Win64Helper@Base@@QAE@XZ
??1CWow64FsRedrt@Win64Helper@Base@@QAE@XZ
??1FileDefaultIconPicker@FileMisc@Base@@QAE@XZ
??1JSONNode@@QAE@XZ
??1Sqlite3Command@Database@Base@@QAE@XZ
??1Sqlite3Connection@Database@Base@@QAE@XZ
??1Sqlite3Reader@Database@Base@@QAE@XZ
??1Sqlite3Transaction@Database@Base@@QAE@XZ
??1TiXmlAttribute@Xml@Base@@UAE@XZ
??1TiXmlAttributeSet@Xml@Base@@QAE@XZ
??1TiXmlBase@Xml@Base@@UAE@XZ
??1TiXmlComment@Xml@Base@@UAE@XZ
??1TiXmlDeclaration@Xml@Base@@UAE@XZ
??1TiXmlDocument@Xml@Base@@UAE@XZ
??1TiXmlElement@Xml@Base@@UAE@XZ
??1TiXmlNode@Xml@Base@@UAE@XZ
??1TiXmlOutStream@Xml@Base@@QAE@XZ
??1TiXmlPrinter@Xml@Base@@UAE@XZ
??1TiXmlString@Xml@Base@@QAE@XZ
??1TiXmlText@Xml@Base@@UAE@XZ
??1TiXmlUnknown@Xml@Base@@UAE@XZ
??1TiXmlVisitor@Xml@Base@@UAE@XZ
??1iteratorKeeper@jsonChildren@@QAE@XZ
??1jsonChildren@@QAE@XZ
??4CIPCClient@IPC@Base@@QAEAAV012@ABV012@@Z
??4CIPCServer@IPC@Base@@QAEAAV012@ABV012@@Z
??4CMarkup@Xml@Base@@QAEXABV012@@Z
??4CShortcut@FileMisc@Base@@QAEAAV012@ABV012@@Z
??4CWin64Helper@Win64Helper@Base@@QAEAAV012@ABV012@@Z
??4CWorkerPool@Thread@Base@@QAEAAV012@ABV012@@Z
??4CWow64FsRedrt@Win64Helper@Base@@QAEAAV012@ABV012@@Z
??4FileDefaultIconPicker@FileMisc@Base@@QAEAAV012@ABV012@@Z
??4IBackupAndRecoveryRegister@Register@Base@@QAEAAU012@ABU012@@Z
??4IRegistryHandle@Register@Base@@QAEAAV012@ABV012@@Z
??4IShortcut@FileMisc@Base@@QAEAAV012@ABV012@@Z
??4JSONNode@@QAEAAV0@ABV0@@Z
??4JSONNode@@QAEAAV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??4JSONNode@@QAEAAV0@D@Z
??4JSONNode@@QAEAAV0@E@Z
??4JSONNode@@QAEAAV0@F@Z
??4JSONNode@@QAEAAV0@G@Z
??4JSONNode@@QAEAAV0@H@Z
??4JSONNode@@QAEAAV0@I@Z
??4JSONNode@@QAEAAV0@J@Z
??4JSONNode@@QAEAAV0@K@Z
??4JSONNode@@QAEAAV0@M@Z
??4JSONNode@@QAEAAV0@N@Z
??4JSONNode@@QAEAAV0@O@Z
??4JSONNode@@QAEAAV0@PB_W@Z
??4JSONNode@@QAEAAV0@_J@Z
??4JSONNode@@QAEAAV0@_K@Z
??4JSONNode@@QAEAAV0@_N@Z
??4NumberToString@@QAEAAV0@ABV0@@Z
??4Sqlite3Reader@Database@Base@@QAEAAV012@ABV012@@Z
??4TiXmlComment@Xml@Base@@QAEXABV012@@Z
??4TiXmlCursor@Xml@Base@@QAEAAU012@ABU012@@Z
??4TiXmlDeclaration@Xml@Base@@QAEXABV012@@Z
??4TiXmlDocument@Xml@Base@@QAEXABV012@@Z
??4TiXmlElement@Xml@Base@@QAEXABV012@@Z
??4TiXmlHandle@Xml@Base@@QAE?AV012@ABV012@@Z
??4TiXmlOutStream@Xml@Base@@QAEAAV012@ABV012@@Z
??4TiXmlParsingData@Xml@Base@@QAEAAV012@ABV012@@Z
??4TiXmlPrinter@Xml@Base@@QAEAAV012@ABV012@@Z
??4TiXmlString@Xml@Base@@QAEAAV012@ABV012@@Z
??4TiXmlString@Xml@Base@@QAEAAV012@PBD@Z
??4TiXmlText@Xml@Base@@QAEXABV012@@Z
??4TiXmlUnknown@Xml@Base@@QAEXABV012@@Z
??4TiXmlVisitor@Xml@Base@@QAEAAV012@ABV012@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??4tagLANGANDCODEPAGE@@QAEAAU0@ABU0@@Z
??6TiXmlOutStream@Xml@Base@@QAEAAV012@ABVTiXmlString@12@@Z
??6TiXmlOutStream@Xml@Base@@QAEAAV012@PBD@Z
??8IPC@Base@@YA_NV?$intrusive_ptr@VCIPCChannel@IPC@Base@@@boost@@0@Z
??8JSONNode@@QBE_NABV0@@Z
??8JSONNode@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??8JSONNode@@QBE_ND@Z
??8JSONNode@@QBE_NE@Z
??8JSONNode@@QBE_NF@Z
??8JSONNode@@QBE_NG@Z
??8JSONNode@@QBE_NH@Z
??8JSONNode@@QBE_NI@Z
??8JSONNode@@QBE_NJ@Z
??8JSONNode@@QBE_NK@Z
??8JSONNode@@QBE_NM@Z
??8JSONNode@@QBE_NN@Z
??8JSONNode@@QBE_NO@Z
??8JSONNode@@QBE_NPB_W@Z
??8JSONNode@@QBE_N_J@Z
??8JSONNode@@QBE_N_K@Z
??8JSONNode@@QBE_N_N@Z
??8TiXmlAttribute@Xml@Base@@QBE_NABV012@@Z
??9JSONNode@@QBE_NABV0@@Z
??9JSONNode@@QBE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??9JSONNode@@QBE_ND@Z
??9JSONNode@@QBE_NE@Z
??9JSONNode@@QBE_NF@Z
??9JSONNode@@QBE_NG@Z
??9JSONNode@@QBE_NH@Z
??9JSONNode@@QBE_NI@Z
??9JSONNode@@QBE_NJ@Z
??9JSONNode@@QBE_NK@Z
??9JSONNode@@QBE_NM@Z
??9JSONNode@@QBE_NN@Z
??9JSONNode@@QBE_NO@Z
??9JSONNode@@QBE_NPB_W@Z
??9JSONNode@@QBE_N_J@Z
??9JSONNode@@QBE_N_K@Z
??9JSONNode@@QBE_N_N@Z
??AJSONNode@@QAEAAV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??AJSONNode@@QAEAAV0@I@Z
??AJSONNode@@QBEABV0@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??AJSONNode@@QBEABV0@I@Z
??ATiXmlString@Xml@Base@@QBEAADI@Z
??AjsonChildren@@QBEPAVJSONNode@@I@Z
??MTiXmlAttribute@Xml@Base@@QBE_NABV012@@Z
??OTiXmlAttribute@Xml@Base@@QBE_NABV012@@Z
??YTiXmlString@Xml@Base@@QAEAAV012@ABV012@@Z
??YTiXmlString@Xml@Base@@QAEAAV012@D@Z
??YTiXmlString@Xml@Base@@QAEAAV012@PBD@Z
??_7CShortcut@FileMisc@Base@@6B@
??_7IRegistryHandle@Register@Base@@6B@
??_7IShortcut@FileMisc@Base@@6B@
??_7TiXmlAttribute@Xml@Base@@6B@
??_7TiXmlBase@Xml@Base@@6B@
??_7TiXmlComment@Xml@Base@@6B@
??_7TiXmlDeclaration@Xml@Base@@6B@
??_7TiXmlDocument@Xml@Base@@6B@
??_7TiXmlElement@Xml@Base@@6B@
??_7TiXmlNode@Xml@Base@@6B@
??_7TiXmlPrinter@Xml@Base@@6B@
??_7TiXmlText@Xml@Base@@6B@
??_7TiXmlUnknown@Xml@Base@@6B@
??_7TiXmlVisitor@Xml@Base@@6B@
??_FCShortcut@FileMisc@Base@@QAEXXZ
??_FJSONNode@@QAEXXZ
?Accept@TiXmlComment@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?Accept@TiXmlDeclaration@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?Accept@TiXmlDocument@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?Accept@TiXmlElement@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?Accept@TiXmlText@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?Accept@TiXmlUnknown@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?ActivePopupChild@SysMisc@Base@@YAPAUHWND__@@PAU3@@Z
?Add@TiXmlAttributeSet@Xml@Base@@QAEXPAVTiXmlAttribute@23@@Z
?AddAttrib@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@0@Z
?AddAttrib@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@H@Z
?AddChildAttrib@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@0@Z
?AddChildAttrib@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@H@Z
?AddChildElem@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@0H@Z
?AddChildElem@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@HH@Z
?AddChildSubDoc@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@@Z
?AddElem@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@0H@Z
?AddElem@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@HH@Z
?AddFileToZip@ZipUnZip@Base@@YAHPAXPB_W1@Z
?AddMemoryToZip@ZipUnZip@Base@@YAHPAXPB_W0H@Z
?AddNode@CMarkup@Xml@Base@@QAE_NHUMCD_CSTR@@@Z
?AddSubDoc@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@@Z
?AddZipMemoryToZip@ZipUnZip@Base@@YAHPAXPB_W0HH@Z
?AsynConnect@CIPCClient@IPC@Base@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Attribute@TiXmlElement@Xml@Base@@QBEPBDPBD@Z
?Attribute@TiXmlElement@Xml@Base@@QBEPBDPBDPAH@Z
?Attribute@TiXmlElement@Xml@Base@@QBEPBDPBDPAN@Z
?BOOLTobool@DataMisc@Base@@YA_NH@Z
?BackupAndRecoveryRegisterGetModule@Register@Base@@YAJPAPAX@Z
?Base64Decode@Crypt@Base@@YAHPBEHPAEH@Z
?Base64Decode@Crypt@Base@@YAHPBEHPAEPAH@Z
?Base64DecodeStr@Crypt@Base@@YAHPB_WPA_WHW4CodePage@@@Z
?Base64Encode@Crypt@Base@@YAHPBEHPAEH@Z
?Base64Encode@Crypt@Base@@YAHPBEHPAEPAH@Z
?Base64EncodeStr@Crypt@Base@@YAHPB_WPA_WHW4CodePage@@@Z
?Blank@TiXmlText@Xml@Base@@IBE_NXZ
?BuildEveryoneSD@FileMisc@Base@@YAPAXKPAX@Z
?CDATA@TiXmlText@Xml@Base@@QBE_NXZ
?CRC32@MD5@Base@@YGKPBEHK@Z
?CRC32@MD5@Base@@YGKPB_WK@Z
?CStr@TiXmlPrinter@Xml@Base@@QAEPBDXZ
?CancelWaitExecute@CWorkerPool@Thread@Base@@SAPAXI@Z
?CheckFullScreenWindow@SysMisc@Base@@YAHAAHPAPAUHWND__@@@Z
?CheckProcess@SysMisc@Base@@YAHPB_W@Z
?Child@TiXmlHandle@Xml@Base@@QBE?AV123@H@Z
?Child@TiXmlHandle@Xml@Base@@QBE?AV123@PBDH@Z
?ChildElement@TiXmlHandle@Xml@Base@@QBE?AV123@H@Z
?ChildElement@TiXmlHandle@Xml@Base@@QBE?AV123@PBDH@Z
?Clear@TiXmlCursor@Xml@Base@@QAEXXZ
?Clear@TiXmlNode@Xml@Base@@QAEXXZ
?ClearError@TiXmlDocument@Xml@Base@@QAEXXZ
?ClearThis@TiXmlElement@Xml@Base@@IAEXXZ
?Clone@TiXmlComment@Xml@Base@@UBEPAVTiXmlNode@23@XZ
?Clone@TiXmlDeclaration@Xml@Base@@UBEPAVTiXmlNode@23@XZ
?Clone@TiXmlDocument@Xml@Base@@MBEPAVTiXmlNode@23@XZ
?Clone@TiXmlElement@Xml@Base@@UBEPAVTiXmlNode@23@XZ
?Clone@TiXmlText@Xml@Base@@MBEPAVTiXmlNode@23@XZ
?Clone@TiXmlUnknown@Xml@Base@@UBEPAVTiXmlNode@23@XZ
?Close@CIPCClient@IPC@Base@@QAEXXZ
?Close@CWow64FsRedrt@Win64Helper@Base@@QAEHXZ
?CloseZip@ZipUnZip@Base@@YAXPAX_N@Z
?CloseZipFile@ZipUnZip@Base@@YAXPAX@Z
?Column@TiXmlBase@Xml@Base@@QBEHXZ
?Compress@ZipUnZip@Base@@YAHPBXHPAXHAAK@Z
?Connect@CIPCClient@IPC@Base@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@K@Z
?ConvertUTF32ToUTF8@TiXmlBase@Xml@Base@@KAXKPADPAH@Z
?CopyFilePath@FileMisc@Base@@YAXPB_W@Z
?CopyFilePath@FileMisc@Base@@YAXV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?CopyFileW@FileMisc@Base@@YAHPB_W0H@Z
?CopyKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W01@Z
?CopyRegKey@Register@Base@@YAHPAUHKEY__@@0@Z
?CopyRegKey@Register@Base@@YAHPB_W0@Z
?CopyTextToClipboard@SysMisc@Base@@YAHPB_W@Z
?CopyTo@TiXmlComment@Xml@Base@@IBEXPAV123@@Z
?CopyTo@TiXmlDeclaration@Xml@Base@@IBEXPAV123@@Z
?CopyTo@TiXmlDocument@Xml@Base@@ABEXPAV123@@Z
?CopyTo@TiXmlElement@Xml@Base@@IBEXPAV123@@Z
?CopyTo@TiXmlNode@Xml@Base@@IBEXPAV123@@Z
?CopyTo@TiXmlText@Xml@Base@@IBEXPAV123@@Z
?CopyTo@TiXmlUnknown@Xml@Base@@IBEXPAV123@@Z
?CreateDir@FileMisc@Base@@YAHPB_W@Z
?CreateDirectoryNested@FileMisc@Base@@YAHPB_W@Z
?CreateFileNoRedirect@CWin64Helper@Win64Helper@Base@@QAEPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z
?CreateRegKey@Register@Base@@YAHPAUHKEY__@@PB_W@Z
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?CreateRegKeyForce@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?CreateShortCut@FileMisc@Base@@YAHPB_W00000HGH@Z
?CreateZip@ZipUnZip@Base@@YAPAXPB_W_N@Z
?CreateZipFile@ZipUnZip@Base@@YAPAXPB_W@Z
?Cursor@TiXmlParsingData@Xml@Base@@QAEABUTiXmlCursor@23@XZ
?DatastrToHex@DataMisc@Base@@YAHPB_W@Z
?DecodeCharUTF16@CMarkup@Xml@Base@@SAHAAPBGPBG@Z
?DecodeCharUTF8@CMarkup@Xml@Base@@SAHAAPBDPBD@Z
?DelSubKey@Register@Base@@YAHPAUHKEY__@@PB_W@Z
?DelSubKeyForce@Register@Base@@YAHPAUHKEY__@@PB_W@Z
?DeleteFileAfterReboot@FileMisc@Base@@YAXPA_W@Z
?DeleteFileEx@FileMisc@Base@@YAHPB_W@Z
?DeleteFileNoRedirect@CWin64Helper@Win64Helper@Base@@QAEHPB_W@Z
?DeleteKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1@Z
?DeleteKeyValue@Register@Base@@YAHPB_W0ABH@Z
?DeleteKeyValueForce@Register@Base@@YAHPAUHKEY__@@PB_W1@Z
?DeleteRegKey@Register@Base@@YAHPAUHKEY__@@PB_W@Z
?DeleteRegKey@Register@Base@@YAHPB_WH@Z
?DetectUTF8@CMarkup@Xml@Base@@SA_NPBDHPAHPA_N@Z
?DirSelectDlg@SysMisc@Base@@YAHPAUHWND__@@PA_WHPAUHICON__@@HPB_W333IPAH@Z
?DirSelectDlgSimple@SysMisc@Base@@YAHPAUHWND__@@PA_WHPAUHICON__@@PB_W3@Z
?DisableFileRedirect@CWin64Helper@Win64Helper@Base@@QAEHXZ
?DllGetVersion@FileMisc@Base@@YAHPB_WAAU_DLLVERSIONINFO@@@Z
?Do@CWorkerPool@Thread@Base@@KGXPAX@Z
?DoIndent@TiXmlPrinter@Xml@Base@@AAEXXZ
?DoLineBreak@TiXmlPrinter@Xml@Base@@AAEXXZ
?DoubleValue@TiXmlAttribute@Xml@Base@@QBENXZ
?Element@TiXmlHandle@Xml@Base@@QBEPAVTiXmlElement@23@XZ
?EnableDebugPrivilege@SysMisc@Base@@YAHH@Z
?EnableProcessPrivilege@SysMisc@Base@@YAHPAXPA_WH@Z
?EncodeCharUTF16@CMarkup@Xml@Base@@SAXHPAGAAH@Z
?EncodeCharUTF8@CMarkup@Xml@Base@@SAXHPADAAH@Z
?EncodeString@TiXmlBase@Xml@Base@@SAXABVTiXmlString@23@PAV423@@Z
?Encoding@TiXmlDeclaration@Xml@Base@@QBEPBDXZ
?EnumFileOfDir@FileMisc@Base@@YAHPB_WAAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@HPA_W@Z
?EnumFolderOfDir@FileMisc@Base@@YAHPB_WAAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?EnumSubKeys@Register@Base@@YAHPAUHKEY__@@PAPA_WKPAK@Z
?EnumSubKeys@Register@Base@@YAHPAUHKEY__@@PB_WPAPA_WKPAKH@Z
?EnumSubKeys@Register@Base@@YAHPB_WPAPA_WKPAKH@Z
?EnumValues@Register@Base@@YAHPAUHKEY__@@PAPA_WKPAK@Z
?EnumValues@Register@Base@@YAHPAUHKEY__@@PB_WPAPA_WKPAK@Z
?EnumValues@Register@Base@@YAHPB_WPAPA_WKPAKH@Z
?Error@TiXmlDocument@Xml@Base@@QBE_NXZ
?ErrorCol@TiXmlDocument@Xml@Base@@QBEHXZ
?ErrorDesc@TiXmlDocument@Xml@Base@@QBEPBDXZ
?ErrorId@TiXmlDocument@Xml@Base@@QBEHXZ
?ErrorRow@TiXmlDocument@Xml@Base@@QBEHXZ
?EscapeText@CMarkup@Xml@Base@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UMCD_CSTR@@H@Z
?Execute@CWorkerPool@Thread@Base@@SA_NP6GXPAX@Z0@Z
?ExecuteExeAsAdmin@SysMisc@Base@@YAHPB_W0PAK@Z
?FileGetDefaultIcon@FileDefaultIconPicker@FileMisc@Base@@SAPAUHICON__@@PB_W@Z
?FileSelectDlg@SysMisc@Base@@YAHPA_WPB_W11HPAUHWND__@@1@Z
?Find@TiXmlAttributeSet@Xml@Base@@QAEPAVTiXmlAttribute@23@PBD@Z
?Find@TiXmlAttributeSet@Xml@Base@@QBEPBVTiXmlAttribute@23@PBD@Z
?FindChildElem@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@@Z
?FindElem@CMarkup@Xml@Base@@QAE_NUMCD_CSTR@@@Z
?FindNode@CMarkup@Xml@Base@@QAEHH@Z
?First@TiXmlAttributeSet@Xml@Base@@QAEPAVTiXmlAttribute@23@XZ
?First@TiXmlAttributeSet@Xml@Base@@QBEPBVTiXmlAttribute@23@XZ
?FirstAttribute@TiXmlElement@Xml@Base@@QAEPAVTiXmlAttribute@23@XZ
?FirstAttribute@TiXmlElement@Xml@Base@@QBEPBVTiXmlAttribute@23@XZ
?FirstChild@TiXmlHandle@Xml@Base@@QBE?AV123@PBD@Z
?FirstChild@TiXmlHandle@Xml@Base@@QBE?AV123@XZ
?FirstChild@TiXmlNode@Xml@Base@@QAEPAV123@PBD@Z
?FirstChild@TiXmlNode@Xml@Base@@QAEPAV123@XZ
?FirstChild@TiXmlNode@Xml@Base@@QBEPBV123@PBD@Z
?FirstChild@TiXmlNode@Xml@Base@@QBEPBV123@XZ
?FirstChildElement@TiXmlHandle@Xml@Base@@QBE?AV123@PBD@Z
?FirstChildElement@TiXmlHandle@Xml@Base@@QBE?AV123@XZ
?FirstChildElement@TiXmlNode@Xml@Base@@QAEPAVTiXmlElement@23@PBD@Z
?FirstChildElement@TiXmlNode@Xml@Base@@QAEPAVTiXmlElement@23@XZ
?FirstChildElement@TiXmlNode@Xml@Base@@QBEPBVTiXmlElement@23@PBD@Z
?FirstChildElement@TiXmlNode@Xml@Base@@QBEPBVTiXmlElement@23@XZ
?FlushDNS@SysMisc@Base@@YAHXZ
?ForbidLoadLibrarySearchCurrentDirectory@Library@Base@@YAXXZ
?FormatFileSize@FileMisc@Base@@YAHKPA_WK@Z
?GetAllAccessSecurityAttributes@SysMisc@Base@@YAPBU_SECURITY_ATTRIBUTES@@XZ
?GetAllAccessSecurityAttributesEx@SysMisc@Base@@YAHAAU_SECURITY_ATTRIBUTES@@AAU_SECURITY_DESCRIPTOR@@@Z
?GetArgs@CShortcut@FileMisc@Base@@UAEHPA_WH@Z
?GetAttrib@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UMCD_CSTR@@@Z
?GetAttribName@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?GetBitmapSize@FileMisc@Base@@YAHIPAJ0@Z
?GetBitmapSize@FileMisc@Base@@YAHPAUHBITMAP__@@PAJ1@Z
?GetBufferMd5@MD5@Base@@YGHPBEHPAE@Z
?GetBufferMd5@MD5@Base@@YGHPBEHPA_W@Z
?GetBufferMd5A@MD5@Base@@YGHPBEHPAD@Z
?GetBufferMd5W@MD5@Base@@YGHPBEHPA_W@Z
?GetCLSIDInfo@Register@Base@@YAHPB_WPA_W1@Z
?GetChar@TiXmlBase@Xml@Base@@KAPBDPBDPADPAHW4TiXmlEncoding@23@@Z
?GetChildAttrib@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UMCD_CSTR@@@Z
?GetChildData@CMarkup@Xml@Base@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetChildSubDoc@CMarkup@Xml@Base@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetChildTagName@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetComputerNameW@SysMisc@Base@@YAHPA_WK@Z
?GetCurDate@DataMisc@Base@@YAXPA_WH@Z
?GetCurFile@CShortcut@FileMisc@Base@@UAEHPA_WH@Z
?GetCurPEVersionA@FileMisc@Base@@YAHPADHPB_W@Z
?GetCurPathRootPath@FileMisc@Base@@YAHPA_WKK@Z
?GetCurrentProcessPath@FileMisc@Base@@YAHPA_WK@Z
?GetData@CMarkup@Xml@Base@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetDateStamp@DataMisc@Base@@YAHPA_WH@Z
?GetDeclaredEncoding@CMarkup@Xml@Base@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UMCD_CSTR@@@Z
?GetDefaultBrowser@SysMisc@Base@@YAHPA_WPAK@Z
?GetDesc@CShortcut@FileMisc@Base@@UAEHPA_WH@Z
?GetDir@CShortcut@FileMisc@Base@@UAEHPA_WH@Z
?GetDoc@CMarkup@Xml@Base@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetDocFlags@CMarkup@Xml@Base@@QBEHXZ
?GetDocument@TiXmlNode@Xml@Base@@QAEPAVTiXmlDocument@23@XZ
?GetDocument@TiXmlNode@Xml@Base@@QBEPBVTiXmlDocument@23@XZ
?GetDrTempFile@FileMisc@Base@@YAHPA_WHPB_W1@Z
?GetDwordIp@DataMisc@Base@@YAKABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetElemContent@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetElemDoc@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetEncodingCodePage@CMarkup@Xml@Base@@SAHUMCD_CSTR@@@Z
?GetEntity@TiXmlBase@Xml@Base@@KAPBDPBDPADPAHW4TiXmlEncoding@23@@Z
?GetError@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetFileInfo@FileMisc@Base@@YAHPB_WPA_W11@Z
?GetFileMD5@MD5@Base@@YGHPB_WPAE@Z
?GetFileMD5@MD5@Base@@YGHPB_WPA_W@Z
?GetFileMD5A@MD5@Base@@YGHPBDPAD@Z
?GetFileMD5A@MD5@Base@@YGHPBDPAE@Z
?GetFileMD5W@MD5@Base@@YGHPB_WPAE@Z
?GetFileMD5W@MD5@Base@@YGHPB_WPA_W@Z
?GetFileSingleInfo@FileMisc@Base@@YAHPB_W0PA_WPAH@Z
?GetFileSizeEx@FileMisc@Base@@YAKPB_W@Z
?GetFileSizeWow64@Win64Helper@Base@@YG_KPB_W@Z
?GetFileTimeFlex@FileMisc@Base@@YAHPB_WPAU_FILETIME@@11@Z
?GetFileVerInfoA@FileMisc@Base@@YAHPBDPADH@Z
?GetFileVerInfoW@FileMisc@Base@@YAHPB_WPA_WH@Z
?GetFileVersion@FileMisc@Base@@YAHPB_WAAI111@Z
?GetFolderSize@FileMisc@Base@@YA_KPB_WPAK1@Z
?GetGuid@GUID@Base@@YGHPAEH@Z
?GetGuid@GUID@Base@@YGHPA_WH@Z
?GetGuidA@GUID@Base@@YGHPADH@Z
?GetGuidW@GUID@Base@@YGHPA_WH@Z
?GetHotKey@CShortcut@FileMisc@Base@@UAEHPAG@Z
?GetIEFullPath@SysMisc@Base@@YAHPA_WPAK@Z
?GetIEHistoryPath@FileMisc@Base@@YAHPA_WK@Z
?GetIETempPath@FileMisc@Base@@YAHPA_WK@Z
?GetIEVersion@FileMisc@Base@@YAJXZ
?GetIco@CShortcut@FileMisc@Base@@UAEHPA_WHPAH@Z
?GetIcon@FileMisc@Base@@YAPAUHICON__@@HI@Z
?GetKeyRedirectInfo@CWin64Helper@Win64Helper@Base@@QAEHPAUHKEY__@@PB_WAAI@Z
?GetList@CShortcut@FileMisc@Base@@UAEHPAPAU_ITEMIDLIST@@@Z
?GetLocalPath@FileMisc@Base@@YAHPA_WPAK@Z
?GetMainPath@FileMisc@Base@@YAHPA_WKH@Z
?GetModuleFileNameW@FileMisc@Base@@YAHPA_WKPAUHINSTANCE__@@@Z
?GetNativeSystemDir@CWin64Helper@Win64Helper@Base@@QAEIPA_WI@Z
?GetNodeType@CMarkup@Xml@Base@@QAEHXZ
?GetNumberVerFromStringVer@FileMisc@Base@@YAHPAI000PB_W@Z
?GetOSVersion@SysMisc@Base@@YAHAAI0@Z
?GetOSVersion@SysMisc@Base@@YAJXZ
?GetOSVersionEx@SysMisc@Base@@YAJAAK0@Z
?GetPEVersion@FileMisc@Base@@YAHPAI000PB_W@Z
?GetParentProcessPath@SysMisc@Base@@YAHKPA_WKPAK@Z
?GetPath@CShortcut@FileMisc@Base@@UAEHPA_WHPAU_WIN32_FIND_DATAW@@K@Z
?GetProcessName@SysMisc@Base@@YAHKPA_WK@Z
?GetProcessUserName@SysMisc@Base@@YAHKPA_WK0K@Z
?GetProcessorsCount@SysMisc@Base@@YAKXZ
?GetRealPathInX64@Win64Helper@Base@@YGHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PA_WH@Z
?GetResult@CMarkup@Xml@Base@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetRootKeyByDesc@Register@Base@@YAHPB_WPAPAUHKEY__@@@Z
?GetRootKeyDesc@Register@Base@@YAHPAUHKEY__@@PA_WH@Z
?GetScreenSize@SysMisc@Base@@YAJH@Z
?GetShortCutInfo@FileMisc@Base@@YAHPB_WPA_W1111PAHPAG2@Z
?GetShow@CShortcut@FileMisc@Base@@UAEHPAH@Z
?GetSpecialPath@FileMisc@Base@@YAHPA_WH@Z
?GetSqlite3DB@Sqlite3Connection@Database@Base@@QAEPAUsqlite3@@XZ
?GetStrIp@DataMisc@Base@@YAHKPA_WH@Z
?GetSubDoc@CMarkup@Xml@Base@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetSysTempPath@FileMisc@Base@@YAHPA_WK@Z
?GetSystemDirectoryW@FileMisc@Base@@YAHPA_WK@Z
?GetTagName@CMarkup@Xml@Base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetText@TiXmlElement@Xml@Base@@QBEPBDXZ
?GetTimeString@DataMisc@Base@@YAH_JPA_WH@Z
?GetUserData@TiXmlBase@Xml@Base@@QAEPAXXZ
?GetUserData@TiXmlBase@Xml@Base@@QBEPBXXZ
?GetUserNameW@SysMisc@Base@@YAHPA_WK@Z
?GetWindowsVersion@SysMisc@Base@@YAHAAKPA_WH@Z
?GetWow64Dir@CWin64Helper@Win64Helper@Base@@QAEIPA_WI@Z
?GzipCompress@ZipUnZip@Base@@YAHPAEPAKPBEK@Z
?GzipUncompress@ZipUnZip@Base@@YAHPAEPAKPBEK@Z
?Identify@TiXmlNode@Xml@Base@@IAEPAV123@PBDW4TiXmlEncoding@23@@Z
?Indent@TiXmlPrinter@Xml@Base@@QAEPBDXZ

Sections

.text
Size: 880KB - Virtual size: 878KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/BugReport.exe
.exe windows:4 windows x86 arch:x86

dd5e98a9981b68f1d0c55bc22097366a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:f7:fd:09:07:d2:f2:51:ff:1b:e1:c1:4c:c7:3e:d1:2e:d8:65:f6
Signer

Actual PE Digest

c6:f7:fd:09:07:d2:f2:51:ff:1b:e1:c1:4c:c7:3e:d1:2e:d8:65:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Output\BinRelease\BugReport.pdb

Imports

basedll

?ZipCompress@ZipUnZip@Base@@YAHPAXPB_W_N@Z
?Compress@ZipUnZip@Base@@YAHPBXHPAXHAAK@Z
?CreateZip@ZipUnZip@Base@@YAPAXPB_W_N@Z
?SafeLoadLibrary@Library@Base@@YAPAUHINSTANCE__@@PB_WH@Z
?GetFileMD5@MD5@Base@@YGHPB_WPAE@Z
?Md5ToStringA@MD5@Base@@YGXPBEPAD@Z
?CloseZip@ZipUnZip@Base@@YAXPAX_N@Z
?QueryKeyValue@Register@Base@@YAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0PA_WPAK@Z

utilsdll

?UnInit@CConfig@Config@Utils@@UAGJPAX@Z
?Init@CConfig@Config@Utils@@UAGJPAX@Z
?Read@CConfig@Config@Utils@@UAEHPB_WPAXKPAK@Z
?Release@CConfig@Config@Utils@@UAGKXZ
?Write@CConfig@Config@Utils@@UAEHPB_WPAXK@Z
?AddRef@CConfig@Config@Utils@@UAGKXZ
?Init@CConfig@Config@Utils@@UAEHHPB_W@Z
??1CConfig@Config@Utils@@MAE@XZ
??0CConfig@Config@Utils@@QAE@XZ
?dec_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?add_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetSoftID@Misc@Utils@@YAIXZ
?GetSupplyID@Misc@Utils@@YAHAAH@Z

dbghelp

SymGetLineFromAddr64
SymCleanup
SymGetModuleInfo
SymLoadModule
SymGetSymFromAddr
SymInitialize
SymSetOptions

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Create

wininet

InternetCloseHandle

psapi

GetModuleFileNameExW
GetModuleFileNameExA

kernel32

InterlockedExchange
GetVersionExA
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
GlobalAlloc
ReadProcessMemory
VirtualQueryEx
GetThreadSelectorEntry
FindClose
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
SetFilePointer
GetCurrentThreadId
ReadFile
CreateDirectoryW
CreateFileW
CloseHandle
GetTempPathW
GetTickCount
DeleteFileW
GetCurrentProcessId
lstrcpynW
GetModuleFileNameW
GetProcessId
SizeofResource
FindResourceExW
FindResourceW
GetModuleHandleW
GetVersionExW
WideCharToMultiByte
LocalFree
LockResource
GetStartupInfoW
LocalAlloc
WriteProcessMemory
MultiByteToWideChar
OpenThread
GetProcAddress
CreateFileA
HeapAlloc
WriteFile
VirtualProtect
GetFileSize
HeapFree
SetDllDirectoryW
GetProcessHeap
SetEvent
CreateEventW
OpenProcess
CreateProcessW
WaitForSingleObject
SetCurrentDirectoryW
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalFree
GlobalUnlock
LoadResource

user32

SetWindowPos
SendDlgItemMessageW
DrawIconEx
CloseClipboard
ShowWindow
ClientToScreen
GetKeyState
FillRect
SetWindowTextW
BeginPaint
SetClipboardData
EndPaint
LoadIconW
SetWindowLongW
GetDlgItem
SendMessageW
SetDlgItemTextW
GetWindow
GetWindowRect
ScreenToClient
EmptyClipboard
RegisterClipboardFormatW
LoadImageW
EndDialog
DialogBoxParamW
GetGuiResources
EnumChildWindows
GetClassNameW
GetWindowThreadProcessId
GetParent
EnumWindows
CallWindowProcW
OpenClipboard
UnregisterClassA

gdi32

CreateSolidBrush
SetBkColor
DeleteObject

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
SHBindToParent
SHGetDesktopFolder
ord155
SHGetFileInfoW

ole32

DoDragDrop
OleInitialize
OleUninitialize

oleaut32

SysStringLen
SysAllocStringByteLen
SysAllocString
SysStringByteLen
SysFreeString

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

msvcr80

vsprintf_s
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
_CxxThrowException
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__iob_func
memcpy
__CxxFrameHandler3
fflush
fprintf
toupper
strstr
strcpy_s
fgets
__RTDynamicCast
srand
malloc
wcsncmp
swscanf
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
??3@YAXPAX@Z
wcschr
_invalid_parameter_noinfo
memmove_s
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memcpy_s
??_V@YAXPAX@Z
_wassert
_purecall
wcsrchr
vswprintf_s
_gmtime32
_snwprintf
_vscwprintf
fclose
strrchr
_mbscmp
_wfopen
_wtol
_vscprintf
fread
_snprintf
wcsncpy
_mbslwr_s
__argc
sprintf_s
_beginthreadex
free
__wargv
_wcsnicmp
__wgetmainargs

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/DriverManager.dll
.dll windows:4 windows x86 arch:x86

9391db37420604c71e85c411880f056d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:93:f8:be:81:6d:bf:58:b0:ea:57:04:40:88:b7:b8:6d:0f:55:71
Signer

Actual PE Digest

9a:93:f8:be:81:6d:bf:58:b0:ea:57:04:40:88:b7:b8:6d:0f:55:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Output\BinRelease\DriverManager.pdb

Imports

kernel32

SetWaitableTimer
TlsAlloc
GetLastError
GetQueuedCompletionStatus
LoadLibraryW
FreeLibrary
InterlockedCompareExchange
InterlockedIncrement
SetLastError
InterlockedExchange
TlsSetValue
InterlockedDecrement
GetModuleFileNameW
GetProcAddress
TlsGetValue
InterlockedExchangeAdd
GetEnvironmentVariableW
QueryDosDeviceW
InitializeCriticalSection
CreateIoCompletionPort
CreateEventW
lstrlenW
CompareFileTime
GetTickCount
MoveFileExW
Sleep
DeleteFileW
GetSystemDirectoryW
CopyFileW
CreateFileW
DeviceIoControl
GetCurrentProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileTime
GetSystemTimeAsFileTime
lstrcpynW
GetModuleHandleW
CreateMutexW
PostQueuedCompletionStatus
DeleteCriticalSection
TlsFree
SetEvent
HeapFree
WaitForSingleObject
QueueUserAPC
TerminateThread
WaitForMultipleObjects
GetProcessHeap
CloseHandle
HeapAlloc
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CreateEventA
GetCurrentProcessId
OpenEventA
ResetEvent
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerA
LocalFree
FormatMessageA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ReleaseSemaphore

advapi32

OpenSCManagerW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
CloseServiceHandle
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
DeleteService
CreateServiceW
ControlService
StartServiceW
QueryServiceStatusEx
OpenServiceW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

ntdll

ZwReplyWaitReceivePortEx
ZwCreatePort
ZwReplyPort
ZwRequestPort
ZwRequestWaitReplyPort
ZwClose
ZwConnectPort
RtlInitUnicodeString
ZwCompleteConnectPort
ZwAcceptConnectPort
ZwCreateSection
_wcsicmp
wcsstr
wcschr
wcsrchr
toupper
_wcsnicmp
memset
memcpy

shlwapi

PathAppendW
PathCombineW
PathRemoveFileSpecW
SHDeleteKeyW

ws2_32

WSACleanup
WSAStartup

msvcr80

_lock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
??3@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBDH@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
malloc
swprintf_s
wcscpy_s
_invalid_parameter_noinfo
_purecall
??_V@YAXPAX@Z
wcsncpy_s
wcscat_s
memmove_s
??8type_info@@QBE_NABV0@@Z
wcsncat_s
_snwprintf_s
swscanf_s
_beginthreadex
_gmtime64
__CxxFrameHandler3
_CxxThrowException
strerror
_unlock
__dllonexit
_encode_pointer
_initterm_e
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
free
_encoded_null
_initterm

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

CreateHIPSMgr
InitDriverManager
InstallDrivers
ReleseHIPSMgr
UninitDriverManager
UninstallDrivers

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/ProtocolDll.dll
.dll windows:4 windows x86 arch:x86

96131d4c7c0d11c004808248541f428d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:be:62:93:f8:7f:11:50:e0:33:70:e8:ca:21:db:2f:00:b9:f7:14
Signer

Actual PE Digest

8c:be:62:93:f8:7f:11:50:e0:33:70:e8:ca:21:db:2f:00:b9:f7:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Output\BinRelease\ProtocolDll.pdb

Imports

basedll

?GetOSVersionEx@SysMisc@Base@@YAJAAK0@Z
?IsX64System@Win64Helper@Base@@YGHAAH@Z
?GetGuidA@GUID@Base@@YGHPADH@Z
?TeaDecryptCBC2@Crypt@Base@@YAHPBEH0PAEPAH@Z
?TeaEncryptCBC2Len@Crypt@Base@@YAHH@Z
?TeaDecryptCBC2Len@Crypt@Base@@YAHPBEH0@Z
?TeaEncryptCBC2@Crypt@Base@@YAXPBEH0PAEPAH@Z
?GzipCompress@ZipUnZip@Base@@YAHPAEPAKPBEK@Z
?GzipUncompress@ZipUnZip@Base@@YAHPAEPAKPBEK@Z

kernel32

CloseHandle
CreateEventA
WaitForSingleObject
SetEvent
EnterCriticalSection
TlsAlloc
TlsGetValue
PostQueuedCompletionStatus
GetLastError
InterlockedExchange
TlsFree
InterlockedExchangeAdd
InterlockedIncrement
LeaveCriticalSection
InterlockedDecrement
CreateEventW
QueueUserAPC
WaitForMultipleObjects
CreateWaitableTimerW
InitializeCriticalSectionAndSpinCount
Sleep
SetWaitableTimer
DeleteCriticalSection
SetLastError
SleepEx
GetQueuedCompletionStatus
TlsSetValue
InterlockedCompareExchange
CreateIoCompletionPort
TerminateThread
GetProcessHeap
HeapAlloc
HeapFree
GetTickCount
VirtualQuery
GetModuleFileNameA
InitializeCriticalSection
ReleaseSemaphore
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
OpenEventA
ResetEvent
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerA
LocalFree
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?uncaught_exception@std@@YA_NXZ
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@JHH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?_Xsgetn_s@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADIH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??1locale@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??0locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Register@facet@locale@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@PBD1@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0ABV12@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z
?destroy@?$allocator@D@std@@QAEXPAD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0PBD1@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@0@Z
?construct@?$allocator@D@std@@QAEXPADABD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

msvcr80

memmove_s
isdigit
_i64toa_s
_stricmp
_itoa_s
_atoi64
_configthreadlocale
isupper
isspace
atoi
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
sprintf
_stat64i32
??1bad_cast@std@@UAE@XZ
isalnum
strcspn
ispunct
strchr
tolower
__CxxFrameHandler3
_snprintf
fflush
fprintf
__iob_func
_CxxThrowException
memcpy
_gmtime64
strerror
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??3@YAXPAX@Z
??_V@YAXPAX@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_purecall
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
strtoul
??8type_info@@QBE_NABV0@@Z
_invalid_parameter_noinfo
_beginthreadex
vsprintf_s
memmove
memset

ws2_32

listen
getsockname
WSAGetLastError
inet_addr
WSASetLastError
freeaddrinfo
WSASend
ioctlsocket
closesocket
WSASocketW
accept
bind
WSARecv
getsockopt
setsockopt
connect
shutdown
WSACleanup
WSAStartup
__WSAFDIsSet
select
getaddrinfo

winmm

timeGetTime

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
CreateAuroraService
InitProductParam
ResetAccountParam
SetAccountParam
SetCompress
SetCrypt
SetCryptKey
SetServiceUrl

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/ReportDll.dll
.dll windows:4 windows x86 arch:x86

7c824571c26380f6b40855206777561d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

66:b2:3d:d6:07:34:37:f5:2d:51:f8:6e:ed:05:d2:56:6f:b9:20:f6
Signer

Actual PE Digest

66:b2:3d:d6:07:34:37:f5:2d:51:f8:6e:ed:05:d2:56:6f:b9:20:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Output\BinRelease\ReportDll.pdb

Imports

utilsdll

?GetUserStorePath@Misc@Utils@@YAHPA_W@Z
?GetSupplyID@Misc@Utils@@YAHAAH@Z
?GetSoftID@Misc@Utils@@YAIXZ
?GetInstallVer@Misc@Utils@@YAHPADK@Z
??0CConfig@Config@Utils@@QAE@XZ

protocoldll

SetServiceUrl
InitProductParam
CreateAuroraService

kernel32

TlsSetValue
OpenEventA
Sleep
FormatMessageA
LocalFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
CreateEventW
InterlockedDecrement
GetTickCount
CloseHandle
WaitForSingleObject
CreateEventA
SetEvent
WideCharToMultiByte
ReadFile
SetFilePointer
ResetEvent
GetFileSize
CreateFileW
SetEndOfFile
ExpandEnvironmentStringsW
WriteFile
UnhandledExceptionFilter
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
GetProcessHeap
TlsAlloc
TlsFree
TlsGetValue
InterlockedExchange

msvcp80

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

msvcr80

_snprintf
fflush
fprintf
__iob_func
_CxxThrowException
memcpy
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
_beginthreadex
wcscpy_s
strcpy_s
atoi
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memmove_s
_time64
??2@YAPAXI@Z
??3@YAXPAX@Z
??_V@YAXPAX@Z
_purecall
memset
??0exception@std@@QAE@ABQBDH@Z
strerror
__CxxFrameHandler3

Exports

Exports

GetReportMgr
ReleaseReportMgr

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/ReportRecordDll.dll
.dll windows:4 windows x86 arch:x86

d9ade66f4d3e1b63c265f10ad34079a2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:98:da:e2:b9:b3:ae:3b:4f:6d:08:52:42:75:10:00:1f:f5:f1:10
Signer

Actual PE Digest

05:98:da:e2:b9:b3:ae:3b:4f:6d:08:52:42:75:10:00:1f:f5:f1:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Output\BinRelease\ReportRecordDll.pdb

Imports

basedll

?GetWindowsVersion@SysMisc@Base@@YAHAAKPA_WH@Z
?RegSmartGetValue@Register@Base@@YAHPB_W0AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z

utilsdll

??0CConfig@Config@Utils@@QAE@XZ

reportdll

GetReportMgr

kernel32

SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
InterlockedIncrement
InterlockedDecrement
GetLastError
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
ResetEvent
TlsGetValue
TlsFree
TlsAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
FormatMessageA
LocalFree
OpenEventA

msvcp80

?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

msvcr80

fprintf
__iob_func
_CxxThrowException
strerror
_unlock
__dllonexit
fflush
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_snprintf
memcpy
__CxxFrameHandler3
memmove_s
_time64
atoi
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??_V@YAXPAX@Z
??0exception@std@@QAE@ABQBDH@Z
_purecall
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
_encode_pointer
??0exception@std@@QAE@XZ
memset

Exports

Exports

??0CLauchReportRecord@ReportRecord@@QAE@ABV01@@Z
??0CLauchReportRecord@ReportRecord@@QAE@XZ
??1CLauchReportRecord@ReportRecord@@UAE@XZ
??4CLauchReportRecord@ReportRecord@@QAEAAV01@ABV01@@Z
??_7CLauchReportRecord@ReportRecord@@6B@
?ReadDataCfg@CLauchReportRecord@ReportRecord@@QAEHW4CMD@Report@@@Z
?Serialize@CLauchReportRecord@ReportRecord@@UAEHXZ
?SetExitMode@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetExitReason@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetExpendTimeOnLaunch@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetLastCrashFlag@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetLastLaunchIntervalAndLastStartTime@CLauchReportRecord@ReportRecord@@QAEHXZ
?SetLastRunLength@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetLastUpdateTime@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetStartMode@CLauchReportRecord@ReportRecord@@QAEXI@Z
?SetSupplyID@CLauchReportRecord@ReportRecord@@QAEXI@Z
?WriteDataCfg@CLauchReportRecord@ReportRecord@@QAEHXZ
GetInstallReportRecord
GetMiniDownloadReportRecord
GetMiniDownloadStateReportRecord
GetUnInstallReportRecord

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/UtilsDll.dll
.dll windows:4 windows x86 arch:x86

97a5766dfe0398365a5ae40db6c2fbc4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:86:fd:5e:0c:8c:81:17:59:ed:99:bf:0c:be:be:a2:bb:3e:0c:83
Signer

Actual PE Digest

05:86:fd:5e:0c:8c:81:17:59:ed:99:bf:0c:be:be:a2:bb:3e:0c:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Output\BinRelease\UtilsDll.pdb

Imports

ws2_32

gethostbyname
inet_ntoa

basedll

?RC4Encrypt@Crypt@Base@@YGHPBEHPAEH0H@Z
?RC4Decrypt@Crypt@Base@@YGHPBEHPAEH0H@Z
?CreateDir@FileMisc@Base@@YAHPB_W@Z
?IsDirectoryExist@FileMisc@Base@@YAHPB_W@Z
?GetAllAccessSecurityAttributes@SysMisc@Base@@YAPBU_SECURITY_ATTRIBUTES@@XZ
?CreateDirectoryNested@FileMisc@Base@@YAHPB_W@Z
?GetFileVerInfoW@FileMisc@Base@@YAHPB_WPA_WH@Z
?GetModuleFileNameW@FileMisc@Base@@YAHPA_WKPAUHINSTANCE__@@@Z
?Unqueue@CWorkerPool@Thread@Base@@SAXI@Z
?Queue@CWorkerPool@Thread@Base@@SAIP6GXPAX@Z0IH@Z
?IsFileExist@FileMisc@Base@@YAHPB_W@Z

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

kernel32

GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
WaitForSingleObject
GetLastError
CloseHandle
ReleaseMutex
InterlockedDecrement
CreateMutexW
InterlockedIncrement
ExpandEnvironmentStringsW
DeleteFileW
lstrcmpiW
LocalFree
GetModuleHandleW
WideCharToMultiByte
LocalAlloc
OpenProcess
GetCurrentProcess
GetProcAddress
GetModuleFileNameW
GetCommandLineW
GetSystemTimeAsFileTime
TlsGetValue
VirtualAllocEx
GetCurrentThreadId
DuplicateHandle
GetProcessTimes
ExitProcess
WaitForMultipleObjects
TlsSetValue
SetErrorMode
CreateProcessW
TlsAlloc
HeapAlloc
TerminateProcess
SetUnhandledExceptionFilter
SystemTimeToFileTime
GetCurrentProcessId
GetProcessHeap
GlobalMemoryStatusEx
CreateEventW
SearchPathW
GetSystemTime
RaiseException
PulseEvent
ResetEvent
SetEvent
FormatMessageW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

CoUninitialize
StgOpenStorage
CoInitialize
StgIsStorageFile
StgCreateDocfile

msvcr80

_vscwprintf_p
strncpy_s
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
__CxxFrameHandler3
_vswprintf_p
_vswprintf
_vsnwprintf_s
_set_invalid_parameter_handler
_set_purecall_handler
_purecall
_wtoi
_wcsnicmp
swscanf_s
wcsrchr
_snwscanf_s
wcschr
??_U@YAPAXI@Z
memcpy
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
wcsstr
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
wcsncat_s
wcsncpy_s
free
wcscpy_s
wcscat_s
malloc
_wcsicmp
memset
_CxxThrowException
??3@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z

msvcp80

??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

shlwapi

StrRChrW
PathFileExistsW
StrCpyNW
PathRemoveFileSpecW

Exports

Exports

??0?$EnableIntrusive@VCConfig@Config@Utils@@@@QAE@XZ
??0CAutoResetEvent@Event@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
??0CAutoResetEvent@Event@Utils@@QAE@_N@Z
??0CCmdParser@Misc@Utils@@QAE@ABV012@@Z
??0CCmdParser@Misc@Utils@@QAE@PB_WQAPB_WH@Z
??0CConfig@Config@Utils@@QAE@XZ
??0CEvent@Event@Utils@@QAE@PAU_SECURITY_ATTRIBUTES@@_N1@Z
??0CEvent@Event@Utils@@QAE@PAU_SECURITY_ATTRIBUTES@@_N1ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0CManualResetEvent@Event@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
??0CManualResetEvent@Event@Utils@@QAE@PAU_SECURITY_ATTRIBUTES@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
??0CManualResetEvent@Event@Utils@@QAE@_N@Z
??0CWin32Exception@Exception@Utils@@QAE@ABV012@@Z
??0CWin32Exception@Exception@Utils@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z
??0InstanceHandler@0Utils@@QAE@XZ
??1CAutoResetEvent@Event@Utils@@UAE@XZ
??1CCmdParser@Misc@Utils@@UAE@XZ
??1CConfig@Config@Utils@@MAE@XZ
??1CEvent@Event@Utils@@UAE@XZ
??1CManualResetEvent@Event@Utils@@UAE@XZ
??1CWin32Exception@Exception@Utils@@UAE@XZ
??1InstanceHandler@0Utils@@QAE@XZ
??4CCmdParser@Misc@Utils@@QAEAAV012@ABV012@@Z
??4InstanceHandler@0Utils@@QAEAAV001@ABV001@@Z
??_7CAutoResetEvent@Event@Utils@@6B@
??_7CCmdParser@Misc@Utils@@6B@
??_7CConfig@Config@Utils@@6B@
??_7CEvent@Event@Utils@@6B@
??_7CManualResetEvent@Event@Utils@@6B@
??_7CWin32Exception@Exception@Utils@@6B@
??_FCAutoResetEvent@Event@Utils@@QAEXXZ
??_FCManualResetEvent@Event@Utils@@QAEXXZ
?AddRef@CConfig@Config@Utils@@UAGKXZ
?DecryptBuffer@CConfig@Config@Utils@@AAEHPAEK@Z
?EncryptBuffer@CConfig@Config@Utils@@AAEHPAEK@Z
?GetAccountStorePath@Misc@Utils@@YAHPA_W_K@Z
?GetAppdataFolderNotWithSlash@Misc@Utils@@YAPB_WXZ
?GetBuildVer@Misc@Utils@@YAIXZ
?GetCommonCfgContext@CConfig@Config@Utils@@AAEJPB_WPAXKPAK@Z
?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
?GetDstVersionByStr@Misc@Utils@@YAIABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetError@CWin32Exception@Exception@Utils@@QBEKXZ
?GetEvent@CEvent@Event@Utils@@QBEPAXXZ
?GetExeFileName@Misc@Utils@@YAPB_WXZ
?GetExeFolderNotWithSlash@Misc@Utils@@YAPB_WXZ
?GetHostByUrl@Misc@Utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V34@@Z
?GetIEVersion@Misc@Utils@@YAKXZ
?GetInstallDir@Misc@Utils@@YAHPA_WK@Z
?GetInstallRegPath@Misc@Utils@@YAHPAPAUHKEY__@@PA_WK@Z
?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetInstallVer@Misc@Utils@@YAHPA_WK@Z
?GetInstanceHandle@InstanceHandler@1Utils@@QAEPAXXZ
?GetLastErrorMessage@Error@Utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z
?GetLogicTaskMgr@LogicTaskMgr@Utils@@YAPAVILogicTaskMgr@12@XZ
?GetModuleDirectory@Misc@Utils@@YAPA_WPA_WH@Z
?GetOption@CCmdParser@Misc@Utils@@QBEPB_WH@Z
?GetRawCmdLine@CCmdParser@Misc@Utils@@QBEPB_WXZ
?GetRawCmdWithoutExe@CCmdParser@Misc@Utils@@QBEPB_WXZ
?GetSoftID@Misc@Utils@@YAIXZ
?GetStorePath@Misc@Utils@@YAHPA_W@Z
?GetSupplyID@Misc@Utils@@YAHAAH@Z
?GetUserStorePath@Misc@Utils@@YAHPA_W@Z
?Init@CConfig@Config@Utils@@UAEHHPB_W@Z
?Init@CConfig@Config@Utils@@UAGJPAX@Z
?Init@InstanceHandler@1Utils@@QAEHPB_WPAU_SECURITY_ATTRIBUTES@@@Z
?IsInnerNet@Misc@Utils@@YAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?IsOptionEqual@CCmdParser@Misc@Utils@@QBEHHPB_WH@Z
?IsOptionPresent@CCmdParser@Misc@Utils@@QBEHH@Z
?IsOptionValuePresent@CCmdParser@Misc@Utils@@QBEHH@Z
?IsValid@CCmdParser@Misc@Utils@@QBEHXZ
?Pulse@CEvent@Event@Utils@@QAEXXZ
?Read@CConfig@Config@Utils@@UAEHPB_WPAXKPAK@Z
?ReadInternal@CConfig@Config@Utils@@AAEHPB_WPAXKPAK@Z
?Release@CConfig@Config@Utils@@UAGKXZ
?Reset@CEvent@Event@Utils@@QAEXXZ
?Set@CEvent@Event@Utils@@QAEXXZ
?SetCommonCfgContext@CConfig@Config@Utils@@AAEJPB_WPAXKPAK@Z
?SetConfigFilePath@CConfig@Config@Utils@@AAEJPA_WH@Z
?SetConfigRootDir@CConfig@Config@Utils@@CAXPB_W@Z
?SetSupplyID@Misc@Utils@@YAHH@Z
?UnInit@CConfig@Config@Utils@@UAGJPAX@Z
?Wait@CEvent@Event@Utils@@QBEXXZ
?Wait@CEvent@Event@Utils@@QBE_NK@Z
?Write@CConfig@Config@Utils@@UAEHPB_WPAXK@Z
?WriteInternal@CConfig@Config@Utils@@AAEHPB_WPAXK@Z
?_Parse@CCmdParser@Misc@Utils@@AAEHXZ
?add_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?dec_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?ref_count@?$EnableIntrusive@VCConfig@Config@Utils@@@@QBEJXZ
?s_tszConfigRootDir@CConfig@Config@Utils@@0PA_WA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/bddlsvc.exe
.exe windows:4 windows x86 arch:x86

96ccabd47d83eecfca31da54d1d79d37

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:02:12:54:2e:73:71:ad:47:63:95:a6:fe:6f:d6:ff:16:bf:85:d7
Signer

Actual PE Digest

f5:02:12:54:2e:73:71:ad:47:63:95:a6:fe:6f:d6:ff:16:bf:85:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Output\BinRelease\bddlsvc.pdb

Imports

basedll

?GetAllAccessSecurityAttributesEx@SysMisc@Base@@YAHAAU_SECURITY_ATTRIBUTES@@AAU_SECURITY_DESCRIPTOR@@@Z
??1CIPCServer@IPC@Base@@QAE@XZ
?Start@CIPCServer@IPC@Base@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Stop@CIPCServer@IPC@Base@@QAEXXZ
?SendTo@CIPCServer@IPC@Base@@QAEXV?$intrusive_ptr@VCIPCChannel@IPC@Base@@@boost@@HABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SendTo@CIPCServer@IPC@Base@@QAEXV?$intrusive_ptr@VCIPCChannel@IPC@Base@@@boost@@HPBDI@Z
?as_string@JSONNode@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?SetNotify@CIPCServer@IPC@Base@@QAEHPAVCIPCServerMsgNotify@23@@Z
?RemoveNotify@CIPCServer@IPC@Base@@QAEHPAVCIPCServerMsgNotify@23@@Z
??8IPC@Base@@YA_NV?$intrusive_ptr@VCIPCChannel@IPC@Base@@@boost@@0@Z
?intrusive_ptr_add_ref@IPC@Base@@YAXPAVCIPCChannel@12@@Z
?intrusive_ptr_release@IPC@Base@@YAXPAVCIPCChannel@12@@Z
??0CIPCServer@IPC@Base@@QAE@XZ
?begin@JSONNode@@QAE?AUiterator@1@XZ
?end@JSONNode@@QAE?AUiterator@1@XZ
?parse@Libjson@Base@@YA?AVJSONNode@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1JSONNode@@QAE@XZ
?name@JSONNode@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

reportdll

GetReportMgr

protocoldll

CreateAuroraService
SetServiceUrl
InitProductParam

utilsdll

??0CConfig@Config@Utils@@QAE@XZ
?GetSupplyID@Misc@Utils@@YAHAAH@Z
?GetSoftID@Misc@Utils@@YAIXZ
?GetLogicTaskMgr@LogicTaskMgr@Utils@@YAPAVILogicTaskMgr@12@XZ
??0InstanceHandler@0Utils@@QAE@XZ
??1InstanceHandler@0Utils@@QAE@XZ
?Init@InstanceHandler@1Utils@@QAEHPB_WPAU_SECURITY_ATTRIBUTES@@@Z
??0CManualResetEvent@Event@Utils@@QAE@PAU_SECURITY_ATTRIBUTES@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
??1CEvent@Event@Utils@@UAE@XZ
?GetEvent@CEvent@Event@Utils@@QBEPAXXZ
?Set@CEvent@Event@Utils@@QAEXXZ
?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
?GetInstallVer@Misc@Utils@@YAHPA_WK@Z
?GetModuleDirectory@Misc@Utils@@YAPA_WPA_WH@Z
?GetInstallVer@Misc@Utils@@YAHPADK@Z

reportrecorddll

?ReadDataCfg@CLauchReportRecord@ReportRecord@@QAEHW4CMD@Report@@@Z
?SetLastLaunchIntervalAndLastStartTime@CLauchReportRecord@ReportRecord@@QAEHXZ
??0CLauchReportRecord@ReportRecord@@QAE@XZ
?WriteDataCfg@CLauchReportRecord@ReportRecord@@QAEHXZ

psapi

EnumProcesses
GetProcessImageFileNameW

kernel32

GetVersionExA
ReleaseSemaphore
GetCurrentProcessId
EnterCriticalSection
InterlockedDecrement
WaitForSingleObject
Sleep
SetEvent
InterlockedExchangeAdd
PostQueuedCompletionStatus
GetLastError
CloseHandle
CreateMutexW
TlsAlloc
InterlockedIncrement
GetTickCount
TlsFree
CreateEventA
LeaveCriticalSection
InterlockedExchange
CreateWaitableTimerW
GetSystemTimeAsFileTime
SleepEx
TlsGetValue
OpenEventA
SetWaitableTimer
GetProcessHeap
InterlockedCompareExchange
TerminateThread
GetTempPathW
CreateIoCompletionPort
HeapAlloc
WaitForMultipleObjects
HeapFree
SetLastError
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
GetQueuedCompletionStatus
TlsSetValue
GetProcAddress
InitializeCriticalSectionAndSpinCount
QueueUserAPC
GetCurrentThreadId
SetProcessWorkingSetSize
GetCurrentProcess
OpenEventW
SetProcessShutdownParameters
SetConsoleCtrlHandler
GetModuleHandleW
GetFileAttributesW
OpenProcess
MoveFileW
SetFileAttributesW
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
CreateFileW
Process32NextW
lstrcpynW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
CreateFileA
ReadFile
WriteFile
SetFilePointer
ResetEvent
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerA
LocalFree
FormatMessageA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
IsBadReadPtr
GetLocalTime
lstrlenW
GetACP
GetLocaleInfoA
GetThreadLocale
CreateEventW

advapi32

OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CloseServiceHandle
OpenSCManagerW
QueryServiceStatusEx
ControlService
OpenServiceW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegisterServiceCtrlHandlerExW
QueryServiceStatus
ChangeServiceConfigW
CreateServiceW
StartServiceCtrlDispatcherW
StartServiceW
DeleteService
ChangeServiceConfig2W
SetServiceStatus

shell32

SHCreateDirectoryExW

ole32

CoUninitialize
CoLoadLibrary
CoFreeLibrary
CoGetInterfaceAndReleaseStream
CoInitializeEx
IIDFromString
CoMarshalInterThreadInterfaceInStream

oleaut32

SysFreeString
SysAllocStringByteLen

ws2_32

accept
send
recv
htons
inet_addr
closesocket
socket
WSAStartup
WSACleanup
bind
listen

userenv

CreateEnvironmentBlock

msvcp80

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
_FInf
_FNan
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
_Inf
_Nan
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

msvcr80

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_itoa
strncpy_s
rand
srand
_snwprintf
wcscpy_s
_wsplitpath_s
wcsncat_s
??3@YAXPAX@Z
wprintf
??_V@YAXPAX@Z
_time64
_purecall
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??2@YAPAXI@Z
_wcsicmp
??0exception@std@@QAE@ABV01@@Z
_beginthreadex
memmove_s
_gmtime64
??8type_info@@QBE_NABV0@@Z
_invalid_parameter_noinfo
_difftime64
_localtime64
_mktime64
printf
strstr
sprintf_s
wcsncpy
sprintf
_wtoi
_wcsupr
free
_wsplitpath
malloc
wcsstr
_vscwprintf_p
_vswprintf_p
fputs
__iob_func
__RTDynamicCast
__CxxFrameHandler3
_snprintf
fflush
fprintf
_CxxThrowException
memcpy
ldiv
_strtoi64
_strtoui64
memset
strtoul
strtol
strchr
_errno
memmove
strtod
strerror
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

sensapi

IsNetworkAlive

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

wininet

InternetCrackUrlW
InternetOpenW
HttpQueryInfoW
HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetCloseHandle
InternetReadFile

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 552KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/bdrcdl.exe
.exe windows:4 windows x86 arch:x86

48180a61cf54f679c65af21ea308b6a3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:03:0d:c8:87:33:bf:f4:71:4f:cb:76:af:d8:4d:ce:59:83:82:fc
Signer

Actual PE Digest

a6:03:0d:c8:87:33:bf:f4:71:4f:cb:76:af:d8:4d:ce:59:83:82:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Output\BinRelease\bdrcdl.pdb

Imports

basedll

?LoadFile@TiXmlDocument@Xml@Base@@QAE_NPB_WW4TiXmlEncoding@23@@Z
?ToDeclaration@TiXmlNode@Xml@Base@@UAEPAVTiXmlDeclaration@23@XZ
??0TiXmlDocument@Xml@Base@@QAE@XZ
?ToText@TiXmlNode@Xml@Base@@UAEPAVTiXmlText@23@XZ
??0TiXmlPrinter@Xml@Base@@QAE@XZ
?Accept@TiXmlDocument@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?ZlibRC4DeFileToBuf@Crypt@Base@@YGHPB_WPAPAEKPAEHPAK@Z
?ZlibRC4EnBufToFile@Crypt@Base@@YGHPAEKPB_W0H@Z
?GetSpecialPath@FileMisc@Base@@YAHPA_WH@Z
??1TiXmlPrinter@Xml@Base@@UAE@XZ
?Send@CIPCClient@IPC@Base@@QAEXHPBDI@Z
??0CIPCClient@IPC@Base@@QAE@XZ
?DeleteFileEx@FileMisc@Base@@YAHPB_W@Z
?IsFileExist@FileMisc@Base@@YAHPB_W@Z
?SetNotify@CIPCClient@IPC@Base@@QAEHPAVCIPCClientMsgNotify@23@@Z
?Close@CIPCClient@IPC@Base@@QAEXXZ
?SaveFile@TiXmlDocument@Xml@Base@@QBE_NPB_W@Z
?as_string@JSONNode@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?executenonquery@Sqlite3Connection@Database@Base@@QAEXPBD@Z
?close@Sqlite3Connection@Database@Base@@QAEXXZ
??1Sqlite3Connection@Database@Base@@QAE@XZ
??0Sqlite3Connection@Database@Base@@QAE@PB_W@Z
?getstring16@Sqlite3Reader@Database@Base@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?getint64@Sqlite3Reader@Database@Base@@QAE_JH@Z
?getint@Sqlite3Reader@Database@Base@@QAEHH@Z
?read@Sqlite3Reader@Database@Base@@QAE_NXZ
??1Sqlite3Reader@Database@Base@@QAE@XZ
?executenonquery@Sqlite3Command@Database@Base@@QAEXXZ
?executereader@Sqlite3Command@Database@Base@@QAE?AVSqlite3Reader@23@XZ
?bind@Sqlite3Command@Database@Base@@QAEXHH@Z
?bind@Sqlite3Command@Database@Base@@QAEXH_J@Z
?bind@Sqlite3Command@Database@Base@@QAEXHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1Sqlite3Command@Database@Base@@QAE@XZ
??0Sqlite3Command@Database@Base@@QAE@AAVSqlite3Connection@12@PBD@Z
?GetGuidW@GUID@Base@@YGHPA_WH@Z
?ToElement@TiXmlElement@Xml@Base@@UBEPBV123@XZ
?ToElement@TiXmlElement@Xml@Base@@UAEPAV123@XZ
?LinkEndChild@TiXmlNode@Xml@Base@@QAEPAV123@PAV123@@Z
??1TiXmlDocument@Xml@Base@@UAE@XZ
??0TiXmlElement@Xml@Base@@QAE@PBD@Z
??1TiXmlElement@Xml@Base@@UAE@XZ
?Attribute@TiXmlElement@Xml@Base@@QBEPBDPBDPAH@Z
?NextSiblingElement@TiXmlNode@Xml@Base@@QAEPAVTiXmlElement@23@PBD@Z
?Attribute@TiXmlElement@Xml@Base@@QBEPBDPBD@Z
?GetCurrentProcessPath@FileMisc@Base@@YAHPA_WK@Z
?FirstChildElement@TiXmlNode@Xml@Base@@QAEPAVTiXmlElement@23@PBD@Z
?SetAttribute@TiXmlElement@Xml@Base@@QAEXPBDH@Z
?ToDocument@TiXmlNode@Xml@Base@@UBEPBVTiXmlDocument@23@XZ
?SetAttribute@TiXmlElement@Xml@Base@@QAEXPBD0@Z
?ToComment@TiXmlNode@Xml@Base@@UBEPBVTiXmlComment@23@XZ
?Clone@TiXmlElement@Xml@Base@@UBEPAVTiXmlNode@23@XZ
?ToUnknown@TiXmlNode@Xml@Base@@UBEPBVTiXmlUnknown@23@XZ
?Print@TiXmlElement@Xml@Base@@UBEXPAU_iobuf@@H@Z
?ToText@TiXmlNode@Xml@Base@@UBEPBVTiXmlText@23@XZ
?Parse@TiXmlElement@Xml@Base@@UAEPBDPBDPAVTiXmlParsingData@23@W4TiXmlEncoding@23@@Z
?ToDeclaration@TiXmlNode@Xml@Base@@UBEPBVTiXmlDeclaration@23@XZ
?Accept@TiXmlElement@Xml@Base@@UBE_NPAVTiXmlVisitor@23@@Z
?ToDocument@TiXmlNode@Xml@Base@@UAEPAVTiXmlDocument@23@XZ
?ToComment@TiXmlNode@Xml@Base@@UAEPAVTiXmlComment@23@XZ
?ToUnknown@TiXmlNode@Xml@Base@@UAEPAVTiXmlUnknown@23@XZ
?GetFileSizeEx@FileMisc@Base@@YAKPB_W@Z
?GetFileMD5@MD5@Base@@YGHPB_WPA_W@Z
?GetBufferMd5@MD5@Base@@YGHPBEHPA_W@Z
??1CIPCClient@IPC@Base@@QAE@XZ
?begin@JSONNode@@QAE?AUiterator@1@XZ
?end@JSONNode@@QAE?AUiterator@1@XZ
?SafeLoadLibrary@Library@Base@@YAPAUHINSTANCE__@@PB_WH@Z
?parse@Libjson@Base@@YA?AVJSONNode@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1JSONNode@@QAE@XZ
?name@JSONNode@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?AsynConnect@CIPCClient@IPC@Base@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?as_int@JSONNode@@QBEJXZ

utilsdll

?GetSoftID@Misc@Utils@@YAIXZ
?SetSupplyID@Misc@Utils@@YAHH@Z
?GetModuleDirectory@Misc@Utils@@YAPA_WPA_WH@Z
?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
?GetSupplyID@Misc@Utils@@YAHAAH@Z
?GetInstallVer@Misc@Utils@@YAHPA_WK@Z
??0CConfig@Config@Utils@@QAE@XZ
?GetInstallVer@Misc@Utils@@YAHPADK@Z

reportdll

GetReportMgr

kernel32

lstrcmpiW
LoadResource
LockResource
SizeofResource
FindResourceExW
FindResourceW
GetDriveTypeW
DeviceIoControl
CreateFileW
GetModuleHandleW
WaitForSingleObject
TlsSetValue
CreateIoCompletionPort
InitializeCriticalSectionAndSpinCount
HeapFree
GetQueuedCompletionStatus
SetWaitableTimer
WaitForMultipleObjects
GetSystemTimeAsFileTime
TerminateThread
QueueUserAPC
CreateWaitableTimerW
TlsGetValue
GetTempPathW
SleepEx
GetProcessHeap
InterlockedCompareExchange
HeapAlloc
SetLastError
CreateMutexW
MoveFileExA
GetCurrentProcessId
ResetEvent
MultiByteToWideChar
WideCharToMultiByte
MoveFileW
lstrcpynW
CreateDirectoryW
GetCurrentProcess
GetFileAttributesW
lstrlenW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetVersionExA
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
Process32NextW
CreateToolhelp32Snapshot
Process32FirstW
Sleep
GetThreadLocale
FreeLibrary
DeleteCriticalSection
PostQueuedCompletionStatus
GetModuleFileNameW
InterlockedExchangeAdd
LoadLibraryW
TlsAlloc
TlsFree
CreateEventA
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
GetLastError
InterlockedDecrement
SetEvent
CreateEventW
GetProcAddress
InterlockedIncrement
CloseHandle
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
ReleaseSemaphore
OpenEventA
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerA
LocalFree
FormatMessageA
IsBadReadPtr
WriteFile
GetLocalTime
GetACP
GetLocaleInfoA
InitializeCriticalSection

user32

ShowWindow
TrackPopupMenu
FindWindowW
GetForegroundWindow
UnregisterClassA
AttachThreadInput
IsWindow
GetWindowThreadProcessId
BringWindowToTop
LoadIconW
GetCursorPos
PostMessageW
SendMessageW
EnableWindow
CreatePopupMenu
GetWindowRect
AppendMenuW
GetMonitorInfoW
FindWindowExW
SetForegroundWindow
PostQuitMessage
DestroyMenu
MonitorFromPoint
SetWindowPos

advapi32

GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
QueryServiceStatus
QueryServiceStatusEx
ChangeServiceConfigW
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
Shell_NotifyIconW
SHBrowseForFolderW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoLoadLibrary
CoFreeLibrary
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx
IIDFromString

oleaut32

SysFreeString
SysAllocStringByteLen

shlwapi

PathIsDirectoryW
PathFileExistsW

msvcp80

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
_FInf
_FNan
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
_Inf
_Nan
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

msvcr80

__set_app_type
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_itoa
_fileno
_wsplitpath_s
wcsncat_s
_snwprintf
_waccess
__p__fmode
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
_purecall
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBDH@Z
wcsrchr
_beginthread
memcpy_s
memmove_s
_wfopen_s
iswspace
fread
fclose
??8type_info@@QBE_NABV0@@Z
vswprintf_s
_waccess_s
_vscwprintf
towlower
_wtoi
wcscpy_s
_itow_s
_wcsicmp
wcsstr
__RTDynamicCast
wcschr
free
malloc
_beginthreadex
_time64
srand
_gmtime64
fseek
fwrite
_localtime64_s
ftell
wcsftime
_wfopen
_localtime64
sprintf_s
rand
_wsplitpath
fopen
_filelength
swscanf
swprintf_s
wcsncpy_s
strncpy_s
_vscprintf_p
_vscwprintf_p
_vswprintf_p
_vsprintf_p
sprintf
tolower
__CxxFrameHandler3
memcpy
_snprintf
fflush
fprintf
__iob_func
_CxxThrowException
_strtoi64
_strtoui64
ldiv
memset
strtoul
strtol
strchr
_errno
memmove
strtod
strerror
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode

ws2_32

ntohl
recv
WSAWaitForMultipleEvents
WSAGetLastError
WSACreateEvent
WSAEventSelect
send
WSACloseEvent
gethostbyname
WSAEnumNetworkEvents
WSAStartup
WSACleanup
inet_addr
connect
socket
closesocket
htons

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetReadFile
HttpQueryInfoW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetCrackUrlW
InternetOpenW
HttpSendRequestW

sensapi

IsNetworkAlive

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 752KB - Virtual size: 749KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/config.xml
$_2_/dl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

03a75a771f296321ceaaa2ef88e4f307

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:75:2c:a5:6e:4e:1d:ef:5a:de:60:62:53:4f:96:43:9a:3e:b1:19
Signer

Actual PE Digest

f6:75:2c:a5:6e:4e:1d:ef:5a:de:60:62:53:4f:96:43:9a:3e:b1:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\code\minidl\bin\releasestatic\dl.pdb

Imports

ws2_32

gethostname
htonl
ntohl
getpeername
htons
WSAGetLastError
inet_addr
__WSAFDIsSet
inet_ntoa
WSACleanup
select
ntohs
ioctlsocket
closesocket
getsockname
accept
connect
socket
listen
bind
setsockopt
WSASetLastError
recv
send
recvfrom
sendto
WSAStartup
gethostbyname

kernel32

GetFileAttributesW
CreateEventA
SetEvent
ResetEvent
GetTickCount
TerminateThread
DeleteFileW
MoveFileExW
CreateFileW
InterlockedExchange
OutputDebugStringA
OpenMutexA
FindFirstFileW
CreateMutexA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
lstrlenA
lstrcmpiA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
FindClose
WaitForSingleObject
CloseHandle
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFilePointerEx
GetVolumeInformationA
GetLastError
OpenEventA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetDriveTypeA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetTimeZoneInformation
GetFullPathNameW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
ReleaseSemaphore
GetCurrentThreadId
CreateSemaphoreA
WaitForMultipleObjects
GetFileSize
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
GetVolumeInformationW
GetVersionExA
GetModuleFileNameW
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThread
GlobalFree
GlobalAlloc
GetCurrentDirectoryA
GetTempPathA
MapViewOfFileEx
CreateFileMappingA
UnmapViewOfFile
ReleaseMutex
CopyFileW
CreateFileA
GetProcAddress
DeviceIoControl
LoadLibraryA
GetSystemDirectoryA
SetFileAttributesA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitThread
CreateThread
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
CreateDirectoryW
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType

user32

UnregisterClassA
CharNextA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
AccessCheck
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegCreateKeyA
RegOpenKeyA
IsTextUnicode
GetFileSecurityW
ImpersonateSelf
OpenThreadToken
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
MapGenericMask
RevertToSelf
RegQueryValueExA

ole32

CoInitialize
CoCreateGuid
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
OleRun

oleaut32

SafeArrayDestroy
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantInit
SafeArrayCreate
SafeArrayCreateVector
GetErrorInfo
SysFreeString
VariantClear
SafeArrayPutElement
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
VarUI4FromStr

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

shell32

SHGetSpecialFolderPathA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ReleaseCommLib

Sections

.text
Size: 760KB - Virtual size: 759KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/drivers/BDArKit.sys
.sys windows:6 windows x64 arch:x64

599dc629e049fbd25904fb7d6432a0e3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:60:d9:99:d5:54:dc:ba:40:06:d8:41:ac:6f:47:7f:71:f8:5a:33
Signer

Actual PE Digest

b9:60:d9:99:d5:54:dc:ba:40:06:d8:41:ac:6f:47:7f:71:f8:5a:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\mysvncode\tempbackup\bdarkit_v2.0.13.21_develop\source\bdarkit\Output\BinRelease\amd64\BDArKit.pdb

Imports

ntoskrnl.exe

MmIsAddressValid
KdDisableDebugger
IoCreateDevice
CmUnRegisterCallback
ProbeForRead
ExGetPreviousMode
ProbeForWrite
RtlUnicodeStringToAnsiString
IoIs32bitProcess
IofCompleteRequest
RtlFreeAnsiString
KeBugCheckEx
ExAllocatePoolWithTag
ZwReadFile
RtlInitUnicodeString
IoCreateFile
IoQueryFileInformation
KeUnstackDetachProcess
IoFileObjectType
ZwClose
ObReferenceObjectByHandle
ObfDereferenceObject
KeStackAttachProcess
ZwCreateKey
RtlQueryRegistryValues
ZwSetValueKey
ExDeleteResourceLite
ExInitializeResourceLite
KeReadStateEvent
_wcsnicmp
MmGetSystemRoutineAddress
ZwQuerySystemInformation
IoCancelIrp
KeDelayExecutionThread
RtlFreeUnicodeString
ObQueryNameString
ZwQueryValueKey
KeWaitForSingleObject
ZwDuplicateObject
PsGetVersion
RtlCompareUnicodeString
ZwOpenProcess
ZwQueryInformationProcess
ObfReferenceObject
RtlCopyUnicodeString
ZwOpenKey
IoFreeWorkItem
ZwCreateFile
IoAllocateWorkItem
RtlCompareMemory
IoQueueWorkItem
ZwQueryInformationFile
ZwWriteFile
ZwQueryObject
ObOpenObjectByPointer
KeClearEvent
KeSetEvent
IoCreateSymbolicLink
IoEnqueueIrp
ObInsertObject
MmBuildMdlForNonPagedPool
IoFreeMdl
ZwUnmapViewOfSection
ExEventObjectType
MmCreateSection
MmMapViewOfSection
IoFreeIrp
IoAllocateIrp
ExAllocatePoolWithQuotaTag
IoAllocateMdl
IofCallDriver
ObOpenObjectByName
PsGetCurrentProcessId
ZwSetInformationFile
IoGetBaseFileSystemDeviceObject
PsLookupProcessByProcessId
NtClose
ZwDeleteFile
ZwSetInformationObject
ZwOpenFile
MmProbeAndLockPages
RtlEqualUnicodeString
ExAllocatePool
RtlAssert
PsProcessType
ZwTerminateProcess
MmMapLockedPagesSpecifyCache
MmUnlockPages
wcschr
ZwDeleteValueKey
ZwFlushKey
DbgPrint
ZwEnumerateValueKey
ZwDeleteKey
ZwEnumerateKey
ZwLoadDriver
ExReleaseFastMutex
ExAcquireFastMutex
IoDetachDevice
PsSetCreateProcessNotifyRoutine
IoDriverObjectType
IoGetDeviceObjectPointer
PsSetCreateProcessNotifyRoutineEx
KeQueryActiveProcessorCountEx
KeQueryMaximumProcessorCountEx
IoAttachDeviceToDeviceStack
IoAttachDevice
ObReferenceObjectByName
IoGetCurrentProcess
IoDeleteDevice
CmRegisterCallbackEx
PsGetProcessImageFileName
IoRegisterShutdownNotification
ExFreePoolWithTag
IoDeleteSymbolicLink
KeInitializeEvent
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
ExDeleteNPagedLookasideList
_stricmp
__C_specific_handler

fltmgr.sys

FltAcquireResourceShared
FltReleaseFileNameInformation
FltGetFileNameInformation
FltStartFiltering
FltRegisterFilter
FltAcquireResourceExclusive
FltUnregisterFilter
FltReleaseResource

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/ieBDSoftHelperPlug.dll
.dll regsvr32 windows:4 windows x86 arch:x86

dd86675f4b3de4d56abed75425015b65

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:e5:30:84:00:9f:a6:fa:eb:b1:8b:b7:a0:ad:5a:7b:93:d5:02:44
Signer

Actual PE Digest

5b:e5:30:84:00:9f:a6:fa:eb:b1:8b:b7:a0:ad:5a:7b:93:d5:02:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Output\BinRelease\ieBDSoftHelperPlug.pdb

Imports

ws2_32

setsockopt
WSACleanup
recv
closesocket
send
connect
socket
WSAStartup
inet_addr
htons

kernel32

InterlockedCompareExchange
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
TerminateProcess
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
GetACP
GetLocaleInfoA
GetVersionExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcmpiW
Sleep
InterlockedExchange

user32

CharNextW
UnregisterClassA

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc

oleaut32

UnRegisterTypeLi
LoadRegTypeLi
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

msvcp80

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr80

_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_initterm
_onexit
_initterm_e
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_amsg_exit
_adjust_fdiv
__CppXcptFilter
__clean_type_info_names_internal
_crt_debugger_hook
_encoded_null
??3@YAXPAX@Z
_snwscanf_s
__CxxFrameHandler3
memset
??_V@YAXPAX@Z
malloc
free
memcpy_s
_CxxThrowException
wcscpy_s
wcsncpy_s
wcscat_s
_recalloc
_purecall
??2@YAPAXI@Z
_localtime64
_time64
strstr
strncmp
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/mindownload.ico
$_2_/skin_engine.dll
.dll windows:4 windows x86 arch:x86

ab5040e73a27552147d614a5e8377c2b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:79:2e:0d:6d:f5:6b:24:95:c2:e5:e2:df:8d:b5:87:99:72:80:61
Signer

Actual PE Digest

dd:79:2e:0d:6d:f5:6b:24:95:c2:e5:e2:df:8d:b5:87:99:72:80:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\skin_engine_common_compile\skin_engine\Projects\releaseforxp\skin_engine.pdb

Imports

kernel32

GetCurrentThreadId
RaiseException
LeaveCriticalSection
GetProcAddress
GetModuleHandleW
GetLastError
OutputDebugStringW
GetProcessHeap
HeapAlloc
HeapFree
LockResource
SizeofResource
WriteFile
FindResourceW
ReadFile
CloseHandle
GetFileSize
CreateFileW
GlobalFree
GetTickCount
EnterCriticalSection
GlobalLock
GlobalAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
HeapSize
HeapReAlloc
HeapDestroy
FlushInstructionCache
GetCurrentProcess
SetLastError
FindResourceExW
GlobalUnlock
VerifyVersionInfoW
LoadResource
VerSetConditionMask

user32

GetMonitorInfoW
GetIconInfo
DestroyIcon
GetClientRect
SetWindowTextW
SetCursor
RedrawWindow
ShowWindow
IsWindowVisible
EndPaint
GetWindowRect
IsIconic
BeginPaint
SetActiveWindow
ReleaseCapture
GetUpdateRect
EnableWindow
CreateIconFromResource
SetCapture
CreateIconFromResourceEx
UpdateLayeredWindow
SendMessageW
GetParent
SwitchToThisWindow
GetWindowLongW
SetWindowLongW
KillTimer
SetTimer
DestroyWindow
ClientToScreen
GetSystemMetrics
SetWindowPos
IsRectEmpty
PtInRect
IntersectRect
CloseClipboard
EmptyClipboard
SetClipboardData
IsClipboardFormatAvailable
UnregisterClassA
GetClipboardData
GetDC
ReleaseDC
GetKeyState
OpenClipboard
EqualRect
GetCursorPos
ScreenToClient
CopyRect
OffsetRect
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
RegisterClassExW
CallWindowProcW
GetClassInfoExW
LoadCursorW
CreateWindowExW
IsWindow
MonitorFromWindow
SystemParametersInfoW

gdi32

GetCurrentObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateDIBSection
DeleteObject
GetDeviceCaps
GetDIBits
GetStockObject
BitBlt
DeleteDC
GetObjectW

shell32

SHGetFileInfoW
ord6

ole32

CreateStreamOnHGlobal

comctl32

InitCommonControlsEx
_TrackMouseEvent

msvcp80

?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@0@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?destroy@?$allocator@_W@std@@QAEXPA_W@Z
?construct@?$allocator@_W@std@@QAEXPA_WAB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr80

ceil
memmove
realloc
malloc
_aligned_malloc
_aligned_free
fwrite
free
_control87
calloc
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
__CxxFrameHandler3
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
memcpy
_CIcos
_CIsin
_CIfmod
floor
_CIexp
_CIpow
_CxxThrowException
_CIlog10
_CIlog
_CIatan
_CItan
_CIacos
?terminate@@YAXXZ
??3@YAXPAX@Z
_vsnwprintf_s
??_V@YAXPAX@Z
??0exception@std@@QAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
vswprintf_s
ldiv
fseek
ftell
fclose
fread
memmove_s
_wfopen_s
wcscpy_s
memcpy_s
_wcslwr_s
wcsstr
_recalloc
swprintf_s
_wtol
_vscwprintf
wcsrchr
_CIasin

imm32

ImmGetCompositionWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

gdiplus

GdipDeletePen
GdipSetStringFormatMeasurableCharacterRanges
GdipDrawPath
GdipCreatePen1
GdipAddPathPie
GdipCreateImageAttributes
GdipDeleteGraphics
GdipDrawRectangleI
GdipDisposeImageAttributes
GdipDeleteRegion
GdipCreateFromHDC
GdipAddPathEllipse
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipCreateFontFamilyFromName
GdipSetImageAttributesWrapMode
GdipCreateBitmapFromScan0
GdipTranslateWorldTransform
GdipSetClipRectI
GdipCreateRegion
GdipAddPathPolygonI
GdipMeasureCharacterRanges
GdipAddPathLine2I
GdipDrawImageRectRectI
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipGetCellDescent
GdipGetEmHeight
GdipGetRegionBounds
GdipSetInterpolationMode
GdipCreateTexture
GdipGetDC
GdipGetFamilyName
GdipSetPixelOffsetMode
GdipMeasureString
GdipReleaseDC
GdipSetStringFormatTrimming
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipCreateFont
GdipSetStringFormatFlags
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipFillRectangleI
GdipSetStringFormatAlign
GdipFillPath
GdipGetFontHeight
GdipDeleteStringFormat
GdipCloneBrush
GdipSetSmoothingMode
GdipCreateStringFormat
GdipDeleteFontFamily
GdipDeletePath
GdipDeleteFont
GdipDeleteBrush
GdipIsVisiblePathPointI
GdipDrawString
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipAddPathArc
GdipSetStringFormatLineAlign

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
get_skin_engine

Sections

.text
Size: 356KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/uninstaller.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

12/02/2015, 00:59

Not After

12/02/2017, 00:59

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:cb:42:6d:6b:f1:3a:28:9b:4b:55:eb:c2:f5:40:2f:98:83:2e:31
Signer

Actual PE Digest

9d:cb:42:6d:6b:f1:3a:28:9b:4b:55:eb:c2:f5:40:2f:98:83:2e:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 612KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallHelper.dll
.dll windows:4 windows x86 arch:x86

7a684334bd5ac333f8402194b2c870bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\bdda_trunk_compile\bdda_proj\Basic\Install\NSIS\Plugins\InstallHelper.pdb

Imports

kernel32

GetDiskFreeSpaceW
TerminateProcess
GetModuleHandleW
GetFileAttributesW
SetFileAttributesW
MoveFileExW
SizeofResource
CreateFileW
GlobalFree
LockResource
lstrcpyW
LoadResource
GlobalAlloc
OpenProcess
GetSystemDirectoryW
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
Process32NextW
CloseHandle
GetLastError
FreeLibrary
FlushFileBuffers
FindResourceW
lstrcpynW
Sleep
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
ExpandEnvironmentStringsW
MultiByteToWideChar
LoadLibraryW
OutputDebugStringW
GetProcAddress
GetCurrentProcess
FindResourceExW
GetTickCount
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

FindWindowW
UnregisterClassA
ShowWindow
SetForegroundWindow

advapi32

RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
OpenProcessToken
CheckTokenMembership
QueryServiceStatus
AllocateAndInitializeSid
StartServiceW
OpenServiceW
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysStringLen
SysFreeString
SysAllocString

shlwapi

PathStripToRootW

Exports

Exports

DeleteDirectory
DoInstallService
FireWallAddApp
FireWallRemoveApp
Function1
Function10
Function2
Function3
Function4
Function5
Function6
Function7
Function8
Function9
GetAllUserAppDataDir
InstallCheck
InstallDrivers
IsProcessRunning
IsWow64
KillRunningProcess
RefreshPolicies
RenameAndDeleteFile
ReportInstallData
ReportUninstallData
ShowMainWnd
ShowMessageBox
UninstallDrivers

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

07:bb:7e:65:86:c7:d0:0d:36:17:00:e4:13:9f:e7:72Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

64:ab:0b:9c:05:4d:8c:7d:9a:26:12:ac:bd:e8:2a:11:70:60:40:4bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 596KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

7a684334bd5ac333f8402194b2c870bc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49Certificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

1a:37:04:52:d4:a8:58:c9:c7:8d:14:8c:09:c9:4c:c1:7a:aa:45:b8Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 12KB - Virtual size: 10KB

b38ae1c3d962d097564a6092adcb8326

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

07:bb:7e:65:86:c7:d0:0d:36:17:00:e4:13:9f:e7:72
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

64:ab:0b:9c:05:4d:8c:7d:9a:26:12:ac:bd:e8:2a:11:70:60:40:4b
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 596KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

1a:37:04:52:d4:a8:58:c9:c7:8d:14:8c:09:c9:4c:c1:7a:aa:45:b8
Signer

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 12KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

bc:63:97:3e:b1:9c:e7:5f:e4:ce:a8:bc:28:78:3c:69:14:0b:c3:09
Signer

.text
Size: 584KB - Virtual size: 582KB

.rdata
Size: 116KB - Virtual size: 114KB

.data
Size: 12KB - Virtual size: 12KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 4KB - Virtual size: 644B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

a0:e7:87:23:13:93:4a:23:47:09:3e:58:63:88:57:e7:0f:05:f3:24
Signer