agenttesla | 260687b1e1ee90adb739fa9e618be63ae531952ad3f955b8d6ce70c773cd5cf5

Sharing

Copy URL

Twitter E-mail

General

Target

260687b1e1ee90adb739fa9e618be63ae531952ad3f955b8d6ce70c773cd5cf5
Size

294.8MB
MD5

67a5831b686c19fb480396f98f1079bc
SHA1

d05134893047f3e4f5293242a4e68a8ec55aa624
SHA256

260687b1e1ee90adb739fa9e618be63ae531952ad3f955b8d6ce70c773cd5cf5
SHA512

a3eb042fe14caf631c53fd459f0df6529f859f9281cba44816584ed4f56ba9e02bbdd65c5e8c1e9f35d6cc66879fa4506cdc2a2c7b82f572ca61ce54487a6476
SSDEEP

6291456:IZfdwL7u84xrkvjmqaZ/eHu/bKZ+XaYRzZo/9AZ3mNpMFUTE+7enjrsJovsu1SgB:2dQB0kjSbXGfQcq09Y

Score

10^/10

upx isfb aspackv2 vmprotect pyinstaller agenttesla gozi

Malware Config

Extracted

Family

gozi

Signatures

Agenttesla family
agenttesla
Gozi family
gozi

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
static1/unpack001/Virussign.2024.06.08/virussign.com_84c108fec8ff1f7248713a584919a29f.vir	aspack_v212_v242

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/Virussign.2024.06.08/virussign.com_25a18a445cbd02a4072dc116bc85b2e4.vir	upx
static1/unpack001/Virussign.2024.06.08/virussign.com_34877f921a1f72e5c5874a44f60c90ab.vir	upx
static1/unpack001/Virussign.2024.06.08/virussign.com_37fa37fa7b74d828e05816fa935c83b9.vir	upx
static1/unpack001/Virussign.2024.06.08/virussign.com_4981d406b5936dd98bc805f00b4e3ac7.vir	upx
static1/unpack001/Virussign.2024.06.08/virussign.com_4c05c7bded47185197e39c40625e5e39.vir	upx
static1/unpack001/Virussign.2024.06.08/virussign.com_99ca17788c3581e3d73e8bc7da77a2a9.vir	upx
static1/unpack001/Virussign.2024.06.08/virussign.com_b95ef5d203bf0b5e1ae944ccfeb425c4.vir	upx
static1/unpack001/Virussign.2024.06.08/virussign.com_c6e8f2327b9a6ff3b7713b201d8c9722.vir	upx
static1/unpack001/Virussign.2024.06.08/virussign.com_e629426924625239457e94b9af30c8d9.vir	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/Virussign.2024.06.08/virussign.com_94f214e7b5d9eec331158b419050d28c.vir	vmprotect

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
static1/unpack001/Virussign.2024.06.08/virussign.com_9b4612faa36c90f1430194351d78b63a.vir	pyinstaller

Unsigned PE 431 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Virussign.2024.06.08/virussign.com_001d2d017b5a7716053d3f1486270f41.vir
unpack001/Virussign.2024.06.08/virussign.com_00d73b2201d137dafcd073e6f90ed283.vir
unpack001/Virussign.2024.06.08/virussign.com_012d6250b2f03cc71381041c4eeeb50a.vir
unpack001/Virussign.2024.06.08/virussign.com_0253492c47e1aae5c1906a4b099e13b9.vir
unpack001/Virussign.2024.06.08/virussign.com_025c0616d26ebf93aa583d575245bf35.vir
unpack001/Virussign.2024.06.08/virussign.com_02c31485fa69ef9d1a370034d043587d.vir
unpack001/Virussign.2024.06.08/virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.vir
unpack001/Virussign.2024.06.08/virussign.com_03d6ebf12ae52644ac8fbc893526aaad.vir
unpack001/Virussign.2024.06.08/virussign.com_0437640434489c178ddce32f6bc8bd9c.vir
unpack001/Virussign.2024.06.08/virussign.com_044454717ce16bdfddd7dfedfc4fa455.vir
unpack001/Virussign.2024.06.08/virussign.com_0622fa4ddac7802def045e83a4ccb8c5.vir
unpack002/$PLUGINSDIR/NSIS_Picasa_Unicode.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/$SYSDIR/GPhotos.scr
unpack002/$TEMP/PicasaInstaller/srv2k3/cdrom.sys
unpack002/$TEMP/PicasaInstaller/srv2k3/imapi2.dll
unpack002/$TEMP/PicasaInstaller/srv2k3/imapi2fs.dll
unpack002/$TEMP/PicasaInstaller/winxp/cdrom.sys
unpack002/$TEMP/PicasaInstaller/winxp/imapi2.dll
unpack002/$TEMP/PicasaInstaller/winxp/imapi2fs.dll
unpack002/Picasa3.exe
unpack001/Virussign.2024.06.08/virussign.com_062a0d024a3edf6028babdbb70e32560.vir
unpack001/Virussign.2024.06.08/virussign.com_0654dc4978689ef0c07a2e65b8b82712.vir
unpack001/Virussign.2024.06.08/virussign.com_07354ef0c4bb0112ab71c598e1923536.vir
unpack001/Virussign.2024.06.08/virussign.com_0a2d7abc61b289ce20f930206e67cca4.vir
unpack001/Virussign.2024.06.08/virussign.com_0b1c7343bdcacd4fdc3a30e4908066f2.vir
unpack001/Virussign.2024.06.08/virussign.com_0b421460741d129372482300b0c2c454.vir
unpack001/Virussign.2024.06.08/virussign.com_0b57521848306a715d1908e6bb743dd8.vir
unpack001/Virussign.2024.06.08/virussign.com_0b63880cb50353b22951a7ccdb500f42.vir
unpack001/Virussign.2024.06.08/virussign.com_0b70928d9e99f77e515f8618456babee.vir
unpack001/Virussign.2024.06.08/virussign.com_0c07f38185288e23fb7571d56ac59a7b.vir
unpack001/Virussign.2024.06.08/virussign.com_0c1527b262b392743f989e58c97b68e3.vir
unpack001/Virussign.2024.06.08/virussign.com_0cf726d18910a31ff564224f1ffcc284.vir
unpack001/Virussign.2024.06.08/virussign.com_0d3766aef810bc16c11962448eb95c6b.vir
unpack001/Virussign.2024.06.08/virussign.com_0e461f56073536682e8e7329b4118739.vir
unpack001/Virussign.2024.06.08/virussign.com_0e71dd1e2174bb47f908e860f0bf8951.vir
unpack001/Virussign.2024.06.08/virussign.com_0f17dfb0370327b37a943019348ab278.vir
unpack001/Virussign.2024.06.08/virussign.com_0f266f38035cdbd0fa6a499c7d0d4515.vir
unpack001/Virussign.2024.06.08/virussign.com_0f3a30f4393c57461f2d3e61d976375e.vir
unpack001/Virussign.2024.06.08/virussign.com_117046944036eafbeb432b84cd1d2fd9.vir
unpack001/Virussign.2024.06.08/virussign.com_129648c6b9553321c87f7b6940228451.vir
unpack001/Virussign.2024.06.08/virussign.com_12e91d7e4ed742fbddef8ed3d5927dcb.vir
unpack001/Virussign.2024.06.08/virussign.com_12f57f7c231fed9f49bf2d225727f0b1.vir
unpack001/Virussign.2024.06.08/virussign.com_13460cf7dc16150aac79458235554198.vir
unpack001/Virussign.2024.06.08/virussign.com_1349ee44727238fe6186a236a3a65c5f.vir
unpack001/Virussign.2024.06.08/virussign.com_134b2d0e5939a63c36b24f3679a6ec9d.vir
unpack001/Virussign.2024.06.08/virussign.com_136a459576355c21d4e315259af51ad5.vir
unpack001/Virussign.2024.06.08/virussign.com_13bac0ef4f2ad8351fa82226e151aad4.vir
unpack001/Virussign.2024.06.08/virussign.com_14380229e31651b73ec3db08a2bf2790.vir
unpack001/Virussign.2024.06.08/virussign.com_14e4e25ff2a42e21b6f117d1f706b4ba.vir
unpack001/Virussign.2024.06.08/virussign.com_14f040f5f97998f0509332601f66f21a.vir
unpack001/Virussign.2024.06.08/virussign.com_150f451d1d357a080499a65f134faa7d.vir
unpack001/Virussign.2024.06.08/virussign.com_153151180d04cac515a0732bfb01fdc1.vir
unpack001/Virussign.2024.06.08/virussign.com_15cf1ac8e97028b18d88cad3d02fe216.vir
unpack001/Virussign.2024.06.08/virussign.com_160027be56a683f688be6fa558ad1f4a.vir
unpack001/Virussign.2024.06.08/virussign.com_164414b2f14e543d5b21ce3d2be5cba7.vir
unpack001/Virussign.2024.06.08/virussign.com_1682e903320ec2e17bce7608d8eb96c3.vir
unpack001/Virussign.2024.06.08/virussign.com_175d2b112fba670e56fa09def7a02911.vir
unpack001/Virussign.2024.06.08/virussign.com_17ce5d1e8c73708bd17d96386cc26d2f.vir
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/CrashReport.exe
unpack001/Virussign.2024.06.08/virussign.com_17f6de93a5e86cce95d467c8e1a6da6f.vir
unpack001/Virussign.2024.06.08/virussign.com_187c3302904bed0df399ba54ca62a338.vir

NSIS installer 9 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/Virussign.2024.06.08/virussign.com_17ce5d1e8c73708bd17d96386cc26d2f.vir	nsis_installer_1
static1/unpack001/Virussign.2024.06.08/virussign.com_17ce5d1e8c73708bd17d96386cc26d2f.vir	nsis_installer_2
static1/unpack001/Virussign.2024.06.08/virussign.com_3ee9237b2c2b10394e37a375aceaf429.vir	nsis_installer_1
static1/unpack001/Virussign.2024.06.08/virussign.com_3ee9237b2c2b10394e37a375aceaf429.vir	nsis_installer_2
static1/unpack001/Virussign.2024.06.08/virussign.com_466931397aadb3ceeedf11a211e75a64.vir	nsis_installer_1
static1/unpack001/Virussign.2024.06.08/virussign.com_466931397aadb3ceeedf11a211e75a64.vir	nsis_installer_2
static1/unpack001/Virussign.2024.06.08/virussign.com_67307fdc227723dbf98a3b5fdfd93dea.vir	nsis_installer_2
static1/unpack001/Virussign.2024.06.08/virussign.com_905638ddde4bbb8f8d5adc6c39658be1.vir	nsis_installer_2
static1/unpack001/Virussign.2024.06.08/virussign.com_ee4d945176fb5b490cadefaa5ac3f5cc.vir	nsis_installer_2

Files

260687b1e1ee90adb739fa9e618be63ae531952ad3f955b8d6ce70c773cd5cf5
.zip
Virussign.2024.06.08/filelist-01.txt
Virussign.2024.06.08/snowflake.bmp
Virussign.2024.06.08/virussign.com_001d2d017b5a7716053d3f1486270f41.vir
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_00d73b2201d137dafcd073e6f90ed283.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SourceCode\iBank4\iTerminal\Trunk\Src\Tools\GRGInputMethod\obj\Release\GRGInputMethod.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_012d6250b2f03cc71381041c4eeeb50a.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0253492c47e1aae5c1906a4b099e13b9.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_025c0616d26ebf93aa583d575245bf35.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_02c31485fa69ef9d1a370034d043587d.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.vir
.exe windows:4 windows x86 arch:x86

020bdc06febfab0bc2187156e3333a4c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA
RasGetConnectStatusA

iphlpapi

GetAdaptersInfo

winmm

midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
midiStreamRestart
midiStreamStop
midiOutReset
midiStreamClose

ws2_32

recvfrom
sendto
socket
htonl
bind
htons
WSAAsyncSelect
closesocket
send
select
WSACleanup
WSAStartup
gethostbyname
getsockname
ntohs
__WSAFDIsSet
accept
getpeername
listen
connect
inet_ntoa
inet_addr
ioctlsocket
gethostname
recv

kernel32

MultiByteToWideChar
GetVersion
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
GetACP
HeapSize
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FormatMessageA
LocalFree
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
WideCharToMultiByte
SetLastError
GetTimeZoneInformation
FileTimeToSystemTime
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
DeviceIoControl
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
lstrlenW
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
SetFileAttributesA
GetFileAttributesA
DeleteFileA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
IsBadReadPtr
IsBadCodePtr
CompareStringW
InterlockedExchange

user32

GetWindowTextA
FindWindowExA
GetDlgItem
GetClassNameA
GetDesktopWindow
SetWindowTextA
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetSystemMenu
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PostThreadMessageA
GetNextDlgGroupItem
GetSysColorBrush
LoadStringA
MapDialogRect
SetWindowContextHelpId
CharNextA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
IsDialogMessageA
ScrollWindowEx
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
RegisterClassA
GetMenuItemCount
GetMenuItemID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
SetRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
CallWindowProcA
CreateWindowExA
RegisterHotKey
UnregisterHotKey
SendDlgItemMessageA
UnregisterClassA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
UnhookWindowsHookEx

gdi32

TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
ExtTextOutA
SelectObject
CreatePen
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
Escape
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SelectClipRgn
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
CreateFontA
TranslateCharsetInfo
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
GetTextMetricsA
GetMapMode
PathToRegion
EndPath
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
RestoreDC
SaveDC
DeleteObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA

shell32

DragAcceptFiles
ShellExecuteA
Shell_NotifyIconA
DragFinish
DragQueryFileA

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
CoTaskMemFree

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
OleCreateFontIndirect
UnRegisterTypeLi
SysFreeString
SafeArrayGetDim
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
VariantTimeToSystemTime
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
SafeArrayGetElemsize

comctl32

ImageList_EndDrag
ord17
ImageList_Read
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add
ImageList_Duplicate
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_DragShowNolock

oledlg

ord8

wininet

InternetCanonicalizeUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
InternetSetOptionA
InternetCloseHandle
InternetOpenA
InternetCrackUrlA

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

Sections

.text
Size: 652KB - Virtual size: 651KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 936KB - Virtual size: 932KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_03d6ebf12ae52644ac8fbc893526aaad.vir
.exe windows:6 windows x86 arch:x86

4d5f460f239617a15843c169ee11795b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\USER\source\repos\Project1\Debug\Project1.pdb

Imports

vcruntime140d

__vcrt_GetModuleFileNameW
_except_handler4_common
memset
__current_exception_context
__current_exception
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
__std_type_info_destroy_list

ucrtbased

strcat_s
__stdio_common_vsprintf_s
__p__commode
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_controlfp_s
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
strcpy_s
_set_new_mode
_configthreadlocale
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_set_fmode
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__setusermatherr
_set_app_type
_seh_filter_exe
_CrtDbgReportW
_CrtDbgReport
__stdio_common_vfprintf
__acrt_iob_func
_seh_filter_dll

kernel32

HeapAlloc
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
GetProcAddress
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
GetCurrentThreadId
GetLastError
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0437640434489c178ddce32f6bc8bd9c.vir
.exe windows:5 windows x86 arch:x86

831433c08f6aafba055a4c78721a691a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_XcptFilter
_exit
_c_exit
_wfopen
fgetws
fwscanf
fgetwc
fread
fclose
wcsncmp
atol
wcscpy
_except_handler3
_cexit
swprintf
_wcsicmp
wcsstr
wcsncpy
wprintf
wcslen
swscanf

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

kernel32

HeapFree
GetProcessHeap
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
GetProcAddress
FreeLibrary
OutputDebugStringW
GetLocalTime
WriteFile
SetFilePointer
ExpandEnvironmentStringsW
GetEnvironmentVariableW
HeapAlloc
CreateFileW
DeviceIoControl
CreateThread
WaitForSingleObject
GetCurrentProcess
GetLastError
CloseHandle
ExitThread
SetLastError

user32

MessageBoxW
LoadStringW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

syssetup

AsrAddSifEntryW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_044454717ce16bdfddd7dfedfc4fa455.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BuildAgent\work\33b2b67282fffa05\tminstaller\Teramind.Setup\Teramind.Setup.Remover\obj\Release\Teramind.Setup.Remover.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0622fa4ddac7802def045e83a4ccb8c5.vir
.exe windows:4 windows x86 arch:x86

fa87d05da8cd992552ea846b6a9a1bb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
GetUserDefaultLCID

user32

GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
GetClassInfoW
ScreenToClient
SystemParametersInfoW
RegisterClassW
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CreateWindowExW
CharNextW
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSIS_Picasa_Unicode.dll
.dll windows:4 windows x86 arch:x86

dd4d4b4320a71ab0c16c5077ded3ee8a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

p:\p\agents\hpac4.eem\recipes\662730680\base\googleclient\picasa39-stable\NSIS_Unicode\Plugins\NSIS_Picasa_Unicode.pdb

Imports

sti

StiCreateInstanceW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

lstrcpynW
MultiByteToWideChar
GlobalFree
GetLastError
GetProcAddress
FindFirstFileW
FindClose
LoadLibraryW
RemoveDirectoryW
GetLocaleInfoW
CreateProcessW
MoveFileExW
Sleep
lstrcatW
FindNextFileW
GetVersionExW
CreateDirectoryW
GetFileAttributesW
GetUserDefaultLCID
WaitForSingleObject
CreateFileW
CloseHandle
GetVersion
DeleteFileW
GetCommandLineW
GetModuleHandleW
lstrcpyW
GetPrivateProfileStringW
OpenProcess
GetExitCodeProcess
TerminateProcess
OpenMutexA
GetModuleHandleA
GetCurrentProcessId
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
WideCharToMultiByte
GlobalAlloc
HeapSize
CreateFileA
InitializeCriticalSection
WritePrivateProfileStringW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetConsoleCP
FreeEnvironmentStringsW
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
ExitProcess
WriteFile
GetModuleFileNameA
ReadFile
FreeEnvironmentStringsA
GetEnvironmentStrings
SetStdHandle

user32

MapWindowPoints
GetClassNameA
EnumWindows
GetWindowLongW
FindWindowA
MoveWindow
FindWindowExW
GetWindowRect
CreateWindowExW
MessageBoxW
SendMessageW
wsprintfW
GetDlgItem
SetWindowLongW
GetClientRect
CallWindowProcW
DestroyWindow

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW

ole32

CoCreateInstance

Exports

Exports

TokenizeVersionString
addlink
appopencheck
closelink
distrocheck
fixshortcuts
getlicenselangco
installdircheck
movenextbutton
ntusercheck
resizeokbutton
setie7registry
stiregister
stiseticon
uninstall
upgradedirectory
upgradewindow
versioncheck

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/GPhotos.scr
.exe windows:4 windows x86 arch:x86

8fb60ab5ea73162c8708c2b7e5a510ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

p:\p\agents\hpac4.eem\recipes\662730680\base\googleclient\picasa39-stable\build\GPhotos.pdb

Imports

comctl32

ImageList_Destroy
ImageList_Create
ImageList_Add
InitCommonControlsEx
PropertySheetW
CreatePropertySheetPageW
PropertySheetA
CreatePropertySheetPageA

psapi

GetModuleFileNameExA
GetModuleBaseNameA
EnumProcesses
EnumProcessModules

rasapi32

RasEnumEntriesA

wininet

InternetConnectA
InternetSetStatusCallback
InternetGetConnectedState
InternetQueryOptionA
InternetCloseHandle
InternetGetConnectedStateEx
InternetSetOptionA
HttpSendRequestExA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetErrorDlg
InternetOpenA
InternetReadFile
HttpEndRequestA
HttpOpenRequestA
HttpSendRequestA
InternetGetCookieExA
InternetWriteFile

kernel32

GetACP
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEvent
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
InterlockedCompareExchange
CloseHandle
GetLastError
GetCurrentProcess
CreateEventA
ExpandEnvironmentStringsA
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
LoadResource
SizeofResource
GetModuleFileNameA
FindResourceA
OpenProcess
GetProcAddress
lstrcmpiA
ReadProcessMemory
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
lstrlenW
FreeLibrary
CreateThread
RaiseException
IsDBCSLeadByte
GetCommandLineA
Sleep
GetModuleHandleA
lstrlenA
GetCurrentProcessId
TerminateProcess
ExitProcess
SetThreadAffinityMask
GetCurrentThread
CreateFileA
GetDevicePowerState
GetProcessTimes
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
GetCPInfo
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
HeapCreate
HeapDestroy
GetFileType
GetStartupInfoA
GetVersionExA
UnhandledExceptionFilter
GetSystemPowerStatus
GetTickCount
LoadLibraryA
SetStdHandle
ExitThread
RtlUnwind
HeapReAlloc
VirtualProtect
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetThreadLocale
SearchPathA
GetSystemTimeAsFileTime
Module32Next
Module32First
CreateToolhelp32Snapshot
GetSystemDefaultLCID
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemInfo
FindClose
FlushFileBuffers
SetEndOfFile
SetFilePointer
VirtualAlloc
VirtualFree
ReadFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetDriveTypeA
GetTempPathA
GetTempPathW
LockResource
QueryPerformanceFrequency
CompareFileTime
GetLocaleInfoA
SystemTimeToFileTime
GlobalLock
GlobalAlloc
GlobalUnlock
lstrcmpA
SetLastError
MulDiv
FlushInstructionCache
DisableThreadLibraryCalls
GlobalFree
WriteFile
GetStringTypeA
LocalFree
GetTimeZoneInformation
OutputDebugStringA
FormatMessageA
QueryPerformanceCounter
GetFileSize
LCMapStringW
GetUserDefaultLCID
DebugBreak
FindFirstFileW
LoadLibraryW
FindFirstFileA
CreateDirectoryW
LoadLibraryExW
CreateDirectoryExW
FindFirstFileExW
GetDateFormatA
FindFirstFileExA
SetFileAttributesA
GetTimeFormatA
FindNextFileW
GetFileAttributesExA
FindNextFileA
RemoveDirectoryA
GetShortPathNameW
GetShortPathNameA
CopyFileW
CreateFileW
MoveFileW
SetFileAttributesW
MoveFileExW
GetFileAttributesExW
CopyFileA
CreateProcessA
CreateDirectoryA
GetDateFormatW
MoveFileA
GetTimeFormatW
CreateDirectoryExA
RemoveDirectoryW
MoveFileExA
CopyFileExW
MoveFileWithProgressW
CreateProcessW
GetVersion
CopyFileExA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
MoveFileWithProgressA
CompareStringW
CompareStringA
GetFileAttributesW
GetModuleFileNameW
GetFileAttributesA
DeleteFileW
GetModuleHandleW
DeleteFileA
InterlockedExchange
TerminateThread
SetThreadPriority
GetThreadPriority
WaitForMultipleObjects
SetErrorMode
GetLongPathNameW
GetLongPathNameA
GetSystemDirectoryA
SetCurrentDirectoryA
GetDiskFreeSpaceExA
VirtualQuery
TzSpecificLocalTimeToSystemTime

user32

GetScrollBarInfo
IsWindowEnabled
CreateDialogIndirectParamA
DrawTextW
CharNextA
PostThreadMessageA
GetMessageA
DispatchMessageA
SetParent
EnumChildWindows
ShowWindow
GetKeyState
MoveWindow
PostMessageA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SendMessageA
DestroyWindow
DestroyAcceleratorTable
GetFocus
SetWindowPos
RegisterClassExA
FillRect
SetPropA
RemovePropA
BeginPaint
EndPaint
GetClassNameA
InvalidateRect
GetSysColor
CreateAcceleratorTableA
InvalidateRgn
ClientToScreen
ReleaseCapture
ScreenToClient
GetWindow
SetWindowTextA
IsChild
GetWindowTextLengthA
RedrawWindow
GetClassInfoExA
SetCapture
LoadCursorA
DialogBoxIndirectParamA
GetWindowRect
IsWindowVisible
GetPropA
GetWindowTextLengthW
GetWindowTextW
FlashWindowEx
SetActiveWindow
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
AppendMenuW
MessageBoxW
GetMenuItemInfoA
SetWindowLongW
GetWindowLongW
CallWindowProcW
RegisterClassW
UnregisterClassA
UnregisterClassW
GetClassInfoA
SetMenuItemInfoA
SetClassLongW
SetClassLongA
SetWindowTextW
InsertMenuItemA
DialogBoxParamW
SendMessageW
AppendMenuA
SetDlgItemTextW
DefWindowProcW
MessageBoxA
CreateDialogParamW
CreateWindowExW
CreateDialogParamA
IsIconic
DefWindowProcA
EnumThreadWindows
GetActiveWindow
MessageBeep
TranslateAcceleratorA
MsgWaitForMultipleObjects
GetAsyncKeyState
GetCursor
ShowCursor
IsDialogMessageA
DialogBoxIndirectParamW
FindWindowExA
GetTopWindow
UpdateWindow
AdjustWindowRectEx
GetMenu
GetClassLongA
KillTimer
SetTimer
GetDlgItem
EnableWindow
SetFocus
LoadBitmapA
GetMessagePos
MapWindowPoints
GetSystemMetrics
GetDC
ReleaseDC
FindWindowA
RegisterWindowMessageA
RegisterClassA
CreateWindowExA
TranslateMessage
PeekMessageA
DialogBoxParamA
IsWindow
SetCursor
PostQuitMessage
GetCursorPos
SystemParametersInfoA
GetClientRect
SetDlgItemTextA
CallNextHookEx
SetWindowsHookExA
LoadIconA
UnhookWindowsHookEx
GetUserObjectInformationA
GetThreadDesktop
CheckDlgButton
IsDlgButtonChecked
GetForegroundWindow
AllowSetForegroundWindow
GetParent
GetDesktopWindow
EndDialog
EnumWindows
SetForegroundWindow
GetWindowTextA
GetWindowModuleFileNameA

gdi32

GetTextExtentPoint32A
ExtTextOutA
TextOutA
GetTextExtentPoint32W
SelectObject
GetDeviceCaps
GetObjectA
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
GetTextMetricsA
TextOutW
ExtTextOutW
CreateFontIndirectA
CreatePen
Rectangle
CreateDIBSection
GetICMProfileA
SetBkMode
GetGlyphOutlineW
GetGlyphOutlineA
GetKerningPairsA
GetStockObject
GetClipBox
DeleteObject

advapi32

RegUnLoadKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueA
CryptReleaseContext
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptDecrypt
DeregisterEventSource
ReportEventA
RegisterEventSourceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegLoadKeyA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyExA

ole32

OleUninitialize
OleInitialize
OleLockRunning
CLSIDFromString
CoGetClassObject
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoInitializeEx
CoCreateGuid
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize

oleaut32

SysFreeString
LoadRegTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
VarDateFromStr
VarBstrCat
OleCreateFontIndirect
VariantInit
SysAllocStringLen
SysStringByteLen
VariantClear
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
VarUI4FromStr
SysStringLen

mscms

GetColorDirectoryA

shlwapi

SHDeleteValueA
SHDeleteKeyA

urlmon

FindMimeFromData
CoInternetGetSession

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA

ws2_32

gethostbyname

comdlg32

GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW

shell32

DragQueryFileA
SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHBrowseForFolderA
DragQueryFileW
SHFileOperationW
ShellExecuteExA
SHGetFileInfoW
SHGetFileInfoA
ShellExecuteA
SHGetSpecialFolderPathW
Shell_NotifyIconA
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW
SHGetPathFromIDListW
SHFileOperationA
SHGetMalloc
SHBrowseForFolderW

Exports

Exports

JSON_parser_char
JSON_parser_done
JSON_parser_is_legal_white_space_string
delete_JSON_parser
init_JSON_config
new_JSON_parser

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/spmsg.dll
.dll windows:5 windows x86 arch:x86

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5b:e0:42:c5:97:92:d2:a3:f3:f1:6f:84:2c:9a:ce:81:fb:43:5c:da
Signer

Actual PE Digest

5b:e0:42:c5:97:92:d2:a3:f3:f1:6f:84:2c:9a:ce:81:fb:43:5c:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/spuninst.exe
.exe .vbs windows:5 windows x86 arch:x86 polyglot

7e70b13b1b3b9a3dfbb06b778dced783

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d1:0d:93:d2:b5:86:e2:01:0d:61:a5:a1:f2:66:a4:71:64:23:d5:0f
Signer

Actual PE Digest

d1:0d:93:d2:b5:86:e2:01:0d:61:a5:a1:f2:66:a4:71:64:23:d5:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

spuninst.pdb

Imports

comctl32

CreatePropertySheetPageW
PropertySheetW

user32

GetWindow
EnumWindowStationsA
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
GetWindowThreadProcessId
wvsprintfW
EnableWindow
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
MessageBoxW
FindWindowExA
CloseDesktop
EnumWindows
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
CloseWindowStation
LoadIconA
MessageBoxA
SetDlgItemTextA
DialogBoxParamA
SetWindowTextA
DialogBoxParamW
KillTimer
CheckDlgButton
SetTimer
IsDlgButtonChecked
SetDlgItemTextW
DestroyWindow
EnumDesktopsA
SendDlgItemMessageA
ShowWindow
SendMessageA
GetDlgItem
LoadStringW
LoadStringA
EndDialog
SetForegroundWindow
SendMessageW
PostMessageA
SetWindowTextW
SetWindowLongA
GetWindowLongA
GetWindowTextA
GetParent

ntdll

RtlUnwind
strrchr
_strcmpi
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlUnicodeStringToAnsiString
strncat
_itoa
_chkstk
wcslen
wcscpy
_snwprintf
strtoul
_stricmp
_snprintf
strncpy
strchr
sprintf
_strnicmp
strstr
_vsnprintf
NtQueryVirtualMemory

ole32

CoUninitialize
CoInitialize

updspapi

UpdSpGetLineByIndexA
UpdSpGetFieldCount
UpdSpGetLineCountA
UpdSpSetDynamicStringA
UpdSpGetTargetPathA
UpdSpCopyErrorA
UpdSpPromptForDiskA
UpdSpSetDirectoryIdA
UpdSpGetSourceInfoA
UpdSpOpenFileQueue
UpdSpInstallFilesFromInfSectionA
UpdSpInitDefaultQueueCallbackEx
UpdSpScanFileQueueA
UpdSpDefaultQueueCallbackW
UpdSpDefaultQueueCallbackA
UpdSpInstallFromInfSectionA
UpdSpOpenAppendInfFileA
UpdSpDecompressOrCopyFileA
UpdSpGetLineTextW
UpdSpGetIntField
UpdSpCloseInfFile
UpdSpGetBinaryField
UpdSpGetLineTextA
UpdSpGetTargetPathW
UpdSpGetStringFieldW
UpdSpOpenInfFileA
UpdSpFindFirstLineA
UpdSpGetStringFieldA
UpdSpFindNextLine
UpdSpGetMultiSzFieldW
UpdSpFindFirstLineW
UpdSpCommitFileQueueA
UpdSpFindNextMatchLineW

msvcrt

wcscmp
toupper
strspn
atol
strpbrk
_close
_read
_open
mbstowcs
getenv
_ultoa
_wtoi64
_wcsicmp
swprintf
wcstoul
exit
_itow
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
calloc
isdigit
memmove
strcspn
malloc
free
_mbslwr
_strdup
strtok
_vsnwprintf
_lseek

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
OpenServiceW
EnumServicesStatusExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyA
InitiateSystemShutdownA
AbortSystemShutdownA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
GetFileSecurityA
LockServiceDatabase
QueryServiceConfigA
ChangeServiceConfigA
UnlockServiceDatabase
GetNamedSecurityInfoA
SetNamedSecurityInfoA
FreeSid
AdjustTokenPrivileges
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
RegQueryValueExW
EnumDependentServicesA
OpenSCManagerA
StartServiceA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetServiceDisplayNameA
ControlService
SetFileSecurityA
RegCreateKeyExA
RegRestoreKeyA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA

kernel32

DelayLoadFailureHook
DeleteFileA
GetStartupInfoA
CreateProcessW
DeleteFileW
MapViewOfFile
DuplicateHandle
GetSystemDefaultLangID
GetModuleFileNameW
ReleaseMutex
CopyFileW
GetWindowsDirectoryW
GetTempFileNameW
lstrlenW
VirtualFree
GetVersionExW
ExpandEnvironmentStringsW
SearchPathW
lstrcpyW
lstrcpynW
GetDriveTypeW
GetLocalTime
OpenEventA
GetTempFileNameA
CreateFileW
SetEndOfFile
InterlockedIncrement
OpenProcess
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
CreateEventA
CreateEventW
lstrcmpiA
QueryDosDeviceA
DefineDosDeviceA
lstrcmpA
LoadLibraryW
lstrcmpiW
FormatMessageW
GetFileSize
LocalFree
LocalAlloc
CreateFileMappingA
MapViewOfFileEx
FindResourceA
LoadResource
UnmapViewOfFile
ReadFile
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
FindClose
DeviceIoControl
GetSystemDirectoryA
GetDiskFreeSpaceA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
FreeLibrary
GetVersionExA
GetSystemInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentVariableA
CreateMutexA
SetUnhandledExceptionFilter
FormatMessageA
lstrcpynA
lstrcpyA
SetEvent
WaitForSingleObject
GetModuleHandleA
CreateThread
GetCurrentProcess
GetWindowsDirectoryA
SetCurrentDirectoryA
LoadLibraryA
Sleep
VirtualAlloc
WideCharToMultiByte
CopyFileA
SetFileAttributesA
MultiByteToWideChar
GetProcAddress
SetFilePointer
CreateFileA
WriteFile
CloseHandle
RemoveDirectoryA
MoveFileExA
lstrlenA
GetFullPathNameA
ExitProcess
SetLastError
GetModuleFileNameA
SetEnvironmentVariableA
GetFileAttributesA
MoveFileA
GetLastError

gdi32

GetObjectA
CreateFontIndirectA

shell32

SHGetSpecialFolderPathA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

psapi

GetModuleFileNameExA

userenv

ord119
ord138
ord121

rpcrt4

UuidFromStringA

imagehlp

EnumerateLoadedModules64

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/spupdsvc.exe
.exe windows:5 windows x86 arch:x86

e206a5499fa29af0ec1b23f008ea51f7

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e9:d7:8b:f7:b4:65:35:bd:af:ca:1a:dd:5d:d7:41:53:99:a5:5e:8f
Signer

Actual PE Digest

e9:d7:8b:f7:b4:65:35:bd:af:ca:1a:dd:5d:d7:41:53:99:a5:5e:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

spupdsvc.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyW
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
DeleteService
OpenServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW

ntdll

RtlUnwind
_wcsicmp
_snwprintf
wcsncpy
wcschr
wcscpy
wcsrchr
NtQuerySystemInformation
sprintf
_vsnprintf
NtQueryVirtualMemory

setupapi

SetupCloseInfFile
SetupGetLineTextW
SetupFindFirstLineW
SetupOpenInfFileW
SetupFindNextLine

msvcrt

_initterm
__wgetmainargs
exit
_controlfp
_XcptFilter
_exit
_c_exit
free
malloc
wprintf
printf
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_cexit
__setusermatherr
__winitenv

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
DeleteFileW
GetVersionExW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetFileAttributesW
GetModuleFileNameW
FlushFileBuffers
GetWindowsDirectoryA
SetFileAttributesA
DeleteFileA
CreateFileA
SetFilePointer
GetLocalTime
GetLastError
GetTickCount
WriteFile
SetLastError

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/srv2k3/cdrom.sys
.sys windows:5 windows x86 arch:x86

6cc5dc1a1393363f8ddd770ed1c89928

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cdrom.pdb

Imports

ntoskrnl.exe

IoSetHardErrorOrVerifyDevice
_allshr
MmLockPagableDataSection
KeDelayExecutionThread
_allmul
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlGetVersion
KeInitializeSpinLock
MmUnlockPagableImageSection
RtlFreeUnicodeString
IoSetStartIoAttributes
strchr
memmove
_allshl
IoFreeWorkItem
IoReportTargetDeviceChangeAsynchronous
KeReleaseMutex
_aullshr
KeTickCount
ZwCreateKey
KeBugCheckEx
IoGetAttachedDeviceReference
ObfDereferenceObject
IoGetDriverObjectExtension
sprintf
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeMutex
KeSetEvent
KeClearEvent
IoReuseIrp
KeInitializeEvent
IofCompleteRequest
KeEnterCriticalRegion
KeWaitForSingleObject
KeLeaveCriticalRegion
IoStartPacket
IoAllocateWorkItem
IoQueueWorkItem
RtlWriteRegistryValue
IoOpenDeviceRegistryKey
RtlQueryRegistryValues
ZwClose
RtlInitUnicodeString
swprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoAllocateIrp
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
IoFreeIrp
ExAllocatePoolWithTag
IoBuildAsynchronousFsdRequest
ExFreePoolWithTag
IofCallDriver
IoGetConfigurationInformation
IoWMIRegistrationControl
WmiQueryTraceInformation
WmiTraceMessage
IoAllocateDriverObjectExtension
IoStartNextPacket

hal

KfRaiseIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel
KfLowerIrql

classpnp.sys

ClassGetVpb
ClassDisableMediaChangeDetection
ClassFindModePage
ClassSpinDownPowerHandler
ClassInitialize
ClassDeleteSrbLookasideList
ClassGetDriverExtension
ClassInitializeSrbLookasideList
ClassQueryTimeOutRegistryValue
ClassReadDriveCapacity
ClassInitializeMediaChangeDetection
ClassGetDeviceParameter
ClassSetDeviceParameter
ClassResetMediaChangeTimer
ClassScanForSpecial
ClassReleaseQueue
ClassBuildRequest
ClassSplitRequest
ClassClaimDevice
ClassCreateDeviceObject
ClassUpdateInformationInRegistry
ClassInterpretSenseInfo
ClassEnableMediaChangeDetection
ClassIoComplete
ClassSendSrbAsynchronous
ClassSendSrbSynchronous
ClassSendDeviceIoControlSynchronous
ClassAsynchronousCompletion
ClassSendStartUnit
ClassAcquireRemoveLockEx
ClassReleaseRemoveLock
ClassCompleteRequest
ClassDeviceControl

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEHIT2
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEHITA
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGETOSH
Size: 1024B - Virtual size: 534B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/srv2k3/imapi2.dll
.dll regsvr32 windows:6 windows x86 arch:x86

26c8e31b611b022d57aa8726567f3671

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imapi2.pdb

Imports

msvcrt

free
wcsncmp
_wcsnicmp
wcstol
iswdigit
malloc
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memset
??3@YAXPAX@Z
_onexit
_lock
__dllonexit
_unlock
realloc
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_wcslwr
_errno
memmove
_resetstkoflw
calloc
memcpy
??2@YAPAXI@Z

ntdll

RtlUnwind

user32

CharNextW
PostQuitMessage
GetWindowLongW
PostMessageW
DefWindowProcW
UnregisterDeviceNotification
DestroyWindow
UnregisterClassW
MsgWaitForMultipleObjects
RegisterClassExW
CreateWindowExW
SetWindowLongW
RegisterDeviceNotificationW

advapi32

UnregisterTraceGuids
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
StringFromGUID2

oleaut32

SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VariantClear
SysAllocStringByteLen
SafeArrayCreateVector
SysAllocStringLen
SafeArrayDestroy
SysAllocString
DispCallFunc
VariantInit
LoadTypeLi
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysFreeString
VarUI4FromStr
SysStringLen
LoadRegTypeLi

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

rpcrt4

NdrStubCall2
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported

kernel32

InterlockedExchange
GetVersionExA
GetThreadLocale
SetThreadLocale
WaitForSingleObject
InterlockedExchangeAdd
ResetEvent
CreateThread
ResumeThread
GetExitCodeThread
SetEvent
GetVolumeNameForVolumeMountPointW
CreateEventW
DeviceIoControl
GetOverlappedResult
GetVolumePathNamesForVolumeNameW
SetErrorMode
InterlockedCompareExchange
VirtualAlloc
GetNativeSystemInfo
VirtualFree
CloseHandle
InitializeCriticalSectionAndSpinCount
SetLastError
GetTickCount
Sleep
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
LocalAlloc
GetSystemTimeAsFileTime
LocalFree
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
OutputDebugStringA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 477B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/srv2k3/imapi2fs.dll
.dll regsvr32 windows:6 windows x86 arch:x86

3042d7185f81dda08a65ad7485a4a0ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imapi2fs.pdb

Imports

msvcrt

_vscwprintf
srand
_wstat
_localtime64
_gmtime64
_time64
__RTDynamicCast
rand
?name@type_info@@QBEPBDXZ
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
_onexit
__RTtypeid
__dllonexit
_unlock
realloc
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
_XcptFilter
??0exception@@QAE@ABV0@@Z
_resetstkoflw
calloc
wcsstr
wcsncmp
wcsrchr
qsort
mbtowc
wcschr
_wgetenv
swscanf
iswspace
_wcsicmp
memmove
_vsnprintf
_vsnwprintf
_errno
__CxxFrameHandler
memset
_CxxThrowException
_wtoi
_wremove
ceil
_wcsupr
_lock
memcpy
free
_amsg_exit

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlOemToUnicodeN
RtlMultiByteToUnicodeN
RtlUnicodeToOemN
RtlUnicodeToMultiByteN
NtDeviceIoControlFile
NtClose
NtReadFile
NtWriteFile
NtOpenFile
RtlInitUnicodeString
NtQueryInformationFile
RtlFreeUnicodeString
NtSetInformationFile
RtlDeleteElementGenericTable
RtlFindSetBits
RtlClearBits
RtlInitializeBitMap
RtlLookupElementGenericTable
RtlNumberOfSetBits
RtlEnumerateGenericTableWithoutSplaying
RtlSetBits
RtlInsertElementGenericTable
RtlInitializeGenericTable
RtlPrefixUnicodeString
DbgPrint
RtlQueryRegistryValues
RtlUnwind

user32

wsprintfW
UnregisterClassW
CharNextW

advapi32

RegQueryValueExW
RegEnumKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

CreateErrorInfo
SafeArrayUnlock
SafeArrayCreateVector
SafeArrayLock
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
VariantInit
VariantClear
SetErrorInfo
SysAllocStringLen
GetErrorInfo

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
OutputDebugStringA
InterlockedExchange
GetVersionExA
CreateEventA
GetOverlappedResult
GetTempPathW
GlobalFree
GetDriveTypeW
LocalAlloc
LocalFree
Sleep
HeapSize
GetModuleHandleExW
FormatMessageW
FindNextFileW
FindClose
SetLastError
GetFullPathNameW
GetSystemTime
SetUnhandledExceptionFilter
FileTimeToSystemTime
ReadFile
CreateFileW
CloseHandle
WriteFile
DeviceIoControl
WideCharToMultiByte
GetConsoleCP
InterlockedCompareExchange
FindFirstFileW
SetErrorMode
SleepEx
GetThreadLocale
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LockResource
FindResourceExW
GetDiskFreeSpaceExW
GetFileAttributesExW
SetFilePointer
SetEndOfFile
GetFileSize
GlobalAlloc
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SetThreadLocale
RaiseException
lstrlenW

rpcrt4

CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrClientCall2
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_QueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

shlwapi

SHCreateStreamOnFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 562KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/update/kb952011.cat
$TEMP/PicasaInstaller/update/spcustom.dll
.dll windows:5 windows x86 arch:x86

97061b17fbea6e074ad332f811a6f9c7

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b3:72:b8:94:fa:0c:6c:d6:43:3a:ad:01:54:17:da:b0:78:1b:f2:95
Signer

Actual PE Digest

b3:72:b8:94:fa:0c:6c:d6:43:3a:ad:01:54:17:da:b0:78:1b:f2:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

spcustom.pdb

Imports

msvcrt

_adjust_fdiv
_initterm
_stricmp
sprintf
_strlwr
_strnicmp
strstr
strchr
memmove
atoi
strrchr
_except_handler3
malloc
free

kernel32

TerminateProcess
GetCurrentProcess
GetVersionExA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnmapViewOfFile
CloseHandle
LoadResource
SetLastError
GetLastError
FindResourceA
MapViewOfFileEx
CreateFileMappingA
CreateFileA
GetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
FreeLibrary
lstrcpyA
GetProcAddress
LoadLibraryA
GetCurrentProcessId
GetSystemInfo
GetCommandLineA
Sleep
lstrlenA
ExpandEnvironmentStringsA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
UnhandledExceptionFilter

advapi32

OpenSCManagerA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
ControlService
RegCloseKey
OpenServiceA
CloseServiceHandle
StartServiceA
QueryServiceStatus

winspool.drv

GetPrinterDriverDirectoryA
GetPrintProcessorDirectoryA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

ArchivingComplete
BeginInstallation
BlockMSNCopy
ConfirmInstallation
CopyingComplete
EndInstallation
FailedInstallation
GetClusterPathName
GetFPNWPathName
GetHTRPathName
GetJVMStage
GetMSI20Stage
GetMtsPathName
GetOsProductType
GetPBAPath
GetPrintProcessorPath
GetPrinterDriverPath
GetRISAdminPathName
GetRISPathName
GetSmsPathName
GetSupportToolsPathName
IsMediaCenterPC
IsStartEdition
IsTabletPC
IsWMUpgradeable
OnACPower
SuccessInstallation
WindowsFirewallIsOpmodeOff

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 938B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/update/update.exe
.exe .vbs windows:5 windows x86 arch:x86 polyglot

6c65741b84ef10d29b294ed68e8a07f6

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3f:cb:4c:3c:c4:0c:f2:69:46:65:03:a8:ba:e9:c7:20:67:de:80:0a
Signer

Actual PE Digest

3f:cb:4c:3c:c4:0c:f2:69:46:65:03:a8:ba:e9:c7:20:67:de:80:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

D:\binaries.x86fre\SCP_WPA\update.PDB

Imports

advapi32

QueryServiceConfigA
UnlockServiceDatabase
GetNamedSecurityInfoA
SetNamedSecurityInfoA
GetTokenInformation
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
RegLoadKeyA
RegUnLoadKeyA
AdjustTokenPrivileges
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
GetLengthSid
CopySid
GetAclInformation
SetFileSecurityW
AddAce
RegQueryInfoKeyA
RegSaveKeyA
RegFlushKey
EnumDependentServicesA
InitializeAcl
AddAccessAllowedAce
SetFileSecurityA
QueryServiceStatus
GetServiceDisplayNameA
RegOpenKeyA
RegDeleteValueA
OpenSCManagerA
OpenServiceA
StartServiceA
ControlService
CloseServiceHandle
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegSetKeySecurity
FreeSid
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LockServiceDatabase
GetFileSecurityA
RegOpenKeyExW
AbortSystemShutdownA
InitiateSystemShutdownA
OpenServiceW
EnumServicesStatusExA
ChangeServiceConfigA

comctl32

PropertySheetW
CreatePropertySheetPageW

crypt32

CertCreateCertificateContext
CertOpenStore
CryptEncodeObject
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CertCloseStore
CertFreeCertificateContext

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateCompatibleDC
GetDIBits
SelectObject
StretchBlt
BitBlt

imagehlp

EnumerateLoadedModules64

kernel32

GetCompressedFileSizeA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetCurrentProcess
GetTempPathA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
FreeResource
lstrlenA
GetSystemInfo
SetEnvironmentVariableA
SetUnhandledExceptionFilter
ExitProcess
GetFullPathNameA
GetVolumeInformationA
lstrcmpA
GetWindowsDirectoryW
GetVolumeInformationW
SetErrorMode
GetCommandLineA
GetCommandLineW
CreateMutexA
WaitForSingleObject
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
FileTimeToDosDateTime
GetModuleHandleA
FormatMessageW
ReadFile
GetTickCount
CreateEventA
CreateThread
SetThreadPriority
WaitForMultipleObjects
SetEvent
RemoveDirectoryA
EnterCriticalSection
GetExitCodeProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessA
MapViewOfFileEx
FreeLibrary
DeviceIoControl
GetFileAttributesExA
VirtualFree
WritePrivateProfileStringA
SetCurrentDirectoryA
GetModuleFileNameA
VirtualAlloc
FindNextFileW
GetEnvironmentVariableA
InitializeCriticalSection
Sleep
GetThreadLocale
lstrcmpiW
FindFirstFileW
GetLocaleInfoA
GetPrivateProfileStringA
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
GetStartupInfoA
GetFileTime
FlushFileBuffers
GetProcessHeap
GetComputerNameA
SetFilePointer
WriteFile
HeapFree
InterlockedCompareExchange
GetSystemDirectoryA
GetTempFileNameA
CopyFileA
OpenProcess
MoveFileExA
SetFileAttributesA
GetVersionExA
LocalAlloc
LocalFree
SetLastError
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetDriveTypeA
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
lstrcmpiA
FormatMessageA
GetFileAttributesA
CreateDirectoryA
GetSystemDirectoryW
LoadLibraryA
GetProcAddress
GetLastError
GetWindowsDirectoryA
DeleteFileA
lstrcpynA
DefineDosDeviceA
QueryDosDeviceA
CreateEventW
WriteProcessMemory
VirtualAllocEx
CreateRemoteThread
InterlockedIncrement
GetFullPathNameW
GetFileSizeEx
OpenEventA
GetLocalTime
lstrlenW
GetDriveTypeW
lstrcpynW
lstrcpyW
SearchPathW
ExpandEnvironmentStringsW
GetVersionExW
GetTempFileNameW
CopyFileW
ReleaseMutex
GetModuleFileNameW
GetSystemDefaultLangID
DuplicateHandle
CreateProcessW
OpenFileMappingA
RaiseException
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
HeapDestroy
HeapCreate
ReleaseSemaphore
SetEndOfFile
InterlockedDecrement
GetCurrentThread
GetExitCodeThread
CreateSemaphoreA
MoveFileA
HeapAlloc
DeleteFileW
CreateFileW
FlushViewOfFile
QueryPerformanceCounter
DelayLoadFailureHook
LeaveCriticalSection
FindClose
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemTime
VirtualProtect
InitializeCriticalSectionAndSpinCount
GetVersion
TlsFree

mpr

WNetGetUniversalNameA
WNetGetUserA

msvcrt

_itoa
strncpy
_except_handler3
strchr
_stricmp
sprintf
strrchr
mbstowcs
malloc
free
_vsnprintf
memmove
vsprintf
strncat
_wcsdup
_errno
_open
_read
_snprintf
_write
_close
_lseek
remove
_tempnam
wcscat
_vsnwprintf
ctime
_wcsicmp
_strnicmp
wcsstr
_snwprintf
_local_unwind2
_memicmp
atoi
realloc
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memchr
_strcmpi
wcscpy
_mbslwr
strstr
swprintf
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_ltoa
wcschr
fprintf
wcstoul
wcslen
_strdup
calloc
getenv
strtoul
strncmp
_mbsupr
rename
strcspn
isdigit
wcsrchr
wcscmp
wcsncat
wcsncpy
toupper
strspn
atol
strpbrk
isspace
_ultoa
_wtoi64
_wcslwr
strtok
_itow
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
__CxxFrameHandler
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
fclose
??2@YAPAXI@Z
fopen

ntdll

RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlRaiseStatus
RtlFreeHeap
RtlAllocateHeap
NtYieldExecution
NtSetSystemInformation
NtCreateSection
NtOpenFile
NtOpenSection
NtOpenDirectoryObject
RtlCompareUnicodeString
NtCreateFile
RtlDosPathNameToNtPathName_U
LdrUnloadDll
NtFreeVirtualMemory
NtQueryInformationThread
NtWaitForSingleObject
RtlCreateUserThread
NtWriteVirtualMemory
NtAllocateVirtualMemory
NtOpenProcess
LdrGetProcedureAddress
LdrLoadDll
RtlDestroyHeap
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlGetAce
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
RtlCreateHeap
DbgPrint
RtlFreeUnicodeString
NtQuerySystemTime
RtlTimeToTimeFields

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString

psapi

GetModuleFileNameExA

rpcrt4

UuidFromStringA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA
SHBrowseForFolderA

updspapi

UpdSpSetDynamicStringA
UpdSpCopyErrorA
UpdSpPromptForDiskA
UpdSpInitDefaultQueueCallbackEx
UpdSpIterateCabinetA
UpdSpGetLineCountW
UpdSpGetLineByIndexW
UpdSpGetStringFieldW
UpdSpCommitFileQueueA
UpdSpOpenFileQueue
UpdSpGetSourceInfoA
UpdSpGetSourceFileLocationA
UpdSpCloseFileQueue
UpdSpDefaultQueueCallbackW
UpdSpDefaultQueueCallbackA
UpdSpDecompressOrCopyFileA
UpdSpGetTargetPathW
UpdSpInstallFromInfSectionA
UpdSpQueueCopyA
UpdSpGetIntField
UpdSpGetBinaryField
UpdSpScanFileQueueA
UpdSpGetLineTextW
UpdSpOpenInfFileA
UpdSpCloseInfFile
UpdSpSetDirectoryIdA
UpdSpInstallFilesFromInfSectionA
UpdSpGetLineCountA
UpdSpGetLineByIndexA
UpdSpGetStringFieldA
UpdSpFindFirstLineA
UpdSpGetLineTextA
UpdSpGetFieldCount
UpdSpFindNextLine
UpdSpGetMultiSzFieldW
UpdSpFindFirstLineW
UpdSpFindNextMatchLineW
UpdSpGetTargetPathA

user32

ShowWindow
wvsprintfW
EnumWindowStationsA
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
EnumDesktopsA
CloseWindowStation
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
EnumWindows
CloseDesktop
GetClientRect
FindWindowExA
GetWindowThreadProcessId
GetWindow
RegisterClassA
CreateWindowExA
DefWindowProcA
MessageBoxW
GetSystemMetrics
LoadStringA
LoadStringW
MessageBoxA
PostQuitMessage
DestroyWindow
SendMessageA
SetDlgItemTextA
SystemParametersInfoA
EnableWindow
GetDlgItem
DispatchMessageA
TranslateMessage
GetMessageA
PostThreadMessageA
SetWindowTextW
RedrawWindow
SetWindowLongA
GetWindowLongA
GetWindowTextA
PostMessageA
EnumChildWindows
SetDlgItemTextW
LoadBitmapA
IsDlgButtonChecked
SetTimer
CheckDlgButton
KillTimer
ReleaseDC
GetDC
SetForegroundWindow
SetWindowTextA
EndDialog
DialogBoxParamA
GetDesktopWindow
SetFocus

userenv

ord138
ord121
ord119

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA

winspool.drv

GetPrinterDriverDirectoryA

Sections

.text
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/update/update.ver
$TEMP/PicasaInstaller/update/update_srv2k3.inf
$TEMP/PicasaInstaller/update/update_xp.inf
$TEMP/PicasaInstaller/update/updatebr.inf
$TEMP/PicasaInstaller/update/updspapi.dll
.dll windows:5 windows x86 arch:x86

48d33c128589c5c1581b1025133d0e4a

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

78:c3:2a:66:88:74:4e:47:d7:c1:e0:31:6a:e4:04:c8:d3:c1:97:4b
Signer

Actual PE Digest

78:c3:2a:66:88:74:4e:47:d7:c1:e0:31:6a:e4:04:c8:d3:c1:97:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

updspapi.pdb

Imports

msvcrt

swprintf
_wcsicmp
wcsrchr
_wcsnicmp
towupper
_endthread
_beginthread
wcstoul
memmove
wcscat
wcschr
wcscpy
_strnicmp
iswctype
_vsnwprintf
strrchr
wcscmp
wcslen
_abnormal_termination
free
_initterm
_adjust_fdiv
malloc
wcsncmp
_except_handler3

ntdll

NtQueryInformationProcess

advapi32

RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
SetFileSecurityW
GetFileSecurityW
IsTextUnicode
RegSetValueExW

gdi32

GetTextExtentExPointW
SelectObject

kernel32

HeapAlloc
CompareStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapReAlloc
FreeLibrary
GetProcAddress
GetSystemDirectoryA
LoadLibraryA
FindClose
ResetEvent
GetDriveTypeW
HeapFree
GetProcessHeap
CreateMutexW
InterlockedCompareExchange
OutputDebugStringW
GetModuleHandleW
FindFirstFileW
SetErrorMode
CreateDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
SetLastError
GetLastError
Sleep
FlushFileBuffers
SetEndOfFile
CloseHandle
UnmapViewOfFile
LocalFree
WriteFile
FormatMessageW
GetVersionExW
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
SetFilePointer
lstrlenA
GetCurrentProcessId
GetLocalTime
lstrlenW
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetFileAttributesW
InitializeCriticalSection
lstrcatW
lstrcpyW
DeleteFileW
SetFileAttributesW
GetTempFileNameW
lstrcpynW
lstrcmpiW
GetFileTime
SetFileTime
CopyFileW
MoveFileW
CreateFileA
ReadFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
RaiseException
TlsSetValue
LocalAlloc
TlsGetValue
GetModuleFileNameW
GetSystemDirectoryW
TlsAlloc
TlsFree
WaitForMultipleObjects
ReleaseMutex
GetLocaleInfoW
SetEvent
DuplicateHandle
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
CreateEventW
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
MoveFileExW
GetShortPathNameW
GetFullPathNameW
lstrcpyA
LoadLibraryW
lstrcmpiA
ExpandEnvironmentStringsW
GetStringTypeExW
GetThreadLocale
lstrcpynA
lstrcmpW
DeviceIoControl

mpr

WNetCancelConnection2W
WNetGetResourceInformationW
WNetAddConnection3W

ole32

OleUninitialize
OleInitialize

shell32

SHGetSpecialFolderPathW

user32

wvsprintfW
ClientToScreen
GetClientRect
GetSystemMetrics
MoveWindow
CharNextW
CharLowerW
CharPrevA
DialogBoxParamW
GetWindowTextLengthW
UpdateWindow
RemovePropW
LoadIconW
SendDlgItemMessageW
GetParent
EnableWindow
GetWindowLongW
MessageBeep
CharUpperW
GetDC
GetWindowRect
ReleaseDC
IsWindow
wsprintfW
CharPrevW
GetUserObjectInformationW
GetProcessWindowStation
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
SendMessageW
SetWindowTextW
ShowWindow
GetDlgItem
SetDlgItemTextW
GetWindowTextW
GetKeyboardType
PostMessageW
EndDialog
LoadStringW
GetDlgItemTextW
SetPropW
GetPropW
SetForegroundWindow
GetWindow
SetFocus
DestroyWindow
SetWindowLongW
RegisterWindowMessageW
SystemParametersInfoW
MessageBoxW

winspool.drv

GetPrintProcessorDirectoryW
GetPrinterDriverDirectoryW

Exports

Exports

UpdSpCloseFileQueue
UpdSpCloseInfFile
UpdSpCommitFileQueueA
UpdSpCommitFileQueueW
UpdSpCopyErrorA
UpdSpCopyErrorW
UpdSpDecompressOrCopyFileA
UpdSpDecompressOrCopyFileW
UpdSpDefaultQueueCallbackA
UpdSpDefaultQueueCallbackW
UpdSpDeleteErrorA
UpdSpDeleteErrorW
UpdSpEnumInfSectionsA
UpdSpEnumInfSectionsW
UpdSpFindFirstLineA
UpdSpFindFirstLineW
UpdSpFindNextLine
UpdSpFindNextMatchLineA
UpdSpFindNextMatchLineW
UpdSpGetBinaryField
UpdSpGetFieldCount
UpdSpGetIntField
UpdSpGetLineByIndexA
UpdSpGetLineByIndexW
UpdSpGetLineCountA
UpdSpGetLineCountW
UpdSpGetLineTextA
UpdSpGetLineTextW
UpdSpGetMultiSzFieldA
UpdSpGetMultiSzFieldW
UpdSpGetSourceFileLocationA
UpdSpGetSourceFileLocationW
UpdSpGetSourceInfoA
UpdSpGetSourceInfoW
UpdSpGetStringFieldA
UpdSpGetStringFieldW
UpdSpGetTargetPathA
UpdSpGetTargetPathW
UpdSpInitDefaultQueueCallback
UpdSpInitDefaultQueueCallbackEx
UpdSpInstallFilesFromInfSectionA
UpdSpInstallFilesFromInfSectionW
UpdSpInstallFromInfSectionA
UpdSpInstallFromInfSectionW
UpdSpIterateCabinetA
UpdSpIterateCabinetW
UpdSpOpenAppendInfFileA
UpdSpOpenAppendInfFileW
UpdSpOpenFileQueue
UpdSpOpenInfFileA
UpdSpOpenInfFileW
UpdSpPromptForDiskA
UpdSpPromptForDiskW
UpdSpQueueCopyA
UpdSpQueueCopySectionA
UpdSpQueueCopySectionW
UpdSpQueueCopyW
UpdSpQueueDeleteA
UpdSpQueueDeleteSectionA
UpdSpQueueDeleteSectionW
UpdSpQueueDeleteW
UpdSpScanFileQueueA
UpdSpScanFileQueueW
UpdSpSetDirectoryIdA
UpdSpSetDirectoryIdW
UpdSpSetDynamicStringA
UpdSpSetDynamicStringExA
UpdSpSetDynamicStringExW
UpdSpSetDynamicStringW
UpdSpTermDefaultQueueCallback

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/winxp/cdrom.sys
.sys windows:5 windows x86 arch:x86

f509526c57659135a7b9400d79e03340

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cdrom.pdb

Imports

ntoskrnl.exe

IoSetHardErrorOrVerifyDevice
_allshr
MmLockPagableDataSection
KeDelayExecutionThread
_allmul
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlGetVersion
KeInitializeSpinLock
MmUnlockPagableImageSection
RtlFreeUnicodeString
IoSetStartIoAttributes
strchr
memmove
_allshl
IoFreeWorkItem
IoReportTargetDeviceChangeAsynchronous
KeReleaseMutex
_aullshr
KeTickCount
ZwCreateKey
KeBugCheckEx
IoGetAttachedDeviceReference
ObfDereferenceObject
IoGetDriverObjectExtension
sprintf
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeMutex
KeSetEvent
KeClearEvent
IoReuseIrp
KeInitializeEvent
IofCompleteRequest
KeEnterCriticalRegion
KeWaitForSingleObject
KeLeaveCriticalRegion
IoStartPacket
IoAllocateWorkItem
IoQueueWorkItem
RtlWriteRegistryValue
IoOpenDeviceRegistryKey
RtlQueryRegistryValues
ZwClose
swprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoAllocateIrp
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
IoFreeIrp
ExAllocatePoolWithTag
IoBuildAsynchronousFsdRequest
ExFreePoolWithTag
IofCallDriver
IoGetConfigurationInformation
IoWMIRegistrationControl
RtlInitUnicodeString
WmiQueryTraceInformation
WmiTraceMessage
IoAllocateDriverObjectExtension
IoStartNextPacket

hal

KfRaiseIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel
KfLowerIrql

classpnp.sys

ClassGetVpb
ClassDisableMediaChangeDetection
ClassFindModePage
ClassSpinDownPowerHandler
ClassInitialize
ClassDeleteSrbLookasideList
ClassGetDriverExtension
ClassInitializeSrbLookasideList
ClassQueryTimeOutRegistryValue
ClassReadDriveCapacity
ClassInitializeMediaChangeDetection
ClassGetDeviceParameter
ClassSetDeviceParameter
ClassResetMediaChangeTimer
ClassScanForSpecial
ClassReleaseQueue
ClassBuildRequest
ClassSplitRequest
ClassClaimDevice
ClassCreateDeviceObject
ClassUpdateInformationInRegistry
ClassInterpretSenseInfo
ClassEnableMediaChangeDetection
ClassIoComplete
ClassSendSrbAsynchronous
ClassSendSrbSynchronous
ClassSendDeviceIoControlSynchronous
ClassAsynchronousCompletion
ClassSendStartUnit
ClassAcquireRemoveLockEx
ClassReleaseRemoveLock
ClassCompleteRequest
ClassDeviceControl

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEHIT2
Size: 128B - Virtual size: 101B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEHITA
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGETOSH
Size: 640B - Virtual size: 534B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 384B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/winxp/imapi2.dll
.dll regsvr32 windows:6 windows x86 arch:x86

fdf50ba05f0e81e8a26e5b6d120a441a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imapi2.pdb

Imports

msvcrt

free
wcsncmp
_wcsnicmp
wcstol
iswdigit
malloc
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memset
??3@YAXPAX@Z
_onexit
_lock
__dllonexit
_unlock
realloc
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_wcslwr
_errno
memmove
_resetstkoflw
calloc
memcpy
??2@YAPAXI@Z

ntdll

RtlUnwind

user32

MsgWaitForMultipleObjects
CharNextW
PostQuitMessage
GetWindowLongW
PostMessageW
DefWindowProcW
UnregisterDeviceNotification
DestroyWindow
UnregisterClassW
RegisterClassExW
CreateWindowExW
SetWindowLongW
RegisterDeviceNotificationW

advapi32

UnregisterTraceGuids
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
TraceMessage
RegEnumKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
RegSetValueExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
StringFromGUID2

oleaut32

SysAllocStringLen
SafeArrayCreateVector
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VariantInit
SafeArrayDestroy
SysAllocString
DispCallFunc
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysFreeString
VarUI4FromStr

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

rpcrt4

CStdStubBuffer_AddRef
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
CStdStubBuffer_QueryInterface
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface

kernel32

InterlockedExchange
GetVersionExA
GetThreadLocale
SetThreadLocale
WaitForSingleObject
InterlockedExchangeAdd
ResetEvent
CreateThread
ResumeThread
GetExitCodeThread
SetEvent
GetVolumeNameForVolumeMountPointW
CreateEventW
DeviceIoControl
GetOverlappedResult
GetVolumePathNamesForVolumeNameW
SetErrorMode
InterlockedCompareExchange
VirtualAlloc
GetNativeSystemInfo
VirtualFree
CloseHandle
InitializeCriticalSectionAndSpinCount
SetLastError
GetTickCount
Sleep
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
LocalAlloc
GetSystemTimeAsFileTime
LocalFree
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
OutputDebugStringA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 477B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PicasaInstaller/winxp/imapi2fs.dll
.dll regsvr32 windows:6 windows x86 arch:x86

983aad5138ce75b4be04c13b0e89bd90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imapi2fs.pdb

Imports

msvcrt

_vscwprintf
srand
_wstat
_localtime64
_gmtime64
_time64
__RTDynamicCast
rand
?name@type_info@@QBEPBDXZ
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
_onexit
_lock
__RTtypeid
_unlock
realloc
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
malloc
_XcptFilter
??0exception@@QAE@ABV0@@Z
_resetstkoflw
calloc
wcsstr
wcsncmp
wcsrchr
qsort
mbtowc
wcschr
_wgetenv
swscanf
iswspace
_wcsicmp
memmove
_vsnprintf
_vsnwprintf
memcpy
_errno
__CxxFrameHandler
memset
_CxxThrowException
_wtoi
_wremove
ceil
_wcsupr
__dllonexit
free
_initterm

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlOemToUnicodeN
RtlMultiByteToUnicodeN
RtlUnicodeToOemN
RtlUnicodeToMultiByteN
NtDeviceIoControlFile
NtClose
NtReadFile
NtWriteFile
NtOpenFile
RtlInitUnicodeString
NtQueryInformationFile
RtlFreeUnicodeString
NtSetInformationFile
RtlDeleteElementGenericTable
RtlFindSetBits
RtlClearBits
RtlInitializeBitMap
RtlLookupElementGenericTable
RtlNumberOfSetBits
RtlEnumerateGenericTableWithoutSplaying
RtlSetBits
RtlInsertElementGenericTable
RtlInitializeGenericTable
RtlPrefixUnicodeString
DbgPrint
RtlQueryRegistryValues
RtlUnwind

user32

wsprintfW
UnregisterClassW
CharNextW

advapi32

RegQueryValueExW
RegEnumKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

CreateErrorInfo
SafeArrayUnlock
SafeArrayCreateVector
SafeArrayLock
SafeArrayGetElement
SafeArrayGetUBound
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SafeArrayGetLBound
SafeArrayGetDim
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
VariantInit
VariantClear
SetErrorInfo
SysAllocStringLen
GetErrorInfo

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
OutputDebugStringA
InterlockedExchange
GetVersionExA
CreateEventA
GetOverlappedResult
GetTempPathW
GlobalFree
GetDriveTypeW
LocalAlloc
LocalFree
Sleep
HeapSize
GetModuleHandleExW
FormatMessageW
FindNextFileW
FindClose
SetLastError
GetFullPathNameW
GetSystemTime
SystemTimeToFileTime
SetUnhandledExceptionFilter
ReadFile
CreateFileW
CloseHandle
WriteFile
DeviceIoControl
WideCharToMultiByte
GetConsoleCP
InterlockedCompareExchange
FindFirstFileW
SetErrorMode
SleepEx
GetThreadLocale
SetThreadLocale
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
LockResource
FindResourceExW
GetDiskFreeSpaceExW
GetFileAttributesExW
SetFilePointer
SetEndOfFile
GetFileSize
GlobalAlloc
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetModuleHandleW

rpcrt4

CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_QueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
NdrClientCall2

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

shlwapi

SHCreateStreamOnFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 562KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Picasa3.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 912KB - Virtual size: 910KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_062a0d024a3edf6028babdbb70e32560.vir
.exe windows:4 windows x86 arch:x86

7dec29dc0130f8ac1032332fc66ed1ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut
midiOutPrepareHeader
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty

ws2_32

WSACleanup
closesocket
getpeername
accept
WSAAsyncSelect
recvfrom
ioctlsocket
inet_ntoa
recv

kernel32

SetLastError
GetTimeZoneInformation
GetVersion
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
GetStringTypeExA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetFileSize
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
TerminateThread
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
DeviceIoControl
SetEvent
FindResourceA
LoadResource
LockResource
lstrlenW
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
InterlockedCompareExchange
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
SetFileAttributesA
GetFileAttributesA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
VirtualProtect
VirtualQuery
GetSystemInfo
GetLocalTime

user32

GetMenu
DeleteMenu
GetSystemMenu
DefWindowProcA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
CreatePopupMenu
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
GetSysColorBrush
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
TranslateMessage
LoadIconA
GetForegroundWindow
GetDesktopWindow
GetClassNameA
GetDlgItem
FindWindowExA
GetWindowTextA
ChildWindowFromPointEx
UnregisterClassA
DrawFrameControl
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA

gdi32

PtVisible
GetViewportExtEx
ExtSelectClipRgn
SelectObject
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
RectVisible
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
SetBkMode
RestoreDC
SaveDC

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CLSIDFromProgID
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize

oleaut32

VariantChangeType
VariantClear
UnRegisterTypeLi
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData

comctl32

ImageList_GetImageCount
ImageList_SetBkColor
ord17
ImageList_Destroy
ImageList_Read
ImageList_Duplicate

comdlg32

ChooseFontA
ChooseColorA
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

Sections

.text
Size: 840KB - Virtual size: 838KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0654dc4978689ef0c07a2e65b8b82712.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_07354ef0c4bb0112ab71c598e1923536.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0a2d7abc61b289ce20f930206e67cca4.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0b1c7343bdcacd4fdc3a30e4908066f2.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0b421460741d129372482300b0c2c454.vir
.exe windows:5 windows x86 arch:x86

64ba7822df1bf2e5de512677c377f608

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\DCB\CBT_Main\Acrobat\Installers\BootStrapExe_Small\Release\Setup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetErrorMode
LoadLibraryExA
GetCommandLineW
GetSystemTimeAsFileTime
RtlUnwind
CreateThread
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
SetStdHandle
GetFileType
ExitProcess
GetModuleHandleExW
LocalAlloc
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
OutputDebugStringW
LCMapStringW
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
FileTimeToSystemTime
FindNextFileW
FileTimeToLocalFileTime
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
EncodePointer
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleA
GetModuleFileNameW
OutputDebugStringA
GetACP
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
GetUserDefaultUILanguage
GetVersionExW
DeleteFileW
GetTempFileNameW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
GetSystemInfo
GetCurrentProcess
FreeResource
GetTempPathW
GetCurrentDirectoryW
GetSystemDirectoryW
CreateProcessW
CloseHandle
WaitForSingleObject
SetLastError
GetLastError
GetExitCodeProcess
GetUserDefaultLangID
LoadLibraryW
Sleep
ResumeThread
FreeLibrary
GetThreadPriority
FindResourceW
FormatMessageW
SizeofResource
LoadResource
LocalFree
LockResource
SetDllDirectoryW
SetCurrentDirectoryW
GetSystemWindowsDirectoryW
GetModuleHandleW
GetProcAddress
HeapQueryInformation

user32

InvalidateRect
DestroyMenu
RealChildWindowFromPoint
ClientToScreen
EndPaint
BeginPaint
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
LoadCursorW
GetSysColorBrush
ReleaseDC
GetDC
GetWindowThreadProcessId
SetCursor
PostQuitMessage
GetSystemMetrics
CharUpperW
GetCursorPos
TranslateMessage
GetMessageW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongW
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
GetWindowRect
GetClientRect
RemovePropW
GetPropW
SetPropW
ValidateRect
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetDesktopWindow
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
CreateDialogIndirectParamW
DestroyWindow
IsDialogMessageW
GetWindow
SetWindowLongW
GetWindowLongW
GetWindowTextW
SetWindowTextW
IsWindowEnabled
GetFocus
SetFocus
AdjustWindowRectEx
GetDlgCtrlID
GetDlgItem
SetWindowPos
ShowWindow
IsWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetParent
SendDlgItemMessageA
UnregisterClassW
EndDialog
PostMessageW
EnableWindow
KillTimer
SetTimer
SendMessageW
RedrawWindow
GetClassNameW

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SelectObject
CreateBitmap
GetDeviceCaps
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteObject
DeleteDC
GetObjectW
SetTextColor
SetBkColor
SetMapMode

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
InitiateSystemShutdownW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegCreateKeyExW
RegCreateKeyW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathFileExistsW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
StrFormatByteSizeW

ole32

CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantChangeType
VariantClear
VariantInit
SysFreeString

urlmon

URLDownloadToFileW

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0b57521848306a715d1908e6bb743dd8.vir
.exe windows:6 windows x86 arch:x86

8507116e3d0e7e02e36e7dc5b8aa1af8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

mpr

WNetEnumResourceW
WNetGetUniversalNameW
WNetGetConnectionW
WNetCloseEnum
WNetOpenEnumW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

comctl32

FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_Draw
ImageList_Remove

shell32

SHBrowseForFolderW
SHGetMalloc
SHGetFileInfoW
SHChangeNotify
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
GetMessageW
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
ScrollWindowEx
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
OffsetRect
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
GetSystemMenu
WaitForInputIdle
ShowOwnedPopups
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
InflateRect
GetKeyboardLayoutList
OemToCharBuffA
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
SendNotifyMessageW
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ExitWindowsEx
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
CharToOemBuffA
DrawTextW
SetScrollRange
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
SetRectEmpty
UpdateWindow
RemovePropW
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SendMessageTimeoutW
BringWindowToTop
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowPos
SetWindowRgn
GetMenuItemCount
RemoveMenu
AppendMenuW
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
DestroyCursor
ReplyMessage
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
LoadImageW
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
LoadTypeLib
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
RegisterTypeLib
VariantChangeType
VariantCopyInd

advapi32

RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
GetUserNameW
RegQueryInfoKeyW
EqualSid
GetTokenInformation
RegCreateKeyExW
SetSecurityDescriptorDacl
RegEnumKeyExW
AdjustTokenPrivileges
RegDeleteKeyW
LookupPrivilegeValueW
RegOpenKeyExW
OpenProcessToken
FreeSid
AllocateAndInitializeSid
RegDeleteValueW
RegFlushKey
RegEnumValueW
RegQueryValueExW
ConvertSidToStringSidW
RegCloseKey
InitializeSecurityDescriptor

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
SetFileTime
GetACP
GetExitCodeProcess
IsBadWritePtr
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
HeapAlloc
ExitProcess
WriteProfileStringW
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
HeapDestroy
CompareFileTime
ReadFile
CreateProcessW
TransactNamedPipe
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
OpenMutexW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
GetSystemTimeAsFileTime
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetLogicalDrives
LocalFileTimeToFileTime
SetNamedPipeHandleState
LoadLibraryExW
TerminateProcess
LockResource
FileTimeToSystemTime
GetShortPathNameW
GetCurrentThreadId
UnhandledExceptionFilter
MoveFileExW
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
FlushFileBuffers
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
DeviceIoControl
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateNamedPipeW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetOverlappedResult
GetSystemDefaultUILanguage
EnumCalendarInfoW
GetProfileStringW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
IsDBCSLeadByte
CreateEventW
GetPrivateProfileStringW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

ole32

StgCreateDocfileOnILockBytes
CoCreateInstance
CLSIDFromString
CoUninitialize
IsEqualGUID
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoDisconnectObject
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Arc
Pie
SetBkMode
SelectPalette
CreateCompatibleBitmap
ExcludeClipRect
RectVisible
SetWindowOrgEx
MaskBlt
AngleArc
Chord
SetTextColor
StretchBlt
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
RemoveFontResourceW
GetWindowOrgEx
CreatePalette
CreateBrushIndirect
PatBlt
LineDDA
PolyBezierTo
GetStockObject
CreateSolidBrush
Polygon
Rectangle
MoveToEx
DeleteDC
SaveDC
BitBlt
Ellipse
FrameRgn
GetDeviceCaps
GetBitmapBits
GetTextExtentPoint32W
GetClipBox
Polyline
IntersectClipRect
GetSystemPaletteEntries
CreateBitmap
AddFontResourceW
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
CreatePenIndirect
SetStretchBltMode
GetDIBits
CreateFontIndirectW
PolyBezier
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
SetBkColor
CreateCompatibleDC
GetObjectW
GetBrushOrgEx
GetCurrentPositionEx
SetROP2
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
ArcTo
GdiFlush
SetPixel
EnumFontFamiliesExW
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 30KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0b63880cb50353b22951a7ccdb500f42.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_0b70928d9e99f77e515f8618456babee.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_0c07f38185288e23fb7571d56ac59a7b.vir
.exe windows:5 windows x86 arch:x86

c38eed9a4521f048c938efbdad470e6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ipv6.pdb

Imports

advapi32

CloseServiceHandle
OpenServiceA
OpenSCManagerA
ControlService

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
MultiByteToWideChar
DeviceIoControl
GetLastError
lstrcatA
lstrcpyA
WideCharToMultiByte
CreateFileW
LoadLibraryExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
InterlockedExchange
VirtualQuery
GetStringTypeA
GetStringTypeW
SetFilePointer
LCMapStringA
LCMapStringW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
SetStdHandle
FlushFileBuffers
CloseHandle
FormatMessageA
LocalFree
SetThreadUILanguage

ntdll

RtlGUIDFromString
RtlInitUnicodeString

ws2_32

htonl
getservbyname
htons
gethostbyaddr
ntohs
getservbyport
inet_ntoa
WSAStringToAddressA
WSAAddressToStringA
closesocket
WSAIoctl
socket
WSAStartup
gethostbyname
WSAGetLastError
WSASetLastError
inet_addr

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx

user32

CharToOemBuffA

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_0c1527b262b392743f989e58c97b68e3.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0cf726d18910a31ff564224f1ffcc284.vir
.exe windows:4 windows x86 arch:x86

1ea86114268c5a47c81225347aae290c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
ord660
__vbaNameFile
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord608
__vbaFPException
__vbaStrVarVal
__vbaGetOwner3
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord648
ord570
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaFreeVarg
__vbaVarCopy
__vbaFpI4
_CIatan
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0d3766aef810bc16c11962448eb95c6b.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_0e461f56073536682e8e7329b4118739.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_0e71dd1e2174bb47f908e860f0bf8951.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0f17dfb0370327b37a943019348ab278.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\abramov\Desktop\HyundaiN700E(0.4-3.7)\obj\Release\HyundaiN700E(0.4-3.7).pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 794KB - Virtual size: 793KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0f266f38035cdbd0fa6a499c7d0d4515.vir
.exe windows:4 windows x86 arch:x86

7bbb07b9292f9afbf873df4b4c996865

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

glu32

gluOrtho2D

opengl32

wglGetProcAddress
wglGetCurrentDC
wglDeleteContext
wglMakeCurrent
wglGetCurrentContext
wglShareLists
wglCreateContext
glReadBuffer
glDrawBuffer
glEnd
glVertex2i
glTexCoord2f
glColor3ub
glBegin
glEnable
glAlphaFunc
glViewport
glLoadIdentity
glMatrixMode
glCopyTexSubImage2D
glBindTexture
glTexParameteri
glDisable
glRecti
glTexSubImage2D
glTexCoord2d
glGetTexImage
glBlendFunc
glTexImage2D
glGenTextures
glDeleteTextures
glGetString

ddraw

DirectDrawCreate

winmm

timeGetTime

kernel32

DeleteFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
CreateFileA
GetFileAttributesA
WritePrivateProfileStringA
SetErrorMode
RtlUnwind
HeapFree
GetSystemTimeAsFileTime
ExitThread
CreateThread
CreateDirectoryA
ExitProcess
MoveFileA
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
InterlockedIncrement
RaiseException
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
Sleep
WideCharToMultiByte
GetVersionExA
GetCurrentDirectoryA
GetLastError
TerminateProcess
CreateMutexA
GetProcAddress
LoadLibraryA
OutputDebugStringA
FreeLibrary
SetLastError
InterlockedExchange
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
GlobalFree
FormatMessageA
LocalFree
CloseHandle
GetCurrentThread
lstrcmpA
GetModuleFileNameA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
InterlockedDecrement
lstrcpynA
GlobalGetAtomNameA
GlobalAddAtomA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalSize
GetACP
GlobalLock
GlobalUnlock
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA

user32

InflateRect
GetMenuItemInfoA
GetSysColorBrush
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
AdjustWindowRectEx
DeferWindowPos
RegisterClassA
UnregisterClassA
SetWindowPlacement
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
UnhookWindowsHookEx
RegisterWindowMessageA
wsprintfA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
GetClassNameA
GetSysColor
SetWindowPos
WinHelpA
TabbedTextOutA
GetActiveWindow
GetFocus
EqualRect
GetDlgItem
SetWindowLongA
GetDlgCtrlID
GetMenu
PeekMessageA
GetCapture
LoadAcceleratorsA
GetParent
SetActiveWindow
IsWindowVisible
InvalidateRect
InsertMenuItemA
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreatePopupMenu
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetLastActivePopup
BringWindowToTop
SetMenu
ShowWindow
GetWindowLongA
IsWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
EnableWindow
TranslateAcceleratorA
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
IsClipboardFormatAvailable
ReleaseDC
ChangeDisplaySettingsA
EnumDisplaySettingsA
SetRect
GetDC
MessageBoxA
LoadIconA
SendMessageA
UpdateWindow
ReleaseCapture
GetCursorPos
PtInRect
SetCursor
DestroyCursor
GetSystemMetrics
LoadCursorA
SetCapture
KillTimer
SetTimer
ScreenToClient
ClientToScreen
GetClientRect
GetWindowRect
IsZoomed
IsIconic
PostMessageA
FillRect
GetMessageA
TranslateMessage
ValidateRect
ShowOwnedPopups
PostQuitMessage
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
GetWindowDC
GrayStringA
DrawTextExA
GetClassInfoA
DrawTextA
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
MoveWindow
SetWindowTextA
CreateWindowExA
SetWindowsHookExA
SetFocus
CallNextHookEx
GetKeyState

gdi32

RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
DeleteObject
SetBkMode
SetMapMode
BitBlt
GetPixel
GetObjectA
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreatePatternBrush
GetStockObject
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
SwapBuffers
SetPixelFormat
ChoosePixelFormat
PtVisible
DescribePixelFormat

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

comctl32

ImageList_Draw
ImageList_GetImageInfo
ord17
ImageList_Destroy

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

inet_addr
bind
WSASetLastError
connect
sendto
htons
WSAAsyncSelect
htonl
gethostbyname
select
socket
recv
WSACancelAsyncRequest
inet_ntoa
WSAAsyncGetHostByName
shutdown
WSAGetLastError
accept
closesocket
WSACleanup
WSAStartup
recvfrom
send

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_0f3a30f4393c57461f2d3e61d976375e.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_117046944036eafbeb432b84cd1d2fd9.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_11aa57a423e5256ffcda6dfe569deab1.vir
.dll windows:5 windows

Code Sign

33:00:00:01:09:e2:19:d6:f9:b8:a4:be:bf:00:00:00:00:01:09
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2018 20:20

Not After

23-11-2019 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:86DF-4BBC-9335,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:4f:0a:67:c2:0c:60:38:5a:2b:bd:99:c9:2d:12:0a:f3:06:9a:fc
Signer

Actual PE Digest

f3:4f:0a:67:c2:0c:60:38:5a:2b:bd:99:c9:2d:12:0a:f3:06:9a:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Data.SqlClient.ni.pdb
D:\A\_work\40\s\bin\obj\Windows_NT.AnyCPU.Release\System.Data.SqlClient\System.Data.SqlClient.pdb

Sections

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_123ad0c43cf9e26421dca1cec40f6d84.vir
.dll windows:6 windows x86 arch:x86

Code Sign

54:75:00:71:42:50:5c:a3:c2:31:17:15:ae:9a:03:f8
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-04-2017 00:00

Not After

26-04-2020 23:59

Subject

CN=Emurasoft\, Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Emurasoft\, Inc.,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:b4:ff:15:3a:1c:48:ae:86:1b:8b:76:7f:3e:5e:a4:50:cb:d3:f1:ca:89:e5:e2:da:3a:8f:c7:b9:f0:3c:bb
Signer

Actual PE Digest

d2:b4:ff:15:3a:1c:48:ae:86:1b:8b:76:7f:3e:5e:a4:50:cb:d3:f1:ca:89:e5:e2:da:3a:8f:c7:b9:f0:3c:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_129648c6b9553321c87f7b6940228451.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_12e91d7e4ed742fbddef8ed3d5927dcb.vir
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_12f57f7c231fed9f49bf2d225727f0b1.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Студент\Desktop\СИСИМАСИСИ\WpfApp4\WpfApp4\obj\Debug\WpfApp4.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_13460cf7dc16150aac79458235554198.vir
.exe windows:5 windows x86 arch:x86

cc42874e643acc63d2065c8bdc90f972

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ping.pdb

Imports

msvcrt

_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
isspace
exit
strtoul
_write

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

GetLastError
LocalAlloc
QueryPerformanceCounter
Sleep
FormatMessageA
LocalFree
GetCurrentThreadId
GetCurrentProcessId
SetConsoleCtrlHandler
GetTickCount
SetThreadUILanguage
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime

iphlpapi

IcmpCreateFile
Icmp6CreateFile
IcmpSendEcho2
Icmp6SendEcho2
IcmpCloseHandle

user32

CharToOemBuffA

ws2_32

getnameinfo
getaddrinfo
inet_ntoa
gethostbyaddr
freeaddrinfo
closesocket
WSAIoctl
WSAGetLastError
socket
WSAStartup
WSACleanup

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_1349ee44727238fe6186a236a3a65c5f.vir
.exe windows:5 windows x86 arch:x86

0a6e6a1e3cba00906d9b8fea0b706cf9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Vinay\Projects\simple_launcher\dist\t32.pdb

Imports

kernel32

ExitProcess
GetCommandLineW
SearchPathW
SetInformationJobObject
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GenerateConsoleCtrlEvent
AssignProcessToJobObject
FormatMessageW
GetExitCodeProcess
GetModuleFileNameW
QueryInformationJobObject
MultiByteToWideChar
CreateJobObjectA
GetStdHandle
GetLastError
SetConsoleCtrlHandler
DuplicateHandle
CloseHandle
HeapSize
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableW
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetCommandLineA
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
RtlUnwind
HeapCreate
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetProcAddress
WriteFile
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
Sleep
LCMapStringW
ReadFile
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
LoadLibraryW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
IsProcessorFeaturePresent
CompareStringW
WriteConsoleW

shlwapi

StrStrIW
PathRemoveFileSpecW
PathCombineW

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_134b2d0e5939a63c36b24f3679a6ec9d.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_136a459576355c21d4e315259af51ad5.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_13bac0ef4f2ad8351fa82226e151aad4.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_14380229e31651b73ec3db08a2bf2790.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_14e4e25ff2a42e21b6f117d1f706b4ba.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_14f040f5f97998f0509332601f66f21a.vir
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB
Virussign.2024.06.08/virussign.com_150f451d1d357a080499a65f134faa7d.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\wewewe\GSM\GSM\obj\x86\Debug\GSM.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_153151180d04cac515a0732bfb01fdc1.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_15c7edb4b8a8de4c841d3a7c1f8b96ec.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:05:8e:ca:29:22:1e:6a:34:5b:00:00:00:00:01:05
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2018 20:20

Not After

23-11-2019 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:3BD4-4B80-69C3,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:ec:42:0f:5e:53:df:c8:50:bc:a5:2d:a8:9d:ec:1d:a3:21:c2:08
Signer

Actual PE Digest

ed:ec:42:0f:5e:53:df:c8:50:bc:a5:2d:a8:9d:ec:1d:a3:21:c2:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.Linq.Expressions\4.1.2.0\System.Linq.Expressions.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_15cf1ac8e97028b18d88cad3d02fe216.vir
.dll windows:6 windows x86 arch:x86

6898f214edd6414866393e40879023b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\code\kodi-deps\Build\win10-win32\pillow-prefix\src\pillow-build\RelWithDebInfo\_imaging.pdb

Imports

python3.8

PyDict_New
PyList_SetItem
PyList_New
PyTuple_New
PyFloat_AsDouble
PyFloat_FromDouble
PyBool_FromLong
PyLong_AsLongLong
PyLong_AsLong
PyLong_FromSsize_t
PyLong_FromLong
PyUnicode_AsLatin1String
PyNumber_AsSsize_t
PyBytes_AsStringAndSize
PyBytes_AsString
PyBytes_FromStringAndSize
_PyObject_New
PyObject_Free
PyObject_Print
_Py_Dealloc
PyType_Ready
PyType_IsSubtype
_Py_NoneStruct
PyExc_ValueError
PyExc_TypeError
PyErr_Occurred
PySequence_GetItem
PyNumber_Check
PyObject_CallFunction
PyDict_SetItemString
PySlice_AdjustIndices
PyErr_Clear
PySlice_Unpack
PySlice_Type
PyErr_NoMemory
PyExc_MemoryError
PyErr_Format
PyErr_SetFromErrno
_PyErr_BadInternalCall
PyModule_GetDict
_PyBytes_Resize
PyExc_SystemError
Py_BuildValue
PyArg_ParseTuple
PyCapsule_New
_PyArg_ParseTuple_SizeT
_Py_BuildValue_SizeT
PyModule_AddObject
_Py_NotImplementedStruct
PyExc_IOError
_Py_TrueStruct
PyUnicode_Type
PyBuffer_Release
PyObject_GetBuffer
PySequence_Fast
PySequence_Size
PySequence_Check
PyObject_Size
PyEval_RestoreThread
PyEval_SaveThread
PyExc_IndexError
PyErr_ExceptionMatches
PyObject_CallMethod
PyLong_AsSsize_t
PyErr_SetString
PyModule_Create2
PyUnicode_FromString
PyModule_AddIntConstant
PyFloat_Type

api-ms-win-core-file-l1-1-0

GetFileSizeEx

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile

api-ms-win-core-memory-l1-1-1

CreateFileMappingFromApp
MapViewOfFileFromApp

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

vcruntime140_app

memcpy
longjmp
_setjmp3
_except_handler4_common
__std_type_info_destroy_list
memmove
memset

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf
_write
__stdio_common_vsscanf
fwrite
fopen
fclose
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strncpy
strncmp

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc
calloc

api-ms-win-crt-math-l1-1-0

_libm_sse2_log_precise
_CIfmod
_libm_sse2_sqrt_precise
floor
modf
_libm_sse2_cos_precise
_libm_sse2_sin_precise
ceil

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
exit
_execute_onexit_table
_cexit
_initterm

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

PyInit__imaging
round

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_160027be56a683f688be6fa558ad1f4a.vir
.exe windows:10 windows x64 arch:x64

fe6f775dd0c72ffd106f56930c60a452

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

explorer.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?width@ios_base@std@@QEAA_J_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?id@?$collate@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_c_exit
_register_thread_local_exe_atexit_callback
_set_error_mode

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

strncmp
wcsncmp
wcscmp
wcscspn
memset

api-ms-win-crt-private-l1-1-0

_o_iswalnum
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_sqrt
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
__C_specific_handler
_o_free
_o_floor
_o_exit
_o_ceil
_o_bsearch
memmove
_o__wtoi
_o__wcsnicmp
_o__wcsicmp
_o__localtime64
_o__ui64tow_s
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__itow_s
_o__seh_filter_exe
_o__register_onexit_function
_o__recalloc
_o__purecall
_o__mktime64
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcsstr
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

twinapi

ord9

api-ms-win-core-job-l2-1-0

AssignProcessToJobObject
QueryInformationJobObject
CreateJobObjectW
SetInformationJobObject

api-ms-win-core-url-l1-1-0

UrlUnescapeW
PathIsURLW
HashData

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetBoolUSValueW
SHRegGetUSValueW

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx

ntdll

RtlUpcaseUnicodeString
RtlCopyUnicodeString
RtlRunOnceExecuteOnce
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
ZwOpenFile
ZwEnumerateKey
RtlInitUnicodeStringEx
RtlAppendUnicodeStringToString
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryInformationProcess
ZwSetInformationProcess
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlIsStateSeparationEnabled
RtlAcquireSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlReleaseSRWLockExclusive
RtlAppendUnicodeToString
RtlAllocateHeap
RtlReAllocateHeap
RtlGetVersion
wcsspn
wcsrchr
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlCompareUnicodeString
wcschr
strchr
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlFreeHeap
RtlNtStatusToDosError
NtQueryWnfStateData
RtlPublishWnfStateData
NtSetSystemInformation
RtlFlushHeaps
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlNtStatusToDosErrorNoTeb
RtlFreeUnicodeString
ZwQuerySystemInformation
NtSetThreadExecutionState
RtlCaptureContext
RtlGetDeviceFamilyInfoEnum
NtSetInformationProcess
NtQueryInformationProcess
VerSetConditionMask
RtlQueryResourcePolicy
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmAddToStreamEx
RtlDosPathNameToNtPathName_U_WithStatus
RtlIsMultiUsersInSessionSku
RtlIsMultiSessionSku
RtlInitString
ZwClose
ZwOpenKey
ZwQueryValueKey
RtlInitUnicodeString
RtlFormatCurrentUserKeyPath

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
GetModuleHandleExW
LockResource
GetModuleFileNameW
LoadResource
FindStringOrdinal
LoadStringW
GetModuleHandleW
FindResourceExW
SizeofResource
LoadLibraryExW
GetProcAddress
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-synch-l1-1-0

ReleaseMutex
InitializeSRWLock
AcquireSRWLockExclusive
WaitForSingleObject
CreateMutexW
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
DeleteCriticalSection
SleepEx
ReleaseSemaphore
OpenMutexW
WaitForMultipleObjectsEx
EnterCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
OpenEventW
SetEvent
CreateMutexExW
CreateEventW
ReleaseSRWLockExclusive
TryEnterCriticalSection
CreateEventExW
ResetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-core-file-l1-1-0

CompareFileTime
CreateFileW
DeleteFileW
GetLongPathNameW
FindClose
WriteFile
FindNextFileW
FindFirstFileW
GetFileAttributesW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventEnabled
EventWrite
EventProviderEnabled
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenCurrentUser
RegDeleteTreeW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegEnumKeyExW
RegGetValueW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolWork
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentProcessId
SetThreadPriorityBoost
GetThreadPriority
SetThreadPriority
GetExitCodeProcess
GetCurrentThreadId
ExitProcess
GetProcessId
GetStartupInfoW
CreateThread
ProcessIdToSessionId
SetPriorityClass
GetPriorityClass
GetCurrentProcess
OpenThreadToken
GetCurrentThread
OpenProcessToken
TerminateProcess
SetProcessShutdownParameters
OpenThread
QueueUserAPC
ResumeThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
GetCalendarInfoW
GetUserDefaultLangID
GetLocaleInfoW
GetThreadUILanguage

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

VariantClear
SafeArrayUnaccessData
VarUI4FromStr
SysAllocString
SysFreeString
SafeArrayAccessData
SafeArrayCreate
SafeArrayDestroy
SysAllocStringByteLen
VariantInit

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-sysinfo-l1-1-0

IsOS
SetCurrentProcessExplicitAppUserModelID

api-ms-win-core-com-l1-1-0

CoGetClassObject
CoInitializeEx
CoTaskMemRealloc
CoInitializeSecurity
CoWaitForMultipleHandles
CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoRevokeClassObject
CoTaskMemFree
CoFreeUnusedLibraries
PropVariantClear
CreateStreamOnHGlobal
CoCreateInstance
CoSetProxyBlanket
StringFromGUID2
StringFromIID
CoCreateGuid
CoMarshalInterThreadInterfaceInStream
CLSIDFromString
CoGetInterfaceAndReleaseStream
CoEnableCallCancellation
CoDisableCallCancellation
CoCancelCall
IIDFromString
CoGetStdMarshalEx
CoUninitialize
CoGetCallContext
CoGetMalloc
CoReleaseMarshalData
CoRegisterClassObject

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpIW
StrCmpICW
StrToIntW
StrCmpNICW
StrCmpNIW
StrCmpICA
StrChrIW
StrRChrW
StrStrIW
StrCmpW
QISearch
StrChrW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW
CommandLineToArgvW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_SetSite
IUnknown_Set
IUnknown_QueryService
IUnknown_GetSite

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
LocalReAlloc
GlobalFree
LocalFree

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetWindowsDirectoryW
GetTickCount64
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetVersionExW
GetSystemTime
GetTickCount

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW
SearchPathW
GetCommandLineW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveBlanksW
PathCommonPrefixW
PathFindFileNameW
PathGetArgsW
PathFileExistsW
PathGetDriveNumberW
PathCombineW
PathQuoteSpacesW
PathRemoveFileSpecW
SHExpandEnvironmentStringsW
PathFindExtensionW
PathParseIconLocationW
PathIsFileSpecW

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsSubstringWithSpecifiedLength
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef
SHCreateThreadRef
SHCreateThread
SetProcessReference
SHGetThreadRef

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-shcore-registry-l1-1-0

SHDeleteKeyW
SHEnumKeyExW
SHRegGetValueW
SHGetValueW
SHSetValueW
SHQueryInfoKeyW
SHDeleteValueW

api-ms-win-security-base-l1-1-0

SetKernelObjectSecurity
CopySid
MakeAbsoluteSD
GetTokenInformation
DuplicateToken
CheckTokenMembership
CreateWellKnownSid
EqualSid
GetLengthSid
GetAclInformation
GetAce
DeleteAce
InitializeAcl
AddAce
IsValidSid

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoActivateInstance
RoGetActivationFactory

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoTransformError

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchRemoveFileSpec
PathAllocCombine
PathCchAddExtension
PathCchAppend

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
OpenFileMappingW
MapViewOfFile
VirtualProtect
VirtualFree
UnmapViewOfFile
VirtualAlloc

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-stream-l1-1-0

SHOpenRegStream2W
SHCreateMemStream
SHCreateStreamOnFileW
IStream_Write
SHCreateStreamOnFileEx
IStream_Reset
IStream_Read

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

ChangeTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
RegisterWaitForSingleObject
GetSystemPowerStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
ord244

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode
GetProductInfo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx
CallNtPowerInformation
GetPwrCapabilities

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

ShellMessageBoxW
ord279
ord165
ord481
ord479
ord478
SHIsChildOrSelf
StrRetToStrW
AssocQueryStringW
SHPinDllOfCLSID
ord509
SHCreateWorkerWindowW
ord635
IUnknown_GetWindow
StrRetToBufW
PathRemoveArgsW
ord292
ord197
ord544

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
EnumDisplayMonitors
EnumDisplayDevicesW
GetMonitorInfoW
GetSystemMetrics

api-ms-win-ntuser-rectangle-l1-1-0

InflateRect
EqualRect
SetRect
CopyRect
IsRectEmpty
OffsetRect
UnionRect
IntersectRect
PtInRect
SubtractRect
SetRectEmpty

api-ms-win-rtcore-ntuser-winevent-l1-1-0

NotifyWinEvent
UnhookWinEvent
SetWinEventHook

api-ms-win-shell-namespace-l1-1-0

SHBindToObject
ILIsEqual
SHGetNameFromIDList
SHCreateItemFromParsingName
SHGetIDListFromObject
ILRemoveLastID
SHBindToParent
SHCreateItemFromIDList
SHBindToFolderIDListParent
ILFindLastID
ILFree
ILCloneFirst
SHParseDisplayName
ILClone
ILGetSize
ILCombine
ILIsParent

dxgi

DXGIDeclareAdapterRemovalSupport

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerType
GetPointerInfo
EnableMouseInPointer
GetCurrentInputMessageSource
GetPointerDevices

api-ms-win-storage-exports-internal-l1-1-0

GetThreadFlags
SHGetFolderPathEx
SHGetKnownFolderIDList
SetThreadFlags

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily
GetPackageFullName

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand
GetWindowBand

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

RegisterPowerSettingNotification
UnregisterPowerSettingNotification

propsys

PSPropertyBag_WriteStr
PropVariantToUInt32
PSPropertyBag_WriteDWORD
InitVariantFromGUIDAsString
InitVariantFromResource
PropVariantToBoolean
PSCreateMemoryPropertyStore
PSGetPropertyFromPropertyStorage
PropVariantToStringAlloc

api-ms-win-mm-playsound-l1-1-0

PlaySoundW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-appmodel-runtime-l1-1-1

FindPackagesByPackageFamily
GetStagedPackagePathByFullName
ParseApplicationUserModelId

gdi32

ExtTextOutW
GetTextExtentPoint32W
CreateRectRgnIndirect
Rectangle
SetStretchBltMode
ExcludeClipRect
StretchBlt
GetTextMetricsW
SetTextAlign
SetTextColor
CreateFontIndirectW
GetClipBox
SelectObject
CreateCompatibleDC
DeleteDC
GetGlyphOutlineW
GetOutlineTextMetricsW
GetClipRgn
SelectClipRgn
GetCurrentObject
GetDeviceCaps
CreateRectRgn
SetRectRgn
OffsetRgn
CombineRgn
DeleteObject
GetObjectW
GetStockObject

kernel32

IsBadWritePtr
RegisterApplicationRestart

wininet

InternetCrackUrlW

shcore

ord162
SHUnicodeToAnsi
ord1
ord192
ord183
ord213
ord126
ord109
ord174
ord121
ord190
ord123
ord186
ord187
ord142
ord200
ord184

shell32

ord134
ord60
ord22
ord850
ord91
ord254
ord54
SHEnableServiceObject
ord61
ord896
SHAddToRecentDocs
ord95
SHFileOperationW
ord885
ord723
ord680
ord172
ord100
ord85
ord190
ord89
ord200
ord245
ShellExecuteExW
ord899
ord188
ord201
ord206
SHCreateItemInKnownFolder
ord67
DragQueryFileW
SHChangeNotifyRegisterThread
ord733
ord753
ord644
ord645
SHGetPathFromIDListW
ord4
DuplicateIcon
ord711
ord2
SHGetStockIconInfo
ord6
Shell_NotifyIconGetRect
Shell_NotifyIconW
ord137
ord132
ExtractIconExW
ord244
ord181
ord866
ord764
SHEvaluateSystemCommandTemplate
ord743
ord907
ord43
Shell_GetCachedImageIndexW
ord790
ord792
ord727
ord162
SHAppBarMessage
ord894
SHGetPropertyStoreForWindow
ord193
ord906
ord895
ShellExecuteW
SHGetLocalizedName
SHUpdateRecycleBinIcon

shlwapi

PathIsDirectoryW
ord413
ord548
ord163
ord467
AssocQueryKeyW
ChrCmpIW
PathIsRelativeW
AssocCreate
ord164

uxtheme

GetThemeFont
ord86
DrawThemeBackground
DrawThemeTextEx
DrawThemeParentBackground
CloseThemeData
BufferedPaintInit
GetThemeBackgroundExtent
BeginBufferedPaint
IsCompositionActive
BufferedPaintUnInit
GetWindowTheme
SetWindowTheme
GetThemeBool
GetThemeMetric
GetThemeColor
GetThemeInt
GetBufferedPaintBits
IsThemeActive
GetThemePartSize
ord126
BufferedPaintSetAlpha
EndBufferedPaint
ord138
OpenThemeData
OpenThemeDataForDpi
GetThemeMargins
IsAppThemed

dwmapi

DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmRegisterThumbnail
ord113
ord139
DwmEnableBlurBehindWindow
ord141
ord140
DwmGetWindowAttribute
ord159
DwmQueryThumbnailSourceSize
ord124
DwmUpdateThumbnailProperties
DwmUnregisterThumbnail
ord114
ord138

user32

FillRect
UnregisterClassA
PostThreadMessageW
IsCharAlphaNumericW
CharLowerW
AreDpiAwarenessContextsEqual
GetWindowDpiAwarenessContext
GetDpiForSystem
SetMenuInfo
GetMenuInfo
ord2522
UnregisterClassW
ord2521
UpdateLayeredWindow
GetClassLongPtrW
GetWindowProcessHandle
GetWindowCompositionAttribute
AdjustWindowRectEx
GetDC
ReleaseDC
MonitorFromWindow
CreatePopupMenu
SetThreadDpiAwarenessContext
IsProcessDPIAware
GetMenuDefaultItem
DestroyMenu
LoadCursorW
SetCursor
SetMenuItemInfoW
DefWindowProcA
IsWindowUnicode
LoadAcceleratorsW
ChangeWindowMessageFilterEx
TranslateAcceleratorW
ord2611
MonitorFromRect
GetWindowPlacement
GetGuiResources
IsHungAppWindow
ord2574
SwitchToThisWindow
GetLastActivePopup
UnregisterHotKey
RegisterHotKey
SendDlgItemMessageW
EndDialog
ExitWindowsEx
GetKeyState
IsIconic
LoadIconW
HungWindowFromGhostWindow
SetWindowPlacement
CascadeWindows
TileWindows
LockWorkStation
InjectMouseInput
MapVirtualKeyExW
InjectKeyboardInput
GetCaretBlinkTime
GetSysColor
CopyImage
DestroyIcon
DrawIconEx
GetSystemMetricsForDpi
ord2005
TrackMouseEvent
SetCapture
GetCapture
ReleaseCapture
DrawTextExW
SetLayeredWindowAttributes
GetDoubleClickTime
CalculatePopupWindowPosition
GetLayeredWindowAttributes
InternalGetWindowText
GetMenuStringW
SetScrollPos
CopyIcon
GetLastInputInfo
GetScrollInfo
SetScrollInfo
IsZoomed
AdjustWindowRect
GetDpiForWindow
SetWindowCompositionAttribute
SetGestureConfig
LoadImageW
CheckMenuItem
EnableMenuItem
GetMenuState
RemoveMenu
SetMenuDefaultItem
TrackPopupMenuEx
IsTopLevelWindow
DeleteMenu
DrawTextW
LoadMenuW
GetSubMenu
CreateIconIndirect
GetMenuItemCount
GetMenuItemInfoW
MonitorFromPoint
EndTask
ReplyMessage
ord2573
GetAsyncKeyState
ModifyMenuW
BringWindowToTop
InsertMenuW
ShowWindowAsync
GetCursorInfo
GetSystemMenu
GetPhysicalCursorPos
GetClassLongW
GetClassWord
GetIconInfo
GetIconInfoExW
GhostWindowFromHungWindow
GetSysColorBrush

sspicli

LsaDeregisterLogonProcess
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer
GetUserNameExW
LsaConnectUntrusted

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW
PowerCreateRequest
PowerSetRequest

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceConfigW

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-eventing-controller-l1-1-0

StopTraceW
StartTraceW
EnableTraceEx2

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
NdrClientCall3
UuidFromStringW

api-ms-win-core-biptcltapi-l1-1-7

BiPtFreeMemory
BiPtAssociateApplicationEntryPoint
BiPtQueryWorkItem
BiPtEnumerateWorkItemsForPackageName

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

api-ms-win-security-lsalookup-l1-1-1

GetDefaultIdentityProvider
ReleaseIdentityProviderEnumContext
GetIdentityProviderInfoByGUID
EnumerateIdentityProviders

api-ms-win-crt-math-l1-1-0

floorf
ceilf

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 725KB - Virtual size: 725KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.newsec
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_164414b2f14e543d5b21ce3d2be5cba7.vir
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_1682e903320ec2e17bce7608d8eb96c3.vir
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_175d2b112fba670e56fa09def7a02911.vir
.exe windows:5 windows x86 arch:x86

a6cef1827545673035a388548437ddcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mqtgsvc.pdb

Imports

msvcrt

malloc
free
printf
_getche
__CxxFrameHandler
localtime
_vsnwprintf
wcschr
towupper
_wcsnicmp
wcscmp
wcscspn
iswspace
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_wcsicmp
wcscat
wcsstr
_except_handler3
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
_beginthreadex
_purecall
??0exception@@QAE@ABV0@@Z
_endthreadex
swprintf
_wtoi64
_controlfp
wcscpy
wcslen
_ui64tow
wcstok

msvcp60

??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z
?move@?$char_traits@G@std@@SAPAGPAGPBGI@Z
?length@?$char_traits@G@std@@SAIPBG@Z
?_Xlen@std@@YAXXZ
?copy@?$char_traits@G@std@@SAPAGPAGPBGI@Z
?_Xran@std@@YAXXZ
?compare@?$char_traits@G@std@@SAHPBG0I@Z
?assign@?$char_traits@G@std@@SAXAAGABG@Z
?find@?$char_traits@G@std@@SAPBGPBGIABG@Z

atl

ord30

advapi32

RegOpenKeyExW
RegQueryValueExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegCreateKeyExW
RegSetValueExW
RegCloseKey
TraceMessage
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
ReportEventW
InitializeSecurityDescriptor
InitializeAcl
SetSecurityDescriptorDacl
MakeSelfRelativeSD
IsValidSid
GetLengthSid
LookupAccountNameW
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AddAccessDeniedAce
AddAccessAllowedAce
SetServiceStatus
RegisterEventSourceW

kernel32

GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetSystemDirectoryW
WideCharToMultiByte
LocalFree
ExpandEnvironmentStringsW
ExitProcess
CreateThread
GetSystemInfo
InterlockedCompareExchange
CreateSemaphoreW
ReleaseSemaphore
GetLocalTime
GetComputerNameW
InterlockedIncrement
InterlockedDecrement
CancelIo
CloseHandle
GetLastError
CreateIoCompletionPort
ResumeThread
WaitForSingleObject
SetEvent
CreateEventW
LeaveCriticalSection
GetTickCount
EnterCriticalSection
SetThreadPriority
InitializeCriticalSection
DeleteCriticalSection
Sleep
PostQueuedCompletionStatus
ResetEvent
GetQueuedCompletionStatus

rpcrt4

RpcStringFreeW
UuidToStringW

user32

CharLowerW
CharUpperW
wsprintfW

oleaut32

SystemTimeToVariantTime
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear
VariantCopy
VariantInit
SysAllocString
SysFreeString
GetErrorInfo

ole32

CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoInitializeEx
CoUninitialize
OleRun

mqrt

MQReceiveMessageByLookupId
MQOpenQueue
MQPathNameToFormatName
MQReceiveMessage
MQCloseQueue
MQCloseCursor
MQCreateCursor
MQCreateQueue

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_17ce5d1e8c73708bd17d96386cc26d2f.vir
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstPath.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WelcomePage.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/installpathcn.bmp
$TEMP/installpathen.bmp
$TEMP/instpath.ini
$TEMP/partner.ini
$TEMP/welcomepage.ini
CrashReport.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_17f6de93a5e86cce95d467c8e1a6da6f.vir
.dll windows:4 windows x86 arch:x86

d4efd317ab3cc06f943138ed175a7532

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Code\Pirate101\Pirate_1_035\Pirate101\Bin\PirateLauncherUI.pdb

Imports

kernel32

ReadFile
GlobalFree
GetLastError
GetCurrentThreadId
lstrlenA
GlobalAlloc
TlsFree
VirtualQuery
TlsAlloc
InitializeCriticalSection
DeleteCriticalSection
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
InterlockedExchange
SetLastError
InterlockedDecrement
SetEndOfFile
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeA
LCMapStringA
UnlockFile
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetACP
GetStdHandle
ExitProcess
HeapSize
Sleep
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
RtlUnwind
RaiseException
GetVersionExA
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibrary
SizeofResource
TlsGetValue
WriteFile
LockResource
InterlockedIncrement
LoadResource
EnterCriticalSection
LeaveCriticalSection
CloseHandle
TlsSetValue
FlushFileBuffers
GetCurrentProcess
TerminateProcess
HeapAlloc
GetProcessHeap
HeapFree
SetFilePointer
LockFile
GetLocaleInfoA

advapi32

RegCloseKey

user32

GetSystemMenu
UpdateWindow
SetWindowPos
DrawIcon
ShowOwnedPopups
ValidateRect
GetParent
CallNextHookEx
ReleaseDC
SetWindowContextHelpId
UnhookWindowsHookEx
IsMenu
IsIconic
GetTopWindow
DestroyMenu
DestroyWindow
GetWindowRect
GetClientRect
MapDialogRect
GetDlgItem
SetFocus
GetDlgCtrlID
IsWindow
EndPaint
EndDialog
IntersectRect
GetActiveWindow
WindowFromDC
SetActiveWindow
GetFocus
SetRect
BeginPaint
GetKeyState
GetNextDlgTabItem
IsWindowVisible
CopyRect
GetSystemMetrics
IsWindowEnabled
PostQuitMessage
GetWindow
MessageBeep
RedrawWindow
TranslateMessage
ShowWindow

gdi32

DeleteDC
GetStockObject
CreateCompatibleDC
RestoreDC
AddFontMemResourceEx
SaveDC
DeleteObject
BitBlt
SetTextColor
SetBkMode
SelectObject

ole32

OleInitialize
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysFreeString
VariantInit
SysStringLen
SysAllocStringLen
VariantChangeType
SysAllocString

comctl32

InitCommonControlsEx
ord17

Exports

Exports

?IFnAlreadyRunning@@YAXXZ
?IFnConnectToLogin@@YAXXZ
?IFnGetUserNameAndPassword@@YAXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?IFnGotoPage@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?IFnHideWindow@@YAXXZ
?IFnHomeButtonFocus@@YAXXZ
?IFnInitialize@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?IFnLaunchingGameClient@@YAXXZ
?IFnLaunchingNewPatchClient@@YAXXZ
?IFnPatchingPatchClient@@YAXXZ
?IFnPostQuitMessage@@YAXXZ
?IFnReadyToPlay@@YAXXZ
?IFnReportFileProgress@@YAXPBDI_N@Z
?IFnReportTotalProgress@@YAXI@Z
?IFnShowLoginControls@@YAXXZ
?IFnShowProgressControls@@YAXXZ
?IFnShowUI@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0PAV?$Delegate@AAUExeParams@@@@@Z

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_187c3302904bed0df399ba54ca62a338.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_1a4f29f5d738a88819d639beeeb56e98.vir
.dll windows:6 windows x64 arch:x64

e5e76c51bdd15f975a5b9dec71419aeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

sdl2

SDL_SetPaletteColors
SDL_GetRGBA
SDL_CreateRGBSurface
SDL_FreeSurface
SDL_GetSurfaceBlendMode
SDL_MapRGB
SDL_GetRGB
SDL_GetError
SDL_GetColorKey

python37

PyExc_TypeError
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyImport_ImportModule
PyErr_Occurred
PyExc_RuntimeError
Py_BuildValue
_Py_NoneStruct
PyErr_SetString
PyExc_ValueError
PyErr_Format
PyCapsule_GetPointer
PyModule_Create2
PyCapsule_Type
PyObject_GetAttrString

kernel32

GetCurrentProcess
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
RtlLookupFunctionEntry

vcruntime140

__std_type_info_destroy_list
memset
memcpy
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

Exports

Exports

PyInit_pixelcopy

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_1ac6cb424ea910219a3facc1c5749fc7.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_1c861ca5896d188bf50c7a10d1a6a720.vir
.exe windows:4 windows x86 arch:x86

7a70e459c11e41b3c1991017970e849b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetThreadContext
GetThreadPriority
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_fdopen
_read
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_beginthreadex
_cexit
_endthreadex
_errno
_filelengthi64
_fstati64
_ftime
_iob
_lseeki64
_onexit
_setjmp
_setmode
abort
atexit
atoi
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getenv
getwc
iswctype
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
realloc
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strerror
strftime
strlen
strtod
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm

Sections

.text
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_1defaddfbf365ca98d8ea63bd3d3689e.vir
.exe .js windows:5 windows x86 arch:x86 polyglot

0fdbe8bbe52056b36c6756f93480111f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

spiisupd.pdb

Imports

msvcrt

_except_handler3
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_strdup
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strlwr
strstr
strchr
strncmp
memmove
fwrite
_filelength
fread
fopen
fgetc
fseek
fclose
_initterm
vsprintf

kernel32

GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetEnvironmentVariableA
OutputDebugStringA
GetStartupInfoA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_1e26b2bb171b0d10949b328e7d991ef8.vir
.exe windows:4 windows x86 arch:x86

3f3ba99c7a17c84031710235ee2f7ba9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameA
MoveFileA
lstrcatA
lstrlenA
GetShortPathNameA
SearchPathA
lstrcpyA
Sleep
RemoveDirectoryA
CopyFileA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
GetDiskFreeSpaceA
GetVersion
CreateThread
CreateProcessA
CreateFileA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetWindowsDirectoryA
CreateDirectoryA
GetSystemDirectoryA
MultiByteToWideChar
GetFileAttributesA
CompareFileTime
SetFileTime
CloseHandle
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
LoadLibraryA
WaitForSingleObject
GetExitCodeProcess
lstrcpynA
GetCommandLineA
GetProcAddress
GetTickCount
GlobalFree
WriteFile
GlobalAlloc
MulDiv
SetFilePointer
ReadFile
FreeLibrary
GetPrivateProfileStringA
WritePrivateProfileStringA
ExitProcess
GetCurrentProcess

user32

SetWindowPos
ScreenToClient
EnableWindow
GetDlgItem
SetClassLongA
SetFocus
GetWindowRect
CharPrevA
GetParent
SendDlgItemMessageA
LoadBitmapA
IsWindowVisible
IsWindow
GetDlgItemTextA
FindWindowExA
SendMessageA
DefWindowProcA
DialogBoxParamA
EndDialog
FillRect
GetWindowTextA
DrawTextA
EndPaint
LoadIconA
LoadCursorA
RegisterClassA
SystemParametersInfoA
GetDesktopWindow
CreateWindowExA
SetWindowTextA
SetDlgItemTextA
CharNextA
CreateDialogParamA
DestroyWindow
PostQuitMessage
ShowWindow
SetForegroundWindow
MessageBoxA
wsprintfA
IsWindowEnabled
BeginPaint
SetTimer
SetRect
PeekMessageA
ExitWindowsEx
GetClientRect
DispatchMessageA

gdi32

SetBkMode
SetTextColor
CreateFontA
CreateSolidBrush
DeleteObject
BitBlt
CreateCompatibleDC
GetTextColor
LineTo
MoveToEx
CreatePen
GetStockObject
SetBkColor
GetNearestColor
CreateBrushIndirect
SelectObject

advapi32

RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegEnumValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

shell32

SHGetMalloc
ShellExecuteA
SHGetPathFromIDListA
SHFileOperationA
SHBrowseForFolderA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

comctl32

ord17

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_1ea1c69f31783c441ee5deb181251462.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_1f51c293d633499acbbf1442d304cb5b.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_203b20e8467fe7f7f83ad589a9076b47.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_2136d77ee61c553d49eda1e86a9d52c3.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_215d07979826eda2a7eb9e5d6236f087.vir
.exe windows:4 windows x86 arch:x86

Code Sign

01:01:21:b2:85:ba:aa:6f:62:28:52:63:78:1f:b7:a7
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28-01-2021 00:00

Not After

01-02-2024 23:59

Subject

SERIALNUMBER=2023017896,CN=FastStone Corporation,O=FastStone Corporation,L=Calgary,ST=Alberta,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1307416c6265727461,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:9a:48:7a:f0:d7:bc:36:f7:3e:80:6e:ba:df:17:84:81:da:0a:4d:c7:7f:34:c8:20:f7:b2:3a:74:f4:a8:18
Signer

Actual PE Digest

ec:9a:48:7a:f0:d7:bc:36:f7:3e:80:6e:ba:df:17:84:81:da:0a:4d:c7:7f:34:c8:20:f7:b2:3a:74:f4:a8:18

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_217419e1ea34bf4de1737e28f33f5d82.vir
.exe windows:5 windows x86 arch:x86

2809f39c7e3353da3419c977d3747e72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DfrgNtfs.pdb

Imports

msvcrt

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_ftol
swscanf
iswctype
_wcsicmp
_fmode
_wfopen
fgetws
fclose
wcscmp
localeconv
atoi
_local_unwind2
sprintf
towupper
swprintf
wcsstr
wcscat
wcsrchr
wcschr
wcscspn
wcsncmp
wcsncat
wcscpy
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
wcslen
wcsncpy
_wtoi
_except_handler3

advapi32

GetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
SetEntriesInAclW
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
FreeSid
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges

kernel32

FlushFileBuffers
SetFilePointer
OutputDebugStringA
GetLocalTime
LocalFree
SetErrorMode
DeviceIoControl
GlobalHandle
GetFileInformationByHandle
ExitThread
QueryPerformanceFrequency
GetComputerNameW
SetEvent
OpenEventW
GetCommandLineW
CreateThread
GetSystemPowerStatus
GetVersionExW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcess
GlobalLock
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalSize
GlobalAlloc
HeapFree
GetProcessHeap
HeapAlloc
SetLastError
ReadFile
WriteFile
InterlockedIncrement
InterlockedDecrement
Sleep
CloseHandle
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcpyW
GetFileSize
CreateFileW
ReleaseMutex
lstrcatW
FormatMessageW
GetCurrentThreadId
lstrlenW
GetTimeFormatW
GetDateFormatW
WaitForSingleObject
lstrcpynW
SizeofResource
FindResourceW
lstrcmpiW
CompareStringW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
SystemTimeToFileTime
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetDriveTypeW
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
LoadLibraryW
lstrcmpW

gdi32

GetStockObject

user32

LoadStringW
CharUpperW
wvsprintfA
SendMessageW
MessageBoxW
RegisterClassW
LoadCursorW
CreateWindowExW
SetTimer
KillTimer
PostQuitMessage
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
wsprintfW
DefWindowProcW

ntdll

NtQueryVolumeInformationFile
RtlInitializeGenericTableAvl
NtQueryInformationFile
RtlEnumerateGenericTableLikeADirectory
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlEnumerateGenericTableAvl
NtFsControlFile
NtWaitForSingleObject
RtlNumberGenericTableElementsAvl

comctl32

ord17

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoUninitialize
CoCreateInstanceEx
CLSIDFromString
ReleaseStgMedium
CoInitializeEx
CoRegisterClassObject

vssapi

ord5

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_218b32014f024659daa60c6a5af1a4e3.vir
.exe windows:4 windows x86 arch:x86

caeb449dc2ccc4cc453f4bb32f4286f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
SetCurrentDirectoryA
GetVersionExA
GetModuleFileNameA
CreateEventA
WaitForSingleObject
CloseHandle
Sleep
OutputDebugStringA
GetLastError
SetEvent
GetStringTypeW
GetStringTypeA
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
VirtualAlloc
HeapReAlloc

advapi32

RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherA
RegSetValueExA
RegDeleteValueA
OpenSCManagerA
CloseServiceHandle
CreateServiceA
OpenServiceA
DeleteService
RegisterServiceCtrlHandlerExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetServiceStatus
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA

user32

FindWindowA
MessageBoxA
RegisterDeviceNotificationA
PostMessageA

na_util

?PrintWindowsError@@YAXHPAD@Z
?PrintError@@YAXPAD@Z
?PrintWindowsError@@YAXPAD@Z
?InitDriverName@@YAXPBD@Z

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_227921fd4dd2181d4e8642b6b4b5885e.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_22fd2ad6aa1b30efe76824cc20073f24.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_234377809064660ab9736ff954a1269f.vir
.exe windows:4 windows x86 arch:x86

0b71fbfa5ec2a7376fc7b4a60e5fbb94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasHangUpA
RasGetConnectStatusA

winmm

midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
midiStreamRestart
midiStreamStop
midiOutReset
midiStreamClose

ws2_32

socket
htons
WSAAsyncSelect
closesocket
send
select
WSACleanup
WSAStartup
gethostbyname
WSASetLastError
getpeername
recv
connect
ioctlsocket
recvfrom
inet_ntoa
inet_addr
setsockopt
gethostname
accept

kernel32

MultiByteToWideChar
GetVersion
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetStdHandle
GetACP
HeapSize
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
GetStringTypeExA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
SetLastError
GetTimeZoneInformation
FileTimeToSystemTime
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
lstrlenW
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
SetFileAttributesA
GetFileAttributesA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
InterlockedExchange
VirtualProtect
VirtualQuery
GetSystemInfo
InterlockedCompareExchange

user32

GetClassNameA
GetDesktopWindow
SetWindowTextA
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetSysColorBrush
LoadStringA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
RegisterClassA
GetMenuItemID
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetSystemMenu
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
SetRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
FindWindowExA
GetWindowTextA
UnregisterClassA
GetMenuItemCount
GetDlgItem
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA

gdi32

GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetViewportOrgEx
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
CreatePen
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
CreateRectRgnIndirect
SetBkColor
LineTo
SetViewportExtEx
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
GetWindowExtEx
SetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
ScaleViewportExtEx
SetWindowOrgEx
GetROP2
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetStretchBltMode

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueA
RegCloseKey

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CLSIDFromProgID
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
UnRegisterTypeLi
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear

comctl32

ord17
ImageList_Destroy

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetConnectA
InternetSetOptionA
InternetCloseHandle
InternetOpenA

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA
ChooseColorA

Sections

.text
Size: 628KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 912KB - Virtual size: 909KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_238cff2669b437a7b4ab8c47ca91a666.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_23ec3ec686dc3f5a004e1e0f4e1d357a.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_256f0ef2fe93746bacb847c99c0c2aed.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_25a18a445cbd02a4072dc116bc85b2e4.vir
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

PyInit_unicodedata

Sections

UPX0
Size: - Virtual size: 820KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 269KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_2719ef5d6f09796bd73033584e65b07e.vir
.dll windows:5 windows x86 arch:x86

25ea79247b3cc708517f1b8aafc9c617

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\LcsWorkFile\DqSrc\binR\d3d8thk.pdb

Imports

kernel32

ExitProcess
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetSystemDirectoryA
lstrcatA
GetShortPathNameA
GetLastError
GetProcAddress
DisableThreadLibraryCalls
GetPrivateProfileStringA
LoadLibraryA
GetModuleFileNameA
OutputDebugStringA
CloseHandle
OpenFileMappingA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcess

user32

MessageBoxA
wsprintfA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

shlwapi

PathFindFileNameA

msvcr90

_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
free
_malloc_crt
_encode_pointer
vsprintf_s
_encoded_null
memset

Exports

Exports

OsThunkD3dContextCreate
OsThunkD3dContextDestroy
OsThunkD3dContextDestroyAll
OsThunkD3dDrawPrimitives2
OsThunkD3dValidateTextureStageState
OsThunkDdAddAttachedSurface
OsThunkDdAlphaBlt
OsThunkDdAttachSurface
OsThunkDdBeginMoCompFrame
OsThunkDdBlt
OsThunkDdCanCreateD3DBuffer
OsThunkDdCanCreateSurface
OsThunkDdColorControl
OsThunkDdCreateD3DBuffer
OsThunkDdCreateDirectDrawObject
OsThunkDdCreateMoComp
OsThunkDdCreateSurface
OsThunkDdCreateSurfaceEx
OsThunkDdCreateSurfaceObject
OsThunkDdDeleteDirectDrawObject
OsThunkDdDeleteSurfaceObject
OsThunkDdDestroyD3DBuffer
OsThunkDdDestroyMoComp
OsThunkDdDestroySurface
OsThunkDdEndMoCompFrame
OsThunkDdFlip
OsThunkDdFlipToGDISurface
OsThunkDdGetAvailDriverMemory
OsThunkDdGetBltStatus
OsThunkDdGetDC
OsThunkDdGetDriverInfo
OsThunkDdGetDriverState
OsThunkDdGetDxHandle
OsThunkDdGetFlipStatus
OsThunkDdGetInternalMoCompInfo
OsThunkDdGetMoCompBuffInfo
OsThunkDdGetMoCompFormats
OsThunkDdGetMoCompGuids
OsThunkDdGetScanLine
OsThunkDdLock
OsThunkDdLockD3D
OsThunkDdQueryDirectDrawObject
OsThunkDdQueryMoCompStatus
OsThunkDdReenableDirectDrawObject
OsThunkDdReleaseDC
OsThunkDdRenderMoComp
OsThunkDdResetVisrgn
OsThunkDdSetColorKey
OsThunkDdSetExclusiveMode
OsThunkDdSetGammaRamp
OsThunkDdSetOverlayPosition
OsThunkDdUnattachSurface
OsThunkDdUnlock
OsThunkDdUnlockD3D
OsThunkDdUpdateOverlay
OsThunkDdWaitForVerticalBlank

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 866B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_279b75088eecbb65f2839fa56f327824.vir
.exe windows:6 windows x86 arch:x86

eb5bc6ff6263b364dfbfb78bdb48ed59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 660KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_27aaef7a3745acc11503559dfed3dc8a.vir
.dll windows:4 windows x64 arch:x64

cf334de683bc76814fd604b626c61634

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameA

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateSemaphoreA
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesExA
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount64
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalFree
MoveFileExA
MultiByteToWideChar
OpenProcess
OutputDebugStringA
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEnvironmentVariableA
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
Sleep
SleepEx
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_beginthreadex
_chmod
_close
_endthreadex
_errno
_findclose
_findfirst64
_findnext64
_fullpath
_initterm
_lock
_pclose
_popen
_putenv
_read
_setjmp
_stat64
_time64
_ultoa
_unlock
_write
abort
atoi
calloc
exit
fclose
feof
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
isalnum
isalpha
islower
isspace
isupper
isxdigit
localeconv
malloc
mbtowc
memchr
memcpy
memmove
memset
printf
putc
realloc
signal
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
tolower
toupper
ungetc
vfprintf
wcslen
wctomb
longjmp
_unlink
_strdup
_rmdir
_open
_isatty
_fileno

secur32

AcquireCredentialsHandleA
DeleteSecurityContext
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextA

shell32

SHGetFolderPathA

ws2_32

WSAIoctl
WSASocketA

wsock32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
bind
closesocket
connect
gethostbyname
getsockname
getsockopt
htonl
htons
ioctlsocket
ntohl
ntohs
recv
select
send
setsockopt
socket

libcrypto-1_1-x64

ASN1_TIME_diff
BIO_ctrl
BIO_f_base64
BIO_free_all
BIO_new
BIO_new_mem_buf
BIO_push
BIO_read
BIO_s_mem
BIO_set_flags
BIO_write
CRYPTO_free
CRYPTO_malloc
CRYPTO_zalloc
ERR_clear_error
ERR_get_error
ERR_reason_error_string
EVP_CIPHER_CTX_block_size
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_new
EVP_CIPHER_CTX_set_padding
EVP_CipherInit_ex
EVP_DecryptFinal
EVP_DecryptUpdate
EVP_Digest
EVP_EncryptFinal
EVP_EncryptUpdate
EVP_PKEY_size
EVP_aes_128_cbc
EVP_enc_null
EVP_md_null
EVP_sha1
EVP_sha256
EVP_sm3
HMAC
PKCS5_PBKDF2_HMAC
RAND_priv_bytes
X509_NAME_get_text_by_NID
X509_STORE_CTX_get_error
X509_STORE_CTX_set_error
X509_STORE_load_locations
X509_STORE_set_flags
X509_free
X509_get0_notAfter
X509_get0_pubkey
X509_get_signature_nid
X509_get_subject_name

libssl-1_1-x64

GMTLS_client_method
OPENSSL_init_ssl
SSL_CTX_ctrl
SSL_CTX_free
SSL_CTX_get0_certificate
SSL_CTX_get_cert_store
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_set_cipher_list
SSL_CTX_use_certificate_chain_file
SSL_check_private_key
SSL_connect
SSL_free
SSL_get_error
SSL_get_peer_certificate
SSL_new
SSL_pending
SSL_read
SSL_set_default_passwd_cb_userdata
SSL_set_ex_data
SSL_set_fd
SSL_set_security_callback
SSL_set_verify
SSL_set_verify_depth
SSL_shutdown
SSL_use_PrivateKey_file
SSL_use_certificate_file
SSL_write
TLSv1_2_method

Exports

Exports

PQLocalSockaddr
PQRemoteSockaddr
PQbackendPID
PQbinaryTuples
PQcancel
PQclear
PQclientEncoding
PQcmdStatus
PQcmdTuples
PQconndefaults
PQconnectPoll
PQconnectStart
PQconnectStartParams
PQconnectdb
PQconnectdbParams
PQconnectionNeedsPassword
PQconnectionUsedPassword
PQconninfoFree
PQconninfoParse
PQconsumeInput
PQcopyResult
PQdb
PQdescribePortal
PQdescribePrepared
PQdisplayTuples
PQdsplen
PQencryptPassword
PQendcopy
PQenv2encoding
PQerrorMessage
PQescapeBytea
PQescapeByteaConn
PQescapeIdentifier
PQescapeLiteral
PQescapeString
PQescapeStringConn
PQexec
PQexecParams
PQexecParamsBatch
PQexecPrepared
PQexecPreparedBatch
PQfformat
PQfinish
PQfireResultCreateEvents
PQflush
PQfmod
PQfn
PQfname
PQfnumber
PQfreeCancel
PQfreeNotify
PQfreemem
PQfsize
PQftable
PQftablecol
PQftype
PQgetCancel
PQgetCopyData
PQgetResult
PQgetisnull
PQgetlength
PQgetline
PQgetlineAsync
PQgetssl
PQgetvalue
PQhost
PQinitOpenSSL
PQinitSSL
PQinstanceData
PQisBusy
PQisnonblocking
PQisthreadsafe
PQlibVersion
PQmakeEmptyPGresult
PQmblen
PQnfields
PQnotifies
PQnparams
PQntuples
PQoidStatus
PQoidValue
PQoptions
PQparameterStatus
PQparamtype
PQpass
PQping
PQpingParams
PQport
PQprepare
PQprint
PQprintTuples
PQprotocolVersion
PQputCopyData
PQputCopyEnd
PQputline
PQputnbytes
PQregisterEventProc
PQregisterThreadLock
PQrequestCancel
PQresStatus
PQreset
PQresetPoll
PQresetStart
PQresultAlloc
PQresultErrorField
PQresultErrorMessage
PQresultInstanceData
PQresultSetInstanceData
PQresultStatus
PQsendDescribePortal
PQsendDescribePrepared
PQsendPrepare
PQsendQuery
PQsendQueryParams
PQsendQueryParamsBatch
PQsendQueryPrepared
PQsendQueryPreparedBatch
PQserverVersion
PQsetClientEncoding
PQsetErrorVerbosity
PQsetInstanceData
PQsetNoticeProcessor
PQsetNoticeReceiver
PQsetResultAttrs
PQsetRwTimeout
PQsetSingleRowMode
PQsetdbLogin
PQsetnonblocking
PQsetvalue
PQsocket
PQstatus
PQtrace
PQtransactionStatus
PQtty
PQunescapeBytea
PQuntrace
PQuser
appendBinaryPQExpBuffer
appendPQExpBuffer
appendPQExpBufferChar
appendPQExpBufferStr
createPQExpBuffer
destroyPQExpBuffer
enlargePQExpBuffer
initPQExpBuffer
lo_close
lo_creat
lo_create
lo_export
lo_import
lo_import_with_oid
lo_lseek
lo_open
lo_read
lo_tell
lo_truncate
lo_unlink
lo_write
pg_char_to_encoding
pg_encoding_to_char
pgresStatus
printfPQExpBuffer
resetPQExpBuffer
termPQExpBuffer

Sections

.text
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_285f1fb18a22d80dd4915cefd38ee9c0.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_28cb48fce185e0188e591b3e52885a06.vir
.exe windows:5 windows x86 arch:x86

12e12319f1029ec4f8fcbed7e82df162

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
LocalFree
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_28db91db340aa2e1c38c7c4f91047c6b.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_2a11e6fcdb0695c9f03469f33f7148da.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_2a1e8c30a5d52af0bed298bc751226e7.vir
.exe windows:6 windows x64 arch:x64

e054f2f25d816b480d614092d413ed97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\vexxy\source\repos\Swoofer\x64\Release\RaimSerialChecker.pdb

Imports

kernel32

SetConsoleTextAttribute
GetStdHandle
Sleep
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlCaptureContext

msvcp140

?good@ios_base@std@@QEBA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
memcpy
__std_terminate
__current_exception
__current_exception_context
memset

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-runtime-l1-1-0

terminate
_initialize_onexit_table
_crt_atexit
_register_thread_local_exe_atexit_callback
__p___argv
_c_exit
__p___argc
_cexit
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_set_app_type
_seh_filter_exe
system
exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_2abd5bb7021d5414987b05b0fddfb1dd.vir
.dll windows:5 windows x86 arch:x86

73555389d98473977845cee90edaed91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

python27

Py_InitModule4
PyErr_NewException
PyModule_AddObject
PyInt_FromLong
PyString_FromStringAndSize
PyArg_ParseTuple
PyErr_SetString
_Py_NoneStruct

msvcr90

_initterm_e
_initterm
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_amsg_exit

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

Exports

Exports

initmsdes

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_2c6e5d323cb7d20551dcf18d51a69ff9.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Virtek.ApplicationFramework.UserAccess.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_2d8e59586c1a1c2275385e477edfa032.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_2dfe4eecf7c783897c2309cfd2470c17.vir
.dll windows:6 windows x64 arch:x64

d77db71248519ef6ffa48a89e8f8df97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup
WSAStartup
getservbyname
ntohs
freeaddrinfo
getaddrinfo
WSAGetLastError
WSASetLastError
socket
shutdown
setsockopt
send
select
recv
getsockopt
ioctlsocket
connect
closesocket
bind
__WSAFDIsSet

advapi32

CryptReleaseContext
CryptDestroyKey
CryptImportKey
CryptAcquireContextA

kernel32

SetStdHandle
SetEndOfFile
FindFirstFileExA
CancelIoEx
Sleep
GetACP
GetConsoleCP
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
GetModuleFileNameA
InitOnceExecuteOnce
GetCurrentProcessId
GetCurrentThreadId
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryExA
MultiByteToWideChar
LocalAlloc
LocalFree
CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileSizeEx
ReadFile
CloseHandle
SetLastError
WideCharToMultiByte
IsValidCodePage
GetCPInfo
IsThreadAFiber
SwitchToFiber
DeleteFiber
CreateFiber
ConvertThreadToFiber
GetStringTypeW
HeapReAlloc
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
GetFileAttributesExW
WriteConsoleW
RaiseException
FlushFileBuffers
HeapSize
FormatMessageA
LCMapStringW
CompareStringW
GetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateFileW
GetFileType
SetFilePointerEx
ExitProcess
GetModuleHandleExW
GetConsoleMode
ReadConsoleW
WriteFile
HeapFree
HeapAlloc

shlwapi

PathRemoveFileSpecA

crypt32

CertCreateCertificateChainEngine
CryptQueryObject
CertAddCRLContextToStore
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CertEnumCertificatesInStore
CertGetCertificateChain
CertDuplicateStore
CertOpenStore
CryptDecodeObjectEx
CertGetCertificateContextProperty
CertFreeCertificateContext
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptStringToBinaryA
CertCloseStore
CertFreeCertificateChainEngine

secur32

FreeContextBuffer
InitializeSecurityContextA
DecryptMessage
DeleteSecurityContext
FreeCredentialsHandle
AcquireCredentialsHandleA
QueryContextAttributesA
EncryptMessage

Exports

Exports

ma_pvio_register_callback
mariadb_cancel
mariadb_connection
mariadb_convert_string
mariadb_deinitialize_ssl
mariadb_dyncol_check
mariadb_dyncol_column_cmp_named
mariadb_dyncol_column_count
mariadb_dyncol_create_many_named
mariadb_dyncol_create_many_num
mariadb_dyncol_exists_named
mariadb_dyncol_exists_num
mariadb_dyncol_free
mariadb_dyncol_get_named
mariadb_dyncol_get_num
mariadb_dyncol_has_names
mariadb_dyncol_json
mariadb_dyncol_list_named
mariadb_dyncol_list_num
mariadb_dyncol_unpack
mariadb_dyncol_update_many_named
mariadb_dyncol_update_many_num
mariadb_dyncol_val_double
mariadb_dyncol_val_long
mariadb_dyncol_val_str
mariadb_field_attr
mariadb_free_rpl_event
mariadb_get_charset_by_name
mariadb_get_charset_by_nr
mariadb_get_info
mariadb_get_infov
mariadb_reconnect
mariadb_rpl_close
mariadb_rpl_fetch
mariadb_rpl_get_optionsv
mariadb_rpl_init_ex
mariadb_rpl_open
mariadb_rpl_optionsv
mariadb_stmt_execute_direct
mariadb_stmt_fetch_fields
mysql_affected_rows
mysql_autocommit
mysql_autocommit_cont
mysql_autocommit_start
mysql_change_user
mysql_change_user_cont
mysql_change_user_start
mysql_character_set_name
mysql_client_find_plugin
mysql_client_register_plugin
mysql_close
mysql_close_cont
mysql_close_start
mysql_commit
mysql_commit_cont
mysql_commit_start
mysql_data_seek
mysql_debug
mysql_dump_debug_info
mysql_dump_debug_info_cont
mysql_dump_debug_info_start
mysql_embedded
mysql_eof
mysql_errno
mysql_error
mysql_escape_string
mysql_fetch_field
mysql_fetch_field_direct
mysql_fetch_fields
mysql_fetch_lengths
mysql_fetch_row
mysql_fetch_row_cont
mysql_fetch_row_start
mysql_field_count
mysql_field_seek
mysql_field_tell
mysql_free_result
mysql_free_result_cont
mysql_free_result_start
mysql_get_character_set_info
mysql_get_charset_by_name
mysql_get_charset_by_nr
mysql_get_client_info
mysql_get_client_version
mysql_get_host_info
mysql_get_option
mysql_get_optionv
mysql_get_parameters
mysql_get_proto_info
mysql_get_server_info
mysql_get_server_name
mysql_get_server_version
mysql_get_socket
mysql_get_ssl_cipher
mysql_get_timeout_value
mysql_get_timeout_value_ms
mysql_hex_string
mysql_info
mysql_init
mysql_insert_id
mysql_kill
mysql_kill_cont
mysql_kill_start
mysql_list_dbs
mysql_list_fields
mysql_list_fields_cont
mysql_list_fields_start
mysql_list_processes
mysql_list_tables
mysql_load_plugin
mysql_load_plugin_v
mysql_more_results
mysql_net_field_length
mysql_net_read_packet
mysql_next_result
mysql_next_result_cont
mysql_next_result_start
mysql_num_fields
mysql_num_rows
mysql_options
mysql_options4
mysql_optionsv
mysql_ping
mysql_ping_cont
mysql_ping_start
mysql_ps_fetch_functions
mysql_query
mysql_query_cont
mysql_query_start
mysql_read_query_result
mysql_read_query_result_cont
mysql_read_query_result_start
mysql_real_connect
mysql_real_connect_cont
mysql_real_connect_start
mysql_real_escape_string
mysql_real_query
mysql_real_query_cont
mysql_real_query_start
mysql_refresh
mysql_refresh_cont
mysql_refresh_start
mysql_reset_connection
mysql_reset_connection_cont
mysql_reset_connection_start
mysql_rollback
mysql_rollback_cont
mysql_rollback_start
mysql_row_seek
mysql_row_tell
mysql_select_db
mysql_select_db_cont
mysql_select_db_start
mysql_send_query
mysql_send_query_cont
mysql_send_query_start
mysql_server_end
mysql_server_init
mysql_session_track_get_first
mysql_session_track_get_next
mysql_set_character_set
mysql_set_character_set_cont
mysql_set_character_set_start
mysql_set_local_infile_default
mysql_set_local_infile_handler
mysql_set_server_option
mysql_set_server_option_cont
mysql_set_server_option_start
mysql_shutdown
mysql_shutdown_cont
mysql_shutdown_start
mysql_sqlstate
mysql_ssl_set
mysql_stat
mysql_stat_cont
mysql_stat_start
mysql_stmt_affected_rows
mysql_stmt_attr_get
mysql_stmt_attr_set
mysql_stmt_bind_param
mysql_stmt_bind_result
mysql_stmt_close
mysql_stmt_close_cont
mysql_stmt_close_start
mysql_stmt_data_seek
mysql_stmt_errno
mysql_stmt_error
mysql_stmt_execute
mysql_stmt_execute_cont
mysql_stmt_execute_start
mysql_stmt_fetch
mysql_stmt_fetch_column
mysql_stmt_fetch_cont
mysql_stmt_fetch_start
mysql_stmt_field_count
mysql_stmt_free_result
mysql_stmt_free_result_cont
mysql_stmt_free_result_start
mysql_stmt_init
mysql_stmt_insert_id
mysql_stmt_more_results
mysql_stmt_next_result
mysql_stmt_next_result_cont
mysql_stmt_next_result_start
mysql_stmt_num_rows
mysql_stmt_param_count
mysql_stmt_param_metadata
mysql_stmt_prepare
mysql_stmt_prepare_cont
mysql_stmt_prepare_start
mysql_stmt_reset
mysql_stmt_reset_cont
mysql_stmt_reset_start
mysql_stmt_result_metadata
mysql_stmt_row_seek
mysql_stmt_row_tell
mysql_stmt_send_long_data
mysql_stmt_send_long_data_cont
mysql_stmt_send_long_data_start
mysql_stmt_sqlstate
mysql_stmt_store_result
mysql_stmt_store_result_cont
mysql_stmt_store_result_start
mysql_stmt_warning_count
mysql_store_result
mysql_store_result_cont
mysql_store_result_start
mysql_thread_end
mysql_thread_id
mysql_thread_init
mysql_thread_safe
mysql_use_result
mysql_warning_count

Sections

.text
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_2e1be399fd291016645a2d74987ba736.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_2e7117fa14e05179a030d81440615e15.vir
.exe windows:4 windows x86 arch:x86

0d98d7fac22615df5a589f292d5fc320

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lib

?DateToFileTime@convert@@YAXABNAAU_FILETIME@@@Z

odbc32

ord13
ord110
ord141
ord16
ord9
ord14
ord1
ord147
ord3
ord43
ord106
ord108
ord18
ord111
ord15
ord2
ord72
ord154
ord140
ord4

dbclient

?Init@CSysMgr@@QAEX_N@Z
?Shutdown@CSysMgr@@QAEXXZ
?CreateInstance@CSysMgrSystem@@QAEJKPAU_GUID@@KPAUtagMULTI_QI@@@Z
?g_SysMgr@@3VCSysMgr@@A

dbobjcore

Free_LPWSTRArray
Free_VARIANTArray

mfc42u

ord2527
ord3070
ord2855
ord5762
ord6127
ord4717
ord858
ord941
ord1569
ord1197
ord5261
ord4370
ord4847
ord4992
ord4704
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord3592
ord800
ord641
ord861
ord540
ord324
ord825
ord2362
ord4229
ord2567
ord4390
ord3569
ord2403
ord2015
ord4213
ord2570
ord6051
ord1768
ord4392
ord5286
ord3397
ord4418
ord3577
ord616
ord609
ord567
ord2294
ord2291
ord2634
ord538
ord5977
ord823
ord1834
ord4237
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord796
ord674
ord554
ord529
ord366
ord807
ord2486
ord2619
ord2618
ord5867
ord5996
ord2109
ord4158
ord2112
ord4451
ord5248
ord3605
ord656
ord4294
ord6871
ord2350
ord3312
ord2606
ord4609
ord4606
ord4604
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord6211
ord617
ord5297
ord5208
ord296
ord986
ord520
ord4154
ord6113
ord2613
ord1131
ord2717
ord1817
ord4233
ord3658
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4947
ord4852
ord2391
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord652
ord338
ord2836
ord4817
ord4414
ord6325
ord2099
ord5446
ord5436
ord6379
ord6390
ord4608
ord4607
ord1912
ord4257
ord4583
ord4582
ord4893
ord4364
ord4335
ord4343
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord5236
ord3743
ord1718
ord4426
ord517
ord784
ord5256
ord1165

msvcrt

wcslen
_purecall
iswprint
_CxxThrowException
wcscpy
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_vsnwprintf
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_controlfp
__CxxFrameHandler
_except_handler3

kernel32

InterlockedDecrement
InterlockedIncrement
GetStartupInfoW
GetModuleHandleW
FileTimeToSystemTime
GetSystemTimeAsFileTime
FormatMessageW

user32

GetClientRect
SendMessageW
InvalidateRect
UpdateWindow
IsWindow
GetWindowRect
EnableWindow

gdi32

GetStockObject

ole32

CoUninitialize
CoTaskMemFree
CoInitialize

oleaut32

SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocString
VariantClear
SysFreeString

msvcp60

?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Xlen@std@@YAXXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_2ecfb9233faa522432e2ed58672ca654.vir
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSIS_HTTPRequest.dll
.dll windows:5 windows x86 arch:x86

e3b9a1010ee2fc31a4b4cb9839de586c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\dev\PCHA[PCOptimizer]_Trunk_3\nsis\HTTPRequest\Release\NSIS_HTTPRequest.pdb

Imports

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW

kernel32

SetHandleCount
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
WideCharToMultiByte
MultiByteToWideChar
CreateThread
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
GetCommandLineA
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA

user32

wsprintfW

Exports

Exports

NSIS_HTTPRequest
NSIS_HTTPRequestThreaded

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/uninstall.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:80:ec:46:86:9b:dc:47:56:2d:21:d0:41:e4:2b:cd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14-03-2017 00:00

Not After

27-03-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

22:33:3b:bc:82:7b:36:30:06:e8:02:fc:4f:a2:62:14:d6:58:0a:cb
Signer

Actual PE Digest

22:33:3b:bc:82:7b:36:30:06:e8:02:fc:4f:a2:62:14:d6:58:0a:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

e26d7460d0c04056b9226a899477ba4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
CloseHandle
OpenProcess
LoadLibraryW
GetProcAddress
GetVersionExW
GlobalFree
lstrcpyW
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
DisableThreadLibraryCalls
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLastError
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers

Exports

Exports

FindProc

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
7ZipDLL.dll
.dll windows:6 windows x86 arch:x86

6d9ff435486410f3ef245681046eaf0f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4a:e5:38:d7:8b:12:71:f0:e9:3c:f8:96:71:f5:8a:4e:8d:1c:41:82
Signer

Actual PE Digest

4a:e5:38:d7:8b:12:71:f0:e9:3c:f8:96:71:f5:8a:4e:8d:1c:41:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
SetLastError
CloseHandle
GetTempPathA
GetTempFileNameA
CreateFileW
SetFileAttributesA
DeleteFileA
WriteFile
ReadFile
CreateFileA
CompareFileTime
GetProcAddress
GetSystemInfo
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
WaitForMultipleObjects
VirtualAlloc
VirtualFree
InitializeCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateSemaphoreA
LocalFileTimeToFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringW
HeapReAlloc
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
HeapFree
HeapAlloc
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
HeapSize
GetFileType
GetModuleFileNameA
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
WriteConsoleW

user32

CharPrevExA
CharNextA
CharLowerW
CharLowerA
CharUpperW
CharUpperA
CharPrevA

oleaut32

SysFreeString
VariantCopy
VariantClear
SysAllocString
SysAllocStringByteLen

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethodsDLL
SetLargePageMode

Sections

.text
Size: 417KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BDCOM/BDServices_Setup.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 660KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.data
.rdata
.reloc
.rsrc/0/version.txt
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/111
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/MANIFEST/1
.xml
.text
[0]
[1]
CommonLoggingExtension.pxt
.dll windows:6 windows x86 arch:x86

efaa10c41d4b03897a794e158592e10b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

56:e4:1f:44:7d:7c:b2:73:e3:75:c7:5c:b4:02:aa:41:12:16:9b:e8
Signer

Actual PE Digest

56:e4:1f:44:7d:7c:b2:73:e3:75:c7:5c:b4:02:aa:41:12:16:9b:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Dev\zeppelin\Libs-Jan2013\libs\Win32\Release\CommonLoggingExtension.pdb

Imports

kernel32

LoadResource
SizeofResource
LockResource
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
MapViewOfFile
UnmapViewOfFile
CreateFileW
CreateFileMappingW
CloseHandle
FindResourceExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
GetFileSize
HeapReAlloc
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LCMapStringW
GetProcAddress
GetCurrentProcess
Sleep
WriteFile
SetFilePointerEx
GetModuleFileNameW
GetModuleHandleW
ExpandEnvironmentStringsW
GetACP
IsDebuggerPresent
OutputDebugStringW
EncodePointer
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
GetStringTypeW
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW

shell32

ord51

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

shlwapi

PathUnquoteSpacesW
PathFileExistsW
PathRemoveArgsW

Exports

Exports

GetExtensionFactory

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CommonSpecialist.pxt
.dll windows:6 windows x86 arch:x86

0a3d504aac972398f493db02bca65da3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

17:6e:c4:6c:4f:40:0f:e2:ec:d9:ef:ce:36:b2:af:09:de:5c:fb:31
Signer

Actual PE Digest

17:6e:c4:6c:4f:40:0f:e2:ec:d9:ef:ce:36:b2:af:09:de:5c:fb:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Dev\zeppelin\Libs-Jan2013\libs\Win32\Release\CommonSpecialist.pdb

Imports

kernel32

LoadResource
FindResourceW
FindResourceExW
CreateFileW
LockResource
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
SizeofResource
WideCharToMultiByte
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CloseHandle
OutputDebugStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryExW
GetProcAddress
GetCurrentProcess
Sleep
GetFileSize
WriteFile
ReadFile
SetEndOfFile
SetFilePointer
SetFilePointerEx
GetModuleFileNameW
GetModuleHandleW
ExpandEnvironmentStringsW
MultiByteToWideChar
GetACP
IsDebuggerPresent
EncodePointer
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringW

shell32

SHGetFolderPathW

shlwapi

PathFileExistsW

Exports

Exports

DeleteExtensionFactory
GetExtensionFactory

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DC_offer.exe
.exe windows:5 windows x86 arch:x86

a8f13518ba9660698c9a3a32444f6079

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:5a:6a:a5:cf:30:d1:71:1c:94:ad:62:b7:a2:7a:e1:58:a5:2c:d3
Signer

Actual PE Digest

a5:5a:6a:a5:cf:30:d1:71:1c:94:ad:62:b7:a2:7a:e1:58:a5:2c:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildAgent\work\89039f0e41821154\bin\Release\DC_offer.pdb

Imports

libeay32

ord965
ord964
ord3315
ord2572
ord2784
ord2747

gdi32

DeleteObject
DeleteDC
CreateCompatibleBitmap
BitBlt
PtVisible
SelectObject
TextOutW
ExtTextOutW
Escape
RectVisible
CreateCompatibleDC
CreateBitmap
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
ExcludeClipRect
GetClipBox
GetDeviceCaps
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileW
CreateDCW
GetTextExtentPoint32W
CombineRgn
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
GetBkColor
GetTextColor
PatBlt
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
CreateFontIndirectW
GetMapMode
SetRectRgn
DPtoLP
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
GetRgnBox
CreateRoundRectRgn
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceW
CreateDIBSection

shlwapi

PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
PathFindExtensionW
StrFormatKBSizeW
PathFileExistsW

kernel32

WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
CreateThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCPInfo
GetACP
RtlUnwind
ExitProcess
FileTimeToSystemTime
ExitThread
HeapQueryInformation
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
CreateTimerQueue
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateSemaphoreW
IsValidCodePage
GetOEMCP
GetThreadTimes
FreeLibraryAndExitThread
ReleaseSemaphore
InitializeSListHead
UnregisterWaitEx
GetStringTypeW
IsValidLocale
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
WriteConsoleW
SetEnvironmentVariableA
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
GetUserDefaultLCID
FindResourceExW
SearchPathW
GetProfileIntW
VirtualProtect
GetTickCount
GetFileTime
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
GetTempFileNameW
GetWindowsDirectoryW
lstrcmpiW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
QueryDepthSList
FlushFileBuffers
DeleteFileW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
GetFileSize
GetFileAttributesW
VerifyVersionInfoW
VerSetConditionMask
GetThreadLocale
GlobalGetAtomNameW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFlags
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
CreateEventW
SetEvent
lstrcpyW
lstrcmpA
GetVersionExW
GetCurrentThread
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeResource
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
WideCharToMultiByte
SetLastError
LocalFree
GlobalSize
GetCurrentProcessId
MulDiv
VirtualFree
VirtualAlloc
GetFileSizeEx
SetFilePointer
WriteFile
BindIoCompletionCallback
GetSystemTimeAsFileTime
GetModuleHandleA
DeleteCriticalSection
DecodePointer
EnterCriticalSection
HeapSize
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GlobalFree
GlobalUnlock
Sleep
GetProcAddress
GetModuleHandleW
FindClose
FindNextFileW
MoveFileExW
FindFirstFileW
MultiByteToWideChar
ReadFile
CreateFileW
WaitForSingleObject
GetProcessId
FormatMessageW
InterlockedFlushSList
InterlockedPushEntrySList
GetFullPathNameW
InterlockedPopEntrySList
CopyFileW
GetTempPathW
GetModuleFileNameW
GetCurrentProcess
VirtualQueryEx
CloseHandle
GetLastError
CreateMutexW
OutputDebugStringW
FindResourceW
GlobalLock
GlobalAlloc
LoadResource
LockResource
SizeofResource
GetEnvironmentStringsW
GetModuleHandleExW

user32

GetComboBoxInfo
HideCaret
InvertRect
CreateMenu
DestroyCursor
GetWindowRgn
ToUnicodeEx
GetUpdateRect
TranslateMDISysAccel
DefMDIChildProcW
SetTimer
RedrawWindow
KillTimer
EndDialog
DefFrameProcW
GetSysColorBrush
SetWindowRgn
DrawStateW
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
LoadMenuW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
PostThreadMessageW
IsClipboardFormatAvailable
FrameRect
CharUpperBuffW
SubtractRect
RegisterClipboardFormatW
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
SetWindowsHookExW
GetTopWindow
GetKeyNameTextW
CreateAcceleratorTableW
LoadAcceleratorsW
MapVirtualKeyW
GetKeyboardState
CreateDialogIndirectParamW
GetNextDlgTabItem
GetParent
GetClientRect
GetWindowRect
InflateRect
IsRectEmpty
InvalidateRect
GetMessagePos
ScreenToClient
PtInRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
EnableWindow
GetWindowThreadProcessId
GetClassInfoW
SetClassLongW
GetActiveWindow
FindWindowExW
AllowSetForegroundWindow
SetForegroundWindow
SetFocus
SetActiveWindow
EnumWindows
LoadIconW
SendMessageW
IsIconic
GetSystemMetrics
DrawIcon
PostMessageW
UnregisterClassW
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
ClientToScreen
GetSysColor
FillRect
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetLastActivePopup
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
IsWindow
GetNextDlgGroupItem
SetCapture
ReleaseCapture
UpdateWindow
SetCursor
GetCursorPos
WindowFromPoint
DrawFocusRect
SetRectEmpty
CopyRect
OffsetRect
DestroyIcon
LoadImageW
CopyImage
DrawIconEx
GetIconInfo
ShowWindow
MoveWindow
SetWindowPos
GetDlgItem
CheckDlgButton
GetDlgCtrlID
GetFocus
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SetWindowLongW
GetWindow
IsDialogMessageW
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
DestroyAcceleratorTable
ModifyMenuW
SetMenuDefaultItem
GetMenuDefaultItem
CopyIcon
GetDoubleClickTime
LockWindowUpdate
CreatePopupMenu
BringWindowToTop
SetCursorPos
NotifyWinEvent
GetSystemMenu
GetDesktopWindow
CharUpperW
IsZoomed
TrackMouseEvent
SetParent
MessageBeep
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
DeleteMenu
WaitMessage
GetMenuItemInfoW
MonitorFromPoint
EnableScrollBar
DestroyMenu
GetAsyncKeyState
UpdateLayeredWindow
IsMenu
UnionRect
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SystemParametersInfoW
SetLayeredWindowAttributes
LoadCursorW
RealChildWindowFromPoint
SendDlgItemMessageA
IntersectRect
GetMessageTime
DefWindowProcW
CallWindowProcW
GetClassInfoExW
CreateWindowExW
IsChild
DestroyWindow
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetKeyState
GetCapture
GetMenu
SetMenu
TrackPopupMenu
GetForegroundWindow
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
AdjustWindowRectEx
MapWindowPoints
EqualRect
GetClassLongW
GetClassNameW
ShowOwnedPopups
TranslateMessage
GetMessageW
RegisterClassW
GetKeyboardLayout

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegQueryValueW
RegEnumValueW

shell32

ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetFileInfoW
ShellExecuteExW
SHAppBarMessage
SHGetDesktopFolder

comctl32

InitCommonControlsEx

uxtheme

GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeText
DrawThemeParentBackground
IsAppThemed
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData

ole32

CoRegisterMessageFilter
CoRevokeClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateGuid

oleaut32

VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
OleCreateFontIndirect

oledlg

OleUIBusyW

gdiplus

GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipDrawImageRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFromHDC
GdipCreateFont
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipMeasureString
GdipSetInterpolationMode
GdipBitmapUnlockBits
GdipDrawImageI
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetFontHeight
GdipGetImageGraphicsContext
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipDrawImagePointRectI
GdiplusStartup
GdipDeleteFont

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

winhttp

WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpWriteData
WinHttpReadData
WinHttpSetOption
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpOpen
WinHttpConnect

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 491KB - Virtual size: 491KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtensionManager.dll
.dll windows:6 windows x86 arch:x86

a2515c7348d788f33ce2e0f3eb9797aa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:58:7f:69:9a:89:34:e5:8a:2c:a6:aa:2f:ab:7c:57:8f:e4:4d:14
Signer

Actual PE Digest

6c:58:7f:69:9a:89:34:e5:8a:2c:a6:aa:2f:ab:7c:57:8f:e4:4d:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Dev\zeppelin\Libs-Jan2013\libs\Win32\Release\ExtensionManager.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
RaiseException
FindResourceExW
DecodePointer
DeleteCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindClose
FindNextFileW
FindFirstFileExW
GetProcAddress
GetLastError
LoadLibraryW
FlushFileBuffers
WriteConsoleW
GetCurrentProcess
Sleep
WriteFile
SetFilePointerEx
CloseHandle
GetModuleFileNameW
GetModuleHandleW
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetACP
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStringTypeW
LCMapStringW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetStdHandle

shlwapi

PathFileExistsW

rpcrt4

RpcStringFreeW
UuidToStringW

Exports

Exports

DeleteExtensionManager
GetExtensionManager

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTML/0_days.htm
.html
HTML/15_days.htm
.html
HTML/1_days.htm
.html
HTML/2_days.htm
.html
HTML/30_days.htm
.html
HTML/5_days.htm
.html
HTML/container_content_bkimg.gif
.gif
HTML/container_content_leftimg.gif
.gif
HTML/container_content_rightimg.gif
.gif
HTML/error_connect.html
.html
HTML/images/10x10.gif
.gif
HTML/images/10x10tile.gif
.gif
HTML/images/contentwrapper.gif
.gif
HTML/images/error_internet.jpg
.jpg
HTML/images/footerbarfill.gif
.gif
HTML/images/info_bubble.jpg
.jpg
HTML/images/pcha_background.jpg
.jpg
HTML/images/tile_footerbarbase.jpg
.jpg
HTML/images/tile_subheadbarbase.jpg
.jpg
HTML/images/tile_titlebarbase.jpg
.jpg
HTML/main.css
HTML/main_error.css
HTML/package_titlebar_bkimg.jpg
.jpg
HandleUpdate.dll
.dll windows:5 windows x86 arch:x86

cf4dc42e550c0f7f647d02386b7f511e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

17:a4:45:2a:df:75:d9:20:42:cc:45:ba:81:c1:fc:a2:0f:79:8d:e1
Signer

Actual PE Digest

17:a4:45:2a:df:75:d9:20:42:cc:45:ba:81:c1:fc:a2:0f:79:8d:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\PC Optimizer\trunk\HandleUpdate\Release\HandleUpdate.pdb

Imports

shlwapi

StrFormatKBSizeW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW

kernel32

GetCPInfo
GetTimeZoneInformation
GetStringTypeW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
GetOEMCP
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetACP
IsValidCodePage
SizeofResource
LockResource
LoadResource
FindResourceW
CopyFileW
QueryPerformanceCounter
VirtualQueryEx
GetCurrentProcess
GetModuleFileNameW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
GetCurrentThread
GetCurrentThreadId
GetVersionExW
FreeLibrary
LoadLibraryExW
GlobalAlloc
GlobalLock
GlobalDeleteAtom
lstrcmpA
lstrcmpW
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
GlobalUnlock
GlobalFree
LocalFree
MulDiv
FormatMessageW
SetLastError
CloseHandle
WaitForSingleObject
SetThreadPriority
GetModuleFileNameA
GetStartupInfoW
GetStdHandle
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
IsProcessorFeaturePresent
IsDebuggerPresent
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
RtlUnwind
GetCommandLineA
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
ResumeThread
GetModuleHandleW
GetProcAddress
Sleep
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
lstrcpyW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
GlobalFindAtomW
LoadLibraryA
FreeResource
FileTimeToSystemTime
GlobalGetAtomNameW
DeleteFileW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
GetSystemDirectoryW
EncodePointer
SetErrorMode
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryW
GetModuleHandleA
OutputDebugStringA
GetCurrentProcessId
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW

user32

MapDialogRect
DestroyCursor
GetWindowRgn
DrawIcon
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongW
LockWindowUpdate
SetParent
SetCursorPos
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetSystemMenu
IsZoomed
GetComboBoxInfo
TrackMouseEvent
GetKeyNameTextW
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
MonitorFromPoint
UpdateLayeredWindow
IsMenu
UnionRect
SetWindowRgn
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
MessageBeep
GetIconInfo
DrawIconEx
LoadImageW
IsRectEmpty
OffsetRect
SetRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SendDlgItemMessageA
IntersectRect
InflateRect
GetMenuItemInfoW
DestroyMenu
CharUpperW
DestroyIcon
IsIconic
IsDialogMessageW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetTopWindow
GetClassLongW
SetWindowLongW
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
UnregisterClassW
PostMessageW
PostQuitMessage
GetMenuStringW
GetMenuState
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetWindowTextLengthW
LoadCursorW
GetSysColorBrush
GetSystemMetrics
FillRect
GetSysColor
ScreenToClient
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
InvalidateRect
UpdateWindow
KillTimer
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
SendMessageW
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetParent
LoadBitmapW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
ShowOwnedPopups
SetCursor
EnableWindow
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetWindowThreadProcessId
GetLastActivePopup
UnhookWindowsHookEx
GetClientRect
CopyImage
SystemParametersInfoW
DeleteMenu
GetDlgCtrlID
SetWindowTextW
GetWindowTextW
GetWindowRect
ClientToScreen
PtInRect
GetDesktopWindow
GetClassNameW
GetWindow
RealChildWindowFromPoint
SetTimer
SetRect

gdi32

SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
SelectObject
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetDeviceCaps
CreateDCW
GetSystemPaletteEntries
CopyMetaFileW
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
GetViewportExtEx
CreateCompatibleDC
BitBlt
DeleteObject
CreateBitmap

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHAppBarMessage

uxtheme

GetThemePartSize
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsAppThemed

ole32

OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoDisconnectObject
CoInitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
CoCreateInstance
IsAccelerator

oleaut32

LoadTypeLi
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
VariantCopy
VariantChangeType
VarBstrFromDate
SysFreeString
SysAllocString
VariantInit

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Exports

Exports

HU_ReloadDatabase

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Images/cancel.png
.png
Images/cancel_over.png
.png
Images/health rating/pchealth_high.png
.png
Images/health rating/pchealth_high_short.png
.png
Images/health rating/pchealth_low.png
.png
Images/health rating/pchealth_low_short.png
.png
Images/health rating/pchealth_medium.png
.png
Images/health rating/pchealth_medium_short.png
.png
Images/health rating/pchealth_unrated.png
.png
Images/health rating/pchealth_unrated_short.png
.png
Images/register.png
.png
Images/register_over.png
.png
Images/regonly.png
.png
Images/regonly_over.png
.png
LiteUnzip.dll
.dll windows:4 windows x86 arch:x86

f7a84048399bc4a2d1221cc8bdd7c96e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e5:54:75:89:20:87:dd:50:5d:bd:a9:f2:63:7d:dd:0a:04:95:2d:74
Signer

Actual PE Digest

e5:54:75:89:20:87:dd:50:5d:bd:a9:f2:63:7d:dd:0a:04:95:2d:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GlobalFree
GlobalAlloc
CreateDirectoryA
GetLastError
CreateDirectoryW
CloseHandle
SetFileTime
WriteFile
CreateFileA
CreateFileW
IsBadReadPtr
SetFilePointer
lstrcmpA
LocalFileTimeToFileTime
SystemTimeToFileTime
MultiByteToWideChar
lstrlenA
lstrcpyA
lstrcmpiA
WideCharToMultiByte
GetCurrentDirectoryA
DuplicateHandle
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
DisableThreadLibraryCalls
FlushFileBuffers
LoadLibraryA
GetCommandLineA
GetProcAddress
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
SetStdHandle

user32

LoadStringA
LoadStringW

Exports

Exports

UnzipClose
UnzipFindItemA
UnzipFindItemW
UnzipFormatMessageA
UnzipFormatMessageW
UnzipGetItemA
UnzipGetItemW
UnzipItemToBuffer
UnzipItemToFileA
UnzipItemToFileW
UnzipItemToHandle
UnzipOpenBuffer
UnzipOpenFileA
UnzipOpenFileW
UnzipOpenHandle
UnzipSetBaseDirA
UnzipSetBaseDirW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LiteZip.dll
.dll windows:4 windows x86 arch:x86

a4f9b29cfb961f52cf212be6c0353a3b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e2:ff:76:c3:c8:43:01:8e:31:ff:48:6b:92:fa:0b:06:f9:3d:e4:0b
Signer

Actual PE Digest

e2:ff:76:c3:c8:43:01:8e:31:ff:48:6b:92:fa:0b:06:f9:3d:e4:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
SetFilePointer
ReadFile
GlobalFree
CloseHandle
GlobalAlloc
lstrlenA
lstrcmpiA
lstrcpyA
WideCharToMultiByte
SystemTimeToFileTime
GetLocalTime
CreateFileA
CreateFileW
IsBadReadPtr
GetFileSize
GetFileInformationByHandle
WriteFile
FindClose
FindNextFileA
FindFirstFileA
lstrlenW
lstrcpyW
FindNextFileW
FindFirstFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
DuplicateHandle
GetCurrentProcess
DisableThreadLibraryCalls
GetTickCount
FlushFileBuffers
LoadLibraryA
HeapFree
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetStdHandle

user32

LoadStringW
LoadStringA
GetDesktopWindow

Exports

Exports

ZipAddBufferA
ZipAddBufferW
ZipAddDirA
ZipAddDirW
ZipAddFileA
ZipAddFileW
ZipAddFolderA
ZipAddFolderW
ZipAddHandleA
ZipAddHandleW
ZipAddPipeA
ZipAddPipeW
ZipClose
ZipCreateBuffer
ZipCreateFileA
ZipCreateFileW
ZipCreateHandle
ZipFormatMessageA
ZipFormatMessageW
ZipGetMemory
ZipOptions
ZipResetMemory

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LogSettings.xml
MyResources.dll
.dll windows:5 windows x86 arch:x86

89a6d69512ddd5caf6edc165bcb08fbf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f3:14:b5:1a:43:54:ae:0f:c3:bb:1e:fd:5e:bc:54:61:14:78:b7:ca
Signer

Actual PE Digest

f3:14:b5:1a:43:54:ae:0f:c3:bb:1e:fd:5e:bc:54:61:14:78:b7:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\BuildAgent\work\3c1bfb232f05ccfe\bin\Release\MyResources.pdb

Imports

kernel32

GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapAlloc
HeapReAlloc
GetStringTypeW
OutputDebugStringW
HeapSize
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 509KB - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PCHA.exe
.exe windows:5 windows x86 arch:x86

71e8083a60a680df385211ffbd23d452

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

82:59:56:7b:52:65:e2:29:62:36:09:39:ce:7f:49:2c:67:0d:18:a0
Signer

Actual PE Digest

82:59:56:7b:52:65:e2:29:62:36:09:39:ce:7f:49:2c:67:0d:18:a0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildAgent\work\3c1bfb232f05ccfe\bin\Release\PCHA.pdb

Imports

rpcrt4

UuidCreateSequential

winmm

PlaySoundW

wininet

InternetCloseHandle
InternetReadFile
InternetOpenW
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetSetFilePointer
InternetWriteFile
InternetQueryDataAvailable
InternetGetLastResponseInfoW
InternetSetStatusCallbackW
InternetConnectW

shfolder

SHGetFolderPathW

shell32

SHQueryRecycleBinW
DragQueryFileW
DragFinish
SHGetMalloc
SHCreateDirectoryExW
SHAppBarMessage
ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteExW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHFileOperationW
SHEmptyRecycleBinW

ole32

OleRun
CoTaskMemAlloc
OleDuplicateData
ReleaseStgMedium
CoCreateGuid
CreateStreamOnHGlobal
OleDraw
CoFreeUnusedLibraries
CLSIDFromString
CLSIDFromProgID
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
DoDragDrop
OleFlushClipboard
OleLockRunning
OleIsCurrentClipboard
OleGetClipboard
CoDisconnectObject
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoInitialize
StringFromGUID2
CoTaskMemFree
CoCreateInstance
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoUninitialize
CoInitializeSecurity
CoInitializeEx

shlwapi

PathFileExistsW
PathStripPathW
StrFormatByteSizeW
PathIsDirectoryW
StrFormatKBSizeW
PathAppendW
PathIsUNCW
PathFindFileNameW
PathRemoveFileSpecW
SHDeleteKeyW
PathStripToRootW
PathUnquoteSpacesW
PathGetCharTypeW
PathAddExtensionW
PathIsNetworkPathW
PathFindExtensionW
PathFindOnPathW

gdi32

ExtTextOutW
TextOutW
RectVisible
PtVisible
BitBlt
GetDeviceCaps
SelectObject
CreateFontIndirectW
CreateSolidBrush
CreateDCW
GetTextExtentPoint32W
DeleteDC
DeleteObject
SetBkColor
SetTextColor
GetCurrentObject
GetObjectW
CreatePen
GetTextColor
Escape
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
LineTo
IntersectClipRect
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
CreateRectRgn
CreateHatchBrush
CreateBitmap
GetStockObject
CreatePatternBrush
CreateDIBSection
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateRectRgnIndirect
GetViewportExtEx
SetRectRgn
CopyMetaFileW
CreateEllipticRgn
Ellipse
GetMapMode
CreatePolygonRgn
Polygon
Polyline
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
GetDIBits
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
CreateRoundRectRgn
GetRgnBox
OffsetRgn
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RoundRect
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
GetViewportOrgEx
GetWindowOrgEx
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetTextFaceW
SetPixelV
DPtoLP
RestoreDC
SaveDC
SelectClipRgn
GetBkColor
GetWindowExtEx
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
PatBlt
SetWindowOrgEx

comctl32

ImageList_Draw
ImageList_ReplaceIcon
InitCommonControlsEx

user32

UpdateLayeredWindow
IsMenu
UnionRect
EnumDisplayMonitors
SetLayeredWindowAttributes
RealChildWindowFromPoint
GetSysColorBrush
DrawFrameControl
DrawEdge
CharUpperW
GetMenuItemInfoW
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
IsZoomed
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
GetMessageW
MapVirtualKeyW
GetKeyNameTextW
SendDlgItemMessageA
SetWindowRgn
GetDesktopWindow
GetNextDlgTabItem
EndDialog
DrawStateW
GetIconInfo
CopyImage
LoadImageW
SetRectEmpty
WindowFromPoint
GetNextDlgGroupItem
IsDlgButtonChecked
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
IsWindowEnabled
IntersectRect
ClientToScreen
GetMonitorInfoW
MonitorFromWindow
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetTopWindow
GetClassLongW
EqualRect
MapWindowPoints
AdjustWindowRectEx
ShowWindow
UpdateWindow
DefWindowProcW
FindWindowExW
UnregisterClassW
CallWindowProcW
RegisterWindowMessageW
LoadMenuW
EnumChildWindows
IsIconic
DestroyMenu
GetFocus
InflateRect
DrawFocusRect
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
GetMenuItemCount
GetMenuItemID
SetMenu
GetMenu
GetCapture
GetKeyState
EnableScrollBar
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetMessageTime
wsprintfW
MonitorFromPoint
DeleteMenu
NotifyWinEvent
CopyAcceleratorTableW
InvalidateRgn
CharNextW
SetParent
ModifyMenuW
IsRectEmpty
SetActiveWindow
EnumWindows
AllowSetForegroundWindow
GetWindowThreadProcessId
GetSubMenu
SetMenuDefaultItem
GetCursorPos
CopyRect
ShowScrollBar
OffsetRect
DestroyWindow
PostQuitMessage
WaitMessage
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
CreateDialogIndirectParamW
GetWindow
GetAsyncKeyState
SetClipboardData
EmptyClipboard
GetWindowTextW
WinHelpW
SetWindowTextW
MoveWindow
SetForegroundWindow
SetWindowPos
SetFocus
CheckDlgButton
GetSystemMenu
EnableMenuItem
GetClassNameW
SetWindowLongW
FillRect
GetDlgItem
DestroyIcon
LoadIconW
GetDialogBaseUnits
GetSysColor
EndPaint
GetWindowLongW
DrawIcon
BeginPaint
MessageBeep
LoadStringW
MessageBoxW
GetLastActivePopup
GetActiveWindow
GetScrollInfo
GetSystemMetrics
RedrawWindow
SystemParametersInfoW
GetWindowRect
SetRect
PostMessageW
ReleaseCapture
LoadCursorW
SetCursor
SetCapture
GetDC
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SendMessageW
GetParent
IsWindow
PostThreadMessageW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
LockWindowUpdate
PtInRect
ScreenToClient
GetMessagePos
InvalidateRect
EnableWindow
SetTimer
KillTimer
IsWindowVisible
ReleaseDC
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
GetClientRect
SetClassLongW
SetCursorPos
GetDoubleClickTime
CopyIcon
CharUpperBuffW
FrameRect
HideCaret
InvertRect
TrackPopupMenu
ExitWindowsEx
DrawIconEx
TrackMouseEvent
CreatePopupMenu
GetMenuDefaultItem
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetUpdateRect
GetComboBoxInfo
CreateMenu
DestroyCursor
GetWindowRgn
GetDlgCtrlID
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
RegisterClipboardFormatW

kernel32

LocalAlloc
LocalLock
LocalFree
LocalUnlock
CreateDirectoryW
GetSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
WideCharToMultiByte
GetCurrentThread
GetLastError
HeapAlloc
GetProcessHeap
CloseHandle
HeapFree
SetCurrentDirectoryW
CreateMutexW
GetUserDefaultUILanguage
HeapReAlloc
InitializeCriticalSectionAndSpinCount
HeapDestroy
RaiseException
OutputDebugStringW
DecodePointer
lstrcmpiW
lstrlenW
GetExitCodeThread
TerminateThread
Sleep
GlobalMemoryStatusEx
TryEnterCriticalSection
GetCurrentProcessId
OpenProcess
TerminateProcess
GetWindowsDirectoryW
GlobalFree
GetLocaleInfoW
lstrcmpW
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceW
FindResourceExW
VirtualAlloc
VirtualFree
SetEvent
WaitForMultipleObjects
DeviceIoControl
CreateEventW
CreateFileW
DeleteFileW
CreateTimerQueue
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueue
WriteFile
WaitForSingleObject
FormatMessageW
GetProcessId
OutputDebugStringA
ReadFile
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
FindClose
GetTimeZoneInformation
GetFileSizeEx
GetTempPathW
GetTempFileNameW
MoveFileExW
GetSystemTimes
SetFilePointer
InterlockedDecrement
ResetEvent
lstrcpynW
GetVersion
IsWow64Process
EncodePointer
SetLastError
GetCurrentThreadId
GetSystemDirectoryW
FreeResource
GetModuleHandleA
LoadLibraryExW
GlobalDeleteAtom
LoadLibraryA
GlobalAddAtomW
GlobalFindAtomW
GlobalSize
CopyFileW
lstrcmpA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
SetThreadPriority
SuspendThread
ResumeThread
GlobalGetAtomNameW
CompareStringA
lstrcpyW
GetProfileIntW
FlushFileBuffers
GetFileSize
GetFullPathNameW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetThreadLocale
TlsAlloc
GlobalAlloc
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
GetSystemDefaultUILanguage
GlobalFlags
VerSetConditionMask
VerifyVersionInfoW
GetFileAttributesW
GetCurrentDirectoryW
GetFileTime
GetUserDefaultLCID
GetFileAttributesExW
SetErrorMode
SearchPathW
VirtualProtect
GetCommandLineW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
IsDebuggerPresent
IsProcessorFeaturePresent
CreateThread
ExitThread
RtlUnwind
GetCPInfo
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
GetThreadPriority
GetLogicalProcessorInformation
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
SetStdHandle
GetFileType
GetSystemInfo
VirtualQuery
HeapQueryInformation
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetThreadTimes
FreeLibraryAndExitThread
ReleaseSemaphore
InitializeSListHead
UnregisterWaitEx
GetFileInformationByHandle
PeekNamedPipe
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
WriteConsoleW
SetEnvironmentVariableA
GlobalUnlock
MultiByteToWideChar
GlobalLock
SetEnvironmentVariableW
GetEnvironmentVariableW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
InitializeCriticalSection
InterlockedIncrement
RemoveDirectoryW
LoadLibraryExA
BindIoCompletionCallback
GetVersionExA
GlobalMemoryStatus
lstrlenA
GetModuleHandleW
MulDiv
GetVersionExW
GetLocalTime
TlsGetValue
GetModuleFileNameW
HeapSize

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryInfoKeyW
ReportEventA
DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
OpenThreadToken
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegDeleteValueW
LookupAccountNameW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegEnumKeyExW
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetEntriesInAclW
ConvertSidToStringSidW
FreeSid
AllocateAndInitializeSid
GetSecurityDescriptorControl
SetFileSecurityW
GetUserNameW
RegEnumValueW
RegNotifyChangeKeyValue
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
RegCreateKeyW
RegisterEventSourceA

oleaut32

VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SysStringLen
DispCallFunc
VariantChangeType
VariantCopy
LoadTypeLi
VarBstrFromDate
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
GetErrorInfo
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SysFreeString

gdiplus

GdipFillRectangle
GdipCloneBrush
GdipLoadImageFromFile
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipCloneImage
GdipGraphicsClear
GdipDeleteFont
GdipSetSmoothingMode
GdipDisposeImage
GdipDeleteBrush
GdipCreateLineBrushFromRectWithAngle
GdipDrawImage
GdipCreateStringFormat
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdiplusStartup
GdipSetInterpolationMode
GdipSetLineBlend
GdipAddPathEllipseI
GdipCreateBitmapFromHBITMAP
GdipCombineRegionRect
GdipAddPathArcI
GdipClonePath
GdipSetStringFormatHotkeyPrefix
GdipCreateFontFromLogfontW
GdipResetClip
GdipSetClipRegion
GdipSetClipPath
GdipSetClipRect
GdipFillEllipse
GdipDrawEllipse
GdipCreatePen2
GdipSetPathGradientFocusScales
GdipSetPathGradientBlend
GdipGetPathGradientPointCount
GdipSetPathGradientCenterPoint
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipSetLineWrapMode
GdipDrawImageRect
GdipCreateLineBrushFromRect
GdipDeleteRegion
GdipCreateRegionPath
GdipAddPathEllipse
GdipAddPathRectangle
ord1
GdipAddPathLine
GdipClosePathFigure
GdipDrawImageRectRectI
GdipReleaseDC
GdipGetDC
GdipDrawLineI
GdipCreateHICONFromBitmap
GdipCreateBitmapFromFile
GdipDrawRectangle
GdipFillPath
GdipDrawPath
GdipAddPathPath
GdipAddPathLineI
GdipAddPathPolygonI
GdipTranslateMatrix
GdipGetPathWorldBounds
GdipTransformPath
GdipScaleMatrix
GdipCreateMatrix
GdipDeleteMatrix
GdipCreateMatrix2
GdipAddPathLine2I
GdipDeletePath
GdipCreatePath
GdipDrawImageRectI
GdipSetStringFormatFlags
GdiplusShutdown
GdipCreateFromHWND
GdipSetPixelOffsetMode
GdipCreateLineBrushFromRectI
GdipDeletePen
GdipCreatePen1
GdipDrawRectangleI
GdipFillRectangleI
GdipSetTextRenderingHint
GdipDrawString
GdipGetFontHeight
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipCreateFont
GdipGetFamily
GdipDeleteFontFamily
GdipMeasureString
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat

oledlg

OleUIBusyW

psapi

GetProcessMemoryInfo

crypt32

CertGetNameStringW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

iphlpapi

GetAdaptersInfo

msimg32

AlphaBlend
TransparentBlt

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
WTHelperGetProvSignerFromChain
CryptCATAdminCalcHashFromFileHandle
WTHelperGetProvCertFromChain

litezip

ZipClose
ZipAddBufferW
ZipCreateFileW
ZipAddFileW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msi

ord173
ord217

winhttp

WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpOpen
WinHttpSetOption
WinHttpConnect
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpWriteData
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 780KB - Virtual size: 779KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RegHookSpecialist.pxt
.dll windows:6 windows x86 arch:x86

641040031fa11b4b4b8f90899bf02d8c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e6:34:6b:e8:0c:fe:04:9b:9a:b7:a3:f5:98:87:27:97:a8:60:6f:e6
Signer

Actual PE Digest

e6:34:6b:e8:0c:fe:04:9b:9a:b7:a3:f5:98:87:27:97:a8:60:6f:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Dev\zeppelin\Libs-Jan2013\libs\Win32\Release\RegHookSpecialist.pdb

Imports

kernel32

RaiseException
InitializeCriticalSectionAndSpinCount
GetProcAddress
LoadLibraryW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetLongPathNameW
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryExW
GetCurrentProcess
Sleep
WriteFile
SetFilePointerEx
CloseHandle
GetModuleFileNameW
GetModuleHandleW
ExpandEnvironmentStringsW
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetACP
IsDebuggerPresent
OutputDebugStringW
EncodePointer
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
GetStringTypeW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegCloseKey
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW

shlwapi

PathRemoveArgsW
PathUnquoteSpacesW
PathFileExistsW
PathStripPathW

Exports

Exports

DeleteExtensionFactory
GetExtensionFactory

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandBoxer.dll
.dll windows:5 windows x86 arch:x86

bf560e83ce66143157aa1f0bdf01a325

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e8:f0:51:82:cc:5e:ea:9d:51:eb:97:7a:99:5e:5c:64:fd:4c:83:30
Signer

Actual PE Digest

e8:f0:51:82:cc:5e:ea:9d:51:eb:97:7a:99:5e:5c:64:fd:4c:83:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\Libs-Jan2013\common\SandBoxer\Win32\Release\SandBoxer.pdb

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
UnhandledExceptionFilter
RtlUnwind
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrlenA
lstrcpyW
lstrcpyA
lstrcmpiW
lstrcmpiA
lstrcatW
WriteProcessMemory
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
UnmapViewOfFile
TerminateThread
TerminateProcess
Sleep
SetThreadPriority
SetLastError
SetEvent
ResumeThread
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
OpenProcess
OpenMutexW
OpenMutexA
OpenFileMappingW
OpenFileMappingA
DeleteCriticalSection
OpenEventA
MapViewOfFile
LoadLibraryExA
LoadLibraryA
IsBadWritePtr
IsBadReadPtr
GetVersionExW
GetVersionExA
GetTickCount
GetThreadContext
GetSystemDirectoryW
GetSystemDirectoryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetCurrentThread
GetCurrentProcessId
GetCurrentDirectoryW
GetCurrentDirectoryA
InterlockedExchange
FormatMessageA
DuplicateHandle
DeleteFileW
CreateThread
CreateSemaphoreA
CreateProcessW
CreateProcessA
CreatePipe
CreateMutexW
CreateMutexA
CreateFileMappingW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
DecodePointer
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GlobalFree
GlobalAlloc
GetCurrentProcess
ReadFile
GetFileSize
OutputDebugStringW
CloseHandle
WriteFile
CreateFileW
GetModuleFileNameW
lstrlenW
HeapFree
HeapReAlloc
GetLastError
GetProcessHeap
OpenEventW
HeapAlloc
GetStringTypeW
LoadLibraryExW
IsDebuggerPresent
EncodePointer
IsProcessorFeaturePresent
GetModuleHandleExW
MultiByteToWideChar
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
WriteConsoleW

user32

CloseDesktop
DispatchMessageA
GetUserObjectInformationA
MsgWaitForMultipleObjects
OpenInputDesktop
PeekMessageA
TranslateMessage
MessageBoxA
GetKeyboardType
GetThreadDesktop

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
EqualSid
FreeSid
GetLengthSid
InitializeSecurityDescriptor
IsValidSid
LookupPrivilegeValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA
RegSetValueExW
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetTokenInformation
OpenProcessToken
LsaOpenPolicy
LsaAddAccountRights
GetKernelObjectSecurity

oleaut32

SysReAllocStringLen
SysFreeString

shlwapi

PathRemoveFileSpecW
PathAppendW

Exports

Exports

SandBox

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UNS.xml
Utility.pxt
.dll windows:6 windows x86 arch:x86

2415d4ec6cfa61b5db01bb130bbe38d8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ae:56:bb:d1:3c:25:a5:e8:a3:0d:54:20:44:cc:ec:95:14:b6:d8:45
Signer

Actual PE Digest

ae:56:bb:d1:3c:25:a5:e8:a3:0d:54:20:44:cc:ec:95:14:b6:d8:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Dev\zeppelin\Libs-Jan2013\libs\Win32\Release\UtilityExtensions.pdb

Imports

litezip

ZipCreateFileW
ZipAddHandleW
ZipClose
ZipAddFileW

liteunzip

UnzipSetBaseDirW
UnzipClose
UnzipItemToFileW
UnzipGetItemW
UnzipOpenFileW

fltlib

FilterSendMessage
FilterUnload
FilterConnectCommunicationPort
FilterGetMessage
FilterReplyMessage
FilterLoad

rpcrt4

UuidFromStringW
UuidCreateSequential

kernel32

GetDateFormatW
GetTimeFormatW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateFileW
CloseHandle
MultiByteToWideChar
GetFileSize
SetFilePointerEx
ReadFile
OutputDebugStringW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
SetFilePointer
WriteFile
SetEndOfFile
FindFirstFileW
FindNextFileW
FindClose
GetLogicalDriveStringsW
GetFileAttributesW
RemoveDirectoryW
WideCharToMultiByte
CreateEventW
SetEvent
WaitForSingleObject
ResumeThread
FindFirstVolumeW
FindVolumeClose
WaitForMultipleObjects
GetVolumeInformationW
FindNextVolumeW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
SystemTimeToFileTime
ExpandEnvironmentStringsW
GetLongPathNameW
GetTempPathW
CopyFileW
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
LocalFree
lstrcmpiW
GetEnvironmentVariableW
FileTimeToSystemTime
GetModuleHandleW
GetVersionExW
MoveFileW
OpenProcess
GlobalAlloc
GlobalFree
GetLocalTime
lstrlenW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
FreeEnvironmentStringsW
GetSystemTime
CreateDirectoryW
MoveFileExW
Sleep
DeleteFileW
ResetEvent
SetFileAttributesW
VirtualQuery
ReadConsoleW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
GetDriveTypeW
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
GetFileType
GetTimeZoneInformation
GetStdHandle
GetOEMCP
IsValidCodePage
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwind
GetCommandLineA
GetCPInfo
LoadLibraryExW
ExitThread
GetCurrentThreadId
CreateThread
EncodePointer
GetStringTypeW
GetCurrentProcess
ReadProcessMemory
TerminateProcess
GetCurrentThread
SetLastError
GetACP
VirtualAlloc
VirtualFree
GetFullPathNameW
GetFullPathNameA
CreateFileA
TlsGetValue
UnlockFile
LockFile
GetSystemTimeAsFileTime
TlsSetValue
GetFileAttributesA
FlushFileBuffers
LockFileEx
LoadLibraryA
GetVersionExA
TlsAlloc
GetTempPathA
AreFileApisANSI
DeleteFileA
IsDebuggerPresent

user32

wsprintfW

advapi32

AddAce
OpenThreadToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetFileSecurityW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityW
LookupAccountNameW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegEnumKeyW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetFolderPathW
SHFileOperationW
SHCreateDirectoryExW

ole32

CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoInitializeEx
CoInitialize
CoUninitialize

oleaut32

SysAllocStringLen
SysFreeString

shlwapi

PathIsDirectoryEmptyW
PathIsDirectoryW
PathAppendW
PathQuoteSpacesW
PathRemoveFileSpecW
PathFindFileNameW
PathAddBackslashW
StrToIntW
PathFileExistsW

Exports

Exports

GetExtensionFactory

Sections

.text
Size: 712KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/HTML/0_days.htm
.html
bin/HTML/15_days.htm
.html
bin/HTML/1_days.htm
.html
bin/HTML/2_days.htm
.html
bin/HTML/30_days.htm
.html
bin/HTML/5_days.htm
.html
bin/HTML/images/10x10.gif
.gif
bin/HTML/images/10x10tile.gif
.gif
bin/HTML/images/contentwrapper.gif
.gif
bin/HTML/images/error_internet.jpg
.jpg
bin/HTML/images/footerbarfill.gif
.gif
bin/HTML/images/info_bubble.jpg
.jpg
bin/HTML/images/pcha_background.jpg
.jpg
bin/HTML/images/tile_footerbarbase.jpg
.jpg
bin/HTML/images/tile_subheadbarbase.jpg
.jpg
bin/HTML/images/tile_titlebarbase.jpg
.jpg
bin/HTML/main.css
bin/HTML/main_error.css
colors.xml
images/Main/bg.png
.png
images/Main/bg_logo.png
.png
images/Main/left_stretch.png
.png
images/Main/lower_left.png
.png
images/Main/lower_right.png
.png
images/Main/lower_stretch.png
.png
images/Main/nav_back.png
.png
images/Main/nav_bg.png
.png
images/Main/nav_forward.png
.png
images/Main/right_stretch.png
.png
images/Main/tabs/active_tab_left.png
.png
images/Main/tabs/active_tab_right.png
.png
images/Main/tabs/active_tab_stretch.png
.png
images/Main/tabs/tab_left.png
.png
images/Main/tabs/tab_right.png
.png
images/Main/tabs/tab_stretch.png
.png
images/Main/upper_left.png
.png
images/Main/upper_right.png
.png
images/Main/upper_stretch.png
.png
images/Start Anim/1.png
.png
images/Start Anim/10.png
.png
images/Start Anim/11.png
.png
images/Start Anim/12.png
.png
images/Start Anim/13.png
.png
images/Start Anim/14.png
.png
images/Start Anim/15.png
.png
images/Start Anim/16.png
.png
images/Start Anim/17.png
.png
images/Start Anim/18.png
.png
images/Start Anim/19.png
.png
images/Start Anim/2.png
.png
images/Start Anim/20.png
.png
images/Start Anim/21.png
.png
images/Start Anim/22.png
.png
images/Start Anim/23.png
.png
images/Start Anim/24.png
.png
images/Start Anim/25.png
.png
images/Start Anim/3.png
.png
images/Start Anim/4.png
.png
images/Start Anim/5.png
.png
images/Start Anim/6.png
.png
images/Start Anim/7.png
.png
images/Start Anim/8.png
.png
images/Start Anim/9.png
.png
images/buttons and headers/button.png
.png
images/buttons and headers/button_bho_mgr.png
.png
images/buttons and headers/button_defrag.png
.png
images/buttons and headers/button_defrag_schedule.png
.png
images/buttons and headers/button_driver.png
.png
images/buttons and headers/button_duplicate.png
.png
images/buttons and headers/button_extmgr.png
.png
images/buttons and headers/button_generalsettings.png
.png
images/buttons and headers/button_icons.png
.png
images/buttons and headers/button_ignore.png
.png
images/buttons and headers/button_optimize.png
.png
images/buttons and headers/button_over.png
.png
images/buttons and headers/button_privacy.png
.png
images/buttons and headers/button_process_mgr.png
.png
images/buttons and headers/button_registry.png
.png
images/buttons and headers/button_restore.png
.png
images/buttons and headers/button_scansettings.png
.png
images/buttons and headers/button_schedule.png
.png
images/buttons and headers/button_startup_mgr.png
.png
images/buttons and headers/button_update.png
.png
images/buttons and headers/header_about.png
.png
images/buttons and headers/header_bho.png
.png
images/buttons and headers/header_clean.png
.png
images/buttons and headers/header_defrag.png
.png
images/buttons and headers/header_disk.png
.png
images/buttons and headers/header_driver.png
.png
images/buttons and headers/header_duplicate.png
.png
images/buttons and headers/header_extmgr.png
.png
images/buttons and headers/header_optimize.png
.png
images/buttons and headers/header_privacy.png
.png
images/buttons and headers/header_process.png
.png
images/buttons and headers/header_processes.png
.png
images/buttons and headers/header_registry.png
.png
images/buttons and headers/header_restore.png
.png
images/buttons and headers/header_settings.png
.png
images/buttons and headers/header_startup.png
.png
images/buttons and headers/header_summary.png
.png
images/buttons and headers/settings_defrag_schedule.png
.png
images/buttons and headers/settings_general.png
.png
images/buttons and headers/settings_icons.png
.png
images/buttons and headers/settings_ignore.png
.png
images/buttons and headers/settings_privacy.png
.png
images/buttons and headers/settings_registry.png
.png
images/buttons and headers/settings_scan.png
.png
images/buttons and headers/settings_schedule.png
.png
images/buttons and headers/settings_update.png
.png
images/buttons and headers/startbg.png
.png
images/buttons and headers/startbg_over.png
.png
images/buttons and headers/update_later.png
.png
images/buttons and headers/update_later_over.png
.png
images/buttons and headers/update_now.png
.png
images/buttons and headers/update_now_over.png
.png
images/buttons and headers/vdb.png
.png
images/defrag/c_empty.png
.png
images/defrag/c_frag.png
.png
images/defrag/c_unfrag.png
.png
images/defrag/c_unknown.png
.png
images/defrag/c_unmove.png
.png
images/detected_items.png
.png
images/email_logo.png
.png
images/general/close.png
.png
images/general/close_over.png
.png
images/general/collapse.png
.png
images/general/delete.png
.png
images/general/expand.png
.png
images/general/open.png
.png
images/general/progress_glow.png
.png
images/general/recycle.png
.png
images/general/x.png
.png
images/group/bho.png
.png
images/group/dup_audio.png
.png
images/group/dup_doc.png
.png
images/group/dup_image.png
.png
images/group/dup_other.png
.png
images/group/dup_video.png
.png
images/group/ig_drivers.png
.png
images/group/ig_proc.png
.png
images/group/ig_reg.png
.png
images/group/priv_3rd.png
.png
images/group/priv_browser.png
.png
images/group/priv_email.png
.png
images/group/priv_fs.png
.png
images/group/priv_im.png
.png
images/group/priv_multi.png
.png
images/group/priv_office.png
.png
images/group/priv_other.png
.png
images/group/priv_windows.png
.png
images/group/reg_apppath.png
.png
images/group/reg_com.png
.png
images/group/reg_dll.png
.png
images/group/reg_empty.png
.png
images/group/reg_extensions.png
.png
images/group/reg_filepath.png
.png
images/group/reg_font.png
.png
images/group/reg_help.png
.png
images/group/reg_shortcut.png
.png
images/group/reg_startup.png
.png
images/group/reg_uninstall.png
.png
images/group/startup.png
.png
images/home settings/button_outline.png
.png
images/home settings/no_1.png
.png
images/home settings/no_2.png
.png
images/home settings/no_3.png
.png
images/home settings/no_4.png
.png
images/home settings/no_5.png
.png
images/home settings/no_6.png
.png
images/info.jpg
.jpg
images/list/drivers/cd.png
.png
images/list/drivers/cpu.png
.png
images/list/drivers/disk.png
.png
images/list/drivers/display.png
.png
images/list/drivers/driver_outdated.png
.png
images/list/drivers/driver_uptodate.png
.png
images/list/drivers/floppy.png
.png
images/list/drivers/mouse_key.png
.png
images/list/drivers/other.png
.png
images/list/drivers/outdated.png
.png
images/list/drivers/power.png
.png
images/list/drivers/printer.png
.png
images/list/drivers/software.png
.png
images/list/drivers/system.png
.png
images/list/drivers/uptodate.png
.png
images/list/drivers/usb.png
.png
images/list/other.png
.png
images/list/process/bho.png
.png
images/list/process/process.png
.png
images/list/process/startup.png
.png
images/list/recommendations/rec_malware16.png
.png
images/list/recommendations/rec_malware24.png
.png
images/list/recommendations/rec_malware32.png
.png
images/list/recommendations/rec_system16.png
.png
images/list/recommendations/rec_system24.png
.png
images/list/recommendations/rec_system32.png
.png
images/list/recommendations/rec_unknown16.png
.png
images/list/recommendations/rec_unknown24.png
.png
images/list/recommendations/rec_unknown32.png
.png
images/list/recommendations/rec_unwanted16.png
.png
images/list/recommendations/rec_unwanted24.png
.png
images/list/recommendations/rec_unwanted32.png
.png
images/list/recommendations/rec_userapp16.png
.png
images/list/recommendations/rec_userapp24.png
.png
images/list/recommendations/rec_userapp32.png
.png
images/progress/add_check.png
.png
images/progress/add_error.png
.png
images/progress/add_unknown.png
.png
images/progress/scan.png
.png
images/progress/small_driver.png
.png
images/progress/small_md5.png
.png
images/progress/small_privacy.png
.png
images/progress/small_registry.png
.png
images/registration.png
.png
images/results page/drivers_green.png
.png
images/results page/drivers_red.png
.png
images/results page/drivers_yellow.png
.png
images/results page/malware_green.png
.png
images/results page/malware_red.png
.png
images/results page/privacy_green.png
.png
images/results page/privacy_red.png
.png
images/results page/processes_green.png
.png
images/results page/processes_red.png
.png
images/results page/registry_green.png
.png
images/results page/registry_red.png
.png
images/results page/startup_green.png
.png
images/results page/startup_red.png
.png
images/scanning/driver.png
.png
images/scanning/privacy.png
.png
images/scanning/process.png
.png
images/scanning/registry.png
.png
images/tab icons/nav-disk.png
.png
images/tab icons/nav-optimize.png
.png
images/tab icons/nav-scan.png
.png
images/tab icons/nav-settings.png
.png
images/tfn_email.png
.png
images/tfn_frame.png
.png
images/top nav icons/help_down.png
.png
images/top nav icons/help_normal.png
.png
images/top nav icons/help_over.png
.png
images/top nav icons/info_down.png
.png
images/top nav icons/info_normal.png
.png
images/top nav icons/info_over.png
.png
images/warning.jpg
.jpg
libeay32.dll
.dll windows:6 windows x86 arch:x86

120f0c5690e9bea95ce55d00d52c1be3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9b:93:34:d5:43:34:ac:bb:6c:ce:9f:7f:8e:14:79:7b:10:3a:5c:69
Signer

Actual PE Digest

9b:93:34:d5:43:34:ac:bb:6c:ce:9f:7f:8e:14:79:7b:10:3a:5c:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\coapp\openssl\COPKG\output\v120\Win32\Debug\dynamic\libeay32.pdb

Imports

ws2_32

sendto
recvfrom
WSACleanup
WSAStartup
getservbyname
gethostbyname
socket
setsockopt
ntohs
ntohl
listen
htons
htonl
getsockopt
ioctlsocket
connect
bind
accept
WSAGetLastError
WSASetLastError
shutdown
send
recv
closesocket

kernel32

IsProcessorFeaturePresent
RaiseException
LoadLibraryExW
EncodePointer
DecodePointer
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
GetModuleFileNameW
FindClose
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetFileType
GetLastError
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GetVersionExW
FreeLibrary
GlobalMemoryStatus
LoadLibraryW
SetLastError
LoadLibraryA
FlushConsoleInputBuffer
IsDebuggerPresent
GetSystemTimeAsFileTime

user32

GetDesktopWindow
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

gdi32

DeleteDC
DeleteObject
GetBitmapBits
CreateDCW
SelectObject
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
BitBlt

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW

msvcr120

_crt_debugger_hook
_CRT_RTC_INITW
_getch
__crtTerminateProcess
_except_handler4_common
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
__crtUnhandledException
memchr
_localtime64
_time64
memcpy
memset
strlen
_errno
strncpy
free
malloc
_gmtime64
_exit
memcmp
wcsstr
__iob_func
vfprintf
_vsnwprintf
raise
_stricmp
_strnicmp
realloc
strcpy
fclose
_fdopen
fopen
fread
fwrite
getenv
_chmod
_open
_stat64i32
strcmp
strchr
strncmp
sscanf
isupper
isspace
tolower
strcat
fprintf
strrchr
exit
strtoul
_lrotl
atoi
qsort
strtol
fputs
isdigit
memmove
feof
ferror
fflush
fgets
_fileno
fseek
ftell
_wfopen
_setmode
_close
_lseek
_read
_write
perror
_ftime64
isxdigit
printf
isalnum
sprintf
strstr
_lrotr
strerror
signal

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_bi_ige_encrypt
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ige_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
AES_unwrap_key
AES_wrap_key
ASN1_ANY_it
ASN1_BIT_STRING_check
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_adj
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PCTX_free
ASN1_PCTX_get_cert_flags
ASN1_PCTX_get_flags
ASN1_PCTX_get_nm_flags
ASN1_PCTX_get_oid_flags
ASN1_PCTX_get_str_flags
ASN1_PCTX_new
ASN1_PCTX_set_cert_flags
ASN1_PCTX_set_flags
ASN1_PCTX_set_nm_flags
ASN1_PCTX_set_oid_flags
ASN1_PCTX_set_str_flags
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_ANY_it
ASN1_SEQUENCE_it
ASN1_SET_ANY_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_copy
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_adj
ASN1_TIME_check
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_set_string
ASN1_TIME_to_generalizedtime
ASN1_TYPE_cmp
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_adj
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_bn_print
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_print
ASN1_item_sign
ASN1_item_sign_ctx
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_primitive_free
ASN1_primitive_new
ASN1_put_eoc
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2bit
ASN1_tag2str
ASN1_template_d2i
ASN1_template_free
ASN1_template_i2d
ASN1_template_new
ASN1_unpack_string
ASN1_verify
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_accept
BIO_asn1_get_prefix
BIO_asn1_get_suffix
BIO_asn1_set_prefix
BIO_asn1_set_suffix
BIO_callback_ctrl
BIO_clear_flags
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_asn1
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_f_zlib
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_indent
BIO_int_ctrl
BIO_method_name
BIO_method_type
BIO_new
BIO_new_CMS
BIO_new_NDEF
BIO_new_PKCS7
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_callback
BIO_set_callback_arg
BIO_set_cipher
BIO_set_ex_data
BIO_set_flags
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_test_flags
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_get_thread_id
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_new
BN_BLINDING_set_flags
BN_BLINDING_set_thread_id
BN_BLINDING_thread_id
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_X931_derive_prime_ex
BN_X931_generate_Xpq
BN_X931_generate_prime_ex
BN_add
BN_add_word
BN_asc2bn
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_consttime_swap
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BUF_MEM_free
BUF_MEM_grow

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcp120.dll
.dll windows:6 windows x86 arch:x86

6ccda270a497a2c5a36a7f385cc9910d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:c3:2d:23:fa:20:66:14:94:96:01:63:84:a7:09:d8:09:92:ca:3e
Signer

Actual PE Digest

1f:c3:2d:23:fa:20:66:14:94:96:01:63:84:a7:09:d8:09:92:ca:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcp120.i386.pdb

Imports

msvcr120

?what@exception@std@@UBEPBDXZ
_CxxThrowException
__CxxFrameHandler3
fclose
fflush
fgetc
fgetpos
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
memcpy_s
memset
_fsopen
fseek
_wfsopen
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?Alloc@Concurrency@@YAPAXI@Z
?Free@Concurrency@@YAXPAX@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPAX@Z0@Z
??0invalid_operation@Concurrency@@QAE@PBD@Z
??0critical_section@Concurrency@@QAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
?wait@event@Concurrency@@QAEII@Z
?set@event@Concurrency@@QAEXXZ
ldexp
sprintf_s
strcspn
wcslen
_Strftime
_Wcsftime
strcmp
setlocale
_malloc_crt
_realloc_crt
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
fgetwc
fputwc
ungetwc
__uncaught_exception
_errno
memcmp
_wcsdup
___lc_locale_name_func
___lc_collate_cp_func
__crtCompareStringA
__crtLCMapStringA
___lc_codepage_func
_ismbblead
remove
rename
_wremove
strcpy_s
wcscpy_s
_wgetcwd
_wchdir
_wmkdir
_wrmdir
??1bad_cast@std@@UAE@XZ
_getcwd
_chdir
_mkdir
_rmdir
__crtIsPackagedApp
__crtCreateSymbolicLinkW
__crtGetFileInformationByHandleEx
__crtSetFileInformationByHandle
_calloc_crt
??0_Condition_variable@details@Concurrency@@QAE@XZ
??1_Condition_variable@details@Concurrency@@QAE@XZ
?wait@_Condition_variable@details@Concurrency@@QAEXAAVcritical_section@3@@Z
?wait_for@_Condition_variable@details@Concurrency@@QAE_NAAVcritical_section@3@I@Z
?notify_one@_Condition_variable@details@Concurrency@@QAEXXZ
?notify_all@_Condition_variable@details@Concurrency@@QAEXXZ
__crtSleep
_beginthreadex
_endthreadex
?lock@critical_section@Concurrency@@QAEXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock_for@critical_section@Concurrency@@QAE_NI@Z
?unlock@critical_section@Concurrency@@QAEXXZ
?terminate@@YAXXZ
__crtFlsAlloc
__crtFlsFree
__crtFlsGetValue
__crtFlsSetValue
calloc
??0operation_timed_out@Concurrency@@QAE@XZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
??0bad_target@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
?Log2@details@Concurrency@@YAKI@Z
_lock
_unlock
__pctype_func
isupper
__crtGetLocaleInfoEx
islower
__crtLCMapStringW
isspace
tolower
memchr
sqrt
isdigit
isxdigit
isalnum
__crtCompareStringW
__dllonexit
_onexit
??1type_info@@UAE@XZ
__CppXcptFilter
_amsg_exit
_initterm
_initterm_e
_except_handler4_common
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__clean_type_info_names_internal
??0bad_cast@std@@QAE@ABV01@@Z
_W_Gettnames
_W_Getmonths
_W_Getdays
_Gettnames
_Getmonths
_Getdays
localeconv
??0bad_cast@std@@QAE@PBD@Z
??_V@YAXPAX@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
memmove
strlen
memcpy
malloc
free
___mb_cur_max_func
_purecall
rand_s
fputs
fputc
__iob_func
abort
log
__crtInitializeCriticalSectionEx
??3@YAXPAX@Z
??2@YAPAXI@Z
_wrename

kernel32

GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
GetStringTypeW
GetSystemTimeAsFileTime
GetExitCodeThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
WaitForSingleObject
DuplicateHandle
AreFileApisANSI
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QAE@ABV01@@Z
??0?$_Yarn@D@std@@QAE@PBD@Z
??0?$_Yarn@D@std@@QAE@XZ
??0?$_Yarn@_W@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Concurrent_queue_base_v4@details@Concurrency@@IAE@I@Z
??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAE@ABV_Concurrent_queue_base_v4@12@@Z
??0_Container_base12@std@@QAE@ABU01@@Z
??0_Container_base12@std@@QAE@XZ
??0_Facet_base@std@@QAE@ABV01@@Z
??0_Facet_base@std@@QAE@XZ
??0_Init_locks@std@@QAE@XZ
??0_Locimp@locale@std@@AAE@ABV012@@Z
??0_Locimp@locale@std@@AAE@_N@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0_Lockit@std@@QAE@XZ
??0_Pad@std@@QAE@ABV01@@Z
??0_Pad@std@@QAE@XZ
??0_Runtime_object@details@Concurrency@@QAE@H@Z
??0_Runtime_object@details@Concurrency@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_UShinit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0agent@Concurrency@@QAE@AAVScheduleGroup@1@@Z
??0agent@Concurrency@@QAE@AAVScheduler@1@@Z
??0agent@Concurrency@@QAE@XZ
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0facet@locale@std@@IAE@I@Z
??0id@locale@std@@QAE@I@Z
??0ios_base@std@@IAE@XZ
??0time_base@std@@QAE@I@Z
??1?$_Yarn@D@std@@QAE@XZ
??1?$_Yarn@_W@std@@QAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$codecvt@DDH@std@@MAE@XZ
??1?$codecvt@GDH@std@@MAE@XZ
??1?$codecvt@_WDH@std@@MAE@XZ
??1?$ctype@D@std@@MAE@XZ
??1?$ctype@G@std@@MAE@XZ
??1?$ctype@_W@std@@MAE@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Concurrent_queue_base_v4@details@Concurrency@@MAE@XZ
??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAE@XZ
??1_Concurrent_vector_base_v4@details@Concurrency@@IAE@XZ
??1_Container_base12@std@@QAE@XZ
??1_Facet_base@std@@UAE@XZ
??1_Init_locks@std@@QAE@XZ
??1_Locimp@locale@std@@MAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Pad@std@@QAE@XZ
??1_Timevec@std@@QAE@XZ
??1_UShinit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1agent@Concurrency@@UAE@XZ
??1codecvt_base@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??1facet@locale@std@@MAE@XZ
??1ios_base@std@@UAE@XZ
??1time_base@std@@UAE@XZ
??4?$_Iosb@H@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??4?$_Yarn@_W@std@@QAEAAV01@PB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEAAV01@ABV01@@Z
??4Init@ios_base@std@@QAEAAV012@ABV012@@Z
??4_Container_base0@std@@QAEAAU01@ABU01@@Z
??4_Container_base12@std@@QAEAAU01@ABU01@@Z
??4_Facet_base@std@@QAEAAV01@ABV01@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??4_Pad@std@@QAEAAV01@ABV01@@Z
??4_Timevec@std@@QAEAAV01@ABV01@@Z
??4_UShinit@std@@QAEAAV01@ABV01@@Z
??4_Winit@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??7ios_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??Bios_base@std@@QBE_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDH@std@@6B@
??_7?$codecvt@GDH@std@@6B@
??_7?$codecvt@_WDH@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7_Pad@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_F?$codecvt@DDH@std@@QAEXXZ
??_F?$codecvt@GDH@std@@QAEXXZ
??_F?$codecvt@_WDH@std@@QAEXXZ
??_F?$ctype@D@std@@QAEXXZ
??_F?$ctype@G@std@@QAEXXZ
??_F?$ctype@_W@std@@QAEXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F_Locinfo@std@@QAEXXZ
??_F_Timevec@std@@QAEXXZ
??_Fcodecvt_base@std@@QAEXXZ
??_Fctype_base@std@@QAEXXZ
??_Ffacet@locale@std@@QAEXXZ
??_Fid@locale@std@@QAEXXZ
??_Ftime_base@std@@QAEXXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?NFS_Allocate@details@Concurrency@@YAPAXIIPAX@Z
?NFS_Free@details@Concurrency@@YAXPAX@Z
?NFS_GetLineSize@details@Concurrency@@YAIXZ
?_10@placeholders@std@@3V?$_Ph@$09@2@A
?_11@placeholders@std@@3V?$_Ph@$0L@@2@A
?_12@placeholders@std@@3V?$_Ph@$0M@@2@A
?_13@placeholders@std@@3V?$_Ph@$0N@@2@A
?_14@placeholders@std@@3V?$_Ph@$0O@@2@A
?_15@placeholders@std@@3V?$_Ph@$0P@@2@A
?_16@placeholders@std@@3V?$_Ph@$0BA@@2@A
?_17@placeholders@std@@3V?$_Ph@$0BB@@2@A
?_18@placeholders@std@@3V?$_Ph@$0BC@@2@A
?_19@placeholders@std@@3V?$_Ph@$0BD@@2@A
?_1@placeholders@std@@3V?$_Ph@$00@2@A
?_20@placeholders@std@@3V?$_Ph@$0BE@@2@A
?_2@placeholders@std@@3V?$_Ph@$01@2@A
?_3@placeholders@std@@3V?$_Ph@$02@2@A
?_4@placeholders@std@@3V?$_Ph@$03@2@A
?_5@placeholders@std@@3V?$_Ph@$04@2@A
?_6@placeholders@std@@3V?$_Ph@$05@2@A
?_7@placeholders@std@@3V?$_Ph@$06@2@A
?_8@placeholders@std@@3V?$_Ph@$07@2@A
?_9@placeholders@std@@3V?$_Ph@$08@2@A
?_Addcats@_Locinfo@std@@QAEAAV12@HPBD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Addstd@ios_base@std@@SAXPAV12@@Z
?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAEXXZ
?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAEXABV123@@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_Byte_reverse_table@details@Concurrency@@3QBEB
?_C_str@?$_Yarn@D@std@@QBEPBDXZ
?_C_str@?$_Yarn@_W@std@@QBEPB_WXZ
?_Callfns@ios_base@std@@AAEXW4event@12@@Z
?_Clocptr@_Locimp@locale@std@@0PAV123@A
?_Close_dir@sys@tr2@std@@YAXPAX@Z
?_Copy_file@sys@tr2@std@@YAHPBD0_N@Z
?_Copy_file@sys@tr2@std@@YAHPB_W0_N@Z
?_Current_get@sys@tr2@std@@YAPADAAY0BAE@D@Z
?_Current_get@sys@tr2@std@@YAPA_WAAY0BAE@_W@Z
?_Current_set@sys@tr2@std@@YA_NPBD@Z
?_Current_set@sys@tr2@std@@YA_NPB_W@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IBEDGD@Z
?_Donarrow@?$ctype@_W@std@@IBED_WD@Z
?_Dowiden@?$ctype@G@std@@IBEGD@Z
?_Dowiden@?$ctype@_W@std@@IBE_WD@Z
?_Empty@?$_Yarn@D@std@@QBE_NXZ
?_Empty@?$_Yarn@_W@std@@QBE_NXZ
?_Equivalent@sys@tr2@std@@YAHPBD0@Z
?_Equivalent@sys@tr2@std@@YAHPB_W0@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADDH@Z
?_File_size@sys@tr2@std@@YA_KPBD@Z
?_File_size@sys@tr2@std@@YA_KPB_W@Z
?_Findarr@ios_base@std@@AAEAAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBDIIII@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AAVios_base@2@GPBDIIII@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBDIIII@Z
?_Future_error_map@std@@YAPBDH@Z
?_GetCombinableSize@details@Concurrency@@YAIXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@GDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@facet@locale@std@@SAIPAPBV123@PBV23@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QBEHXZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HABVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HABVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HABVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAAHABV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAAHABV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAAHABV?$ctype@_W@2@@Z

Sections

.text
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcr120.dll
.dll windows:6 windows x86 arch:x86

aa8d086deb6960b10f8791df466a5610

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

94:cb:0b:cd:01:36:a3:3e:92:43:c6:b9:7e:b9:19:33:d1:73:5c:a8
Signer

Actual PE Digest

94:cb:0b:cd:01:36:a3:3e:92:43:c6:b9:7e:b9:19:33:d1:73:5c:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr120.i386.pdb

Imports

kernel32

EncodePointer
DecodePointer
RaiseException
GetLastError
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCommandLineW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameA
SetLastError
GetCurrentThread
GetModuleFileNameW
IsProcessorFeaturePresent
GetStdHandle
WriteFile
FindClose
FindFirstFileExA
FindNextFileA
FindFirstFileExW
FindNextFileW
CloseHandle
CreateThread
ExitThread
ResumeThread
LoadLibraryExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
Beep
Sleep
GetFullPathNameA
GetCurrentProcessId
GetFileAttributesExW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileExW
RemoveDirectoryW
GetDriveTypeW
DeleteFileW
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
FreeLibrary
LoadLibraryExA
CreateProcessW
ReadFile
GetTempPathA
GetTempPathW
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
SetLocalTime
InterlockedPopEntrySList
InterlockedFlushSList
QueryDepthSList
InterlockedPushEntrySList
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
UnregisterWait
TlsGetValue
SignalObjectAndWait
TlsSetValue
SetThreadPriority
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
GetLogicalProcessorInformation
RtlCaptureStackBackTrace
GetThreadPriority
GetProcessAffinityMask
SetThreadAffinityMask
TlsAlloc
DeleteTimerQueueTimer
TlsFree
SwitchToThread
TryEnterCriticalSection
SetProcessAffinityMask
VirtualFree
GetVersionExW
VirtualAlloc
VirtualProtect
InitializeSListHead
ReleaseSemaphore
UnregisterWaitEx
LoadLibraryW
OutputDebugStringW
FreeLibraryAndExitThread
GetModuleHandleA
GetThreadTimes
CreateEventW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapSize
HeapQueryInformation
HeapValidate
HeapCompact
HeapWalk
GetSystemInfo
VirtualQuery
GetFileType
GetStartupInfoW
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
CreateFileW
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
FlushFileBuffers
CreatePipe
SetStdHandle
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
ReadConsoleInputW
WriteConsoleW
SetEndOfFile
LockFileEx
UnlockFileEx
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetTickCount
CreateSemaphoreW
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringA

Exports

Exports

$I10_OUTPUT
??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QAA@IZZ
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z
??0SchedulerPolicy@Concurrency@@QAE@XZ
??0_Cancellation_beacon@details@Concurrency@@QAE@XZ
??0_Condition_variable@details@Concurrency@@QAE@XZ
??0_Context@details@Concurrency@@QAE@PAVContext@2@@Z
??0_Interruption_exception@details@Concurrency@@QAE@PBD@Z
??0_Interruption_exception@details@Concurrency@@QAE@XZ
??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_ReaderWriterLock@details@Concurrency@@QAE@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_ReentrantLock@details@Concurrency@@QAE@XZ
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scheduler@details@Concurrency@@QAE@PAVScheduler@2@@Z
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
??0_StructuredTaskCollection@details@Concurrency@@QAE@PAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QAE@PAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QAE@XZ
??0_Timer@details@Concurrency@@IAE@I_N@Z
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_cast@std@@AAE@PBQBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@XZ
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@XZ
??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z
??0context_unblock_unbalanced@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
??0default_scheduler_exists@Concurrency@@QAE@PBD@Z
??0default_scheduler_exists@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??0improper_lock@Concurrency@@QAE@PBD@Z
??0improper_lock@Concurrency@@QAE@XZ
??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_attach@Concurrency@@QAE@XZ
??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_detach@Concurrency@@QAE@XZ
??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z
??0improper_scheduler_reference@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0invalid_link_target@Concurrency@@QAE@XZ
??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z
??0invalid_multiple_scheduling@Concurrency@@QAE@XZ
??0invalid_operation@Concurrency@@QAE@PBD@Z
??0invalid_operation@Concurrency@@QAE@XZ
??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
??0missing_wait@Concurrency@@QAE@PBD@Z
??0missing_wait@Concurrency@@QAE@XZ
??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ
??0operation_timed_out@Concurrency@@QAE@PBD@Z
??0operation_timed_out@Concurrency@@QAE@XZ
??0reader_writer_lock@Concurrency@@QAE@XZ
??0scheduler_not_attached@Concurrency@@QAE@PBD@Z
??0scheduler_not_attached@Concurrency@@QAE@XZ
??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z
??0scheduler_worker_creation_error@Concurrency@@QAE@J@Z
??0scheduler_worker_creation_error@Concurrency@@QAE@PBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0task_canceled@Concurrency@@QAE@PBD@Z
??0task_canceled@Concurrency@@QAE@XZ
??0unsupported_os@Concurrency@@QAE@PBD@Z
??0unsupported_os@Concurrency@@QAE@XZ
??1SchedulerPolicy@Concurrency@@QAE@XZ
??1_Cancellation_beacon@details@Concurrency@@QAE@XZ
??1_Condition_variable@details@Concurrency@@QAE@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??1_StructuredTaskCollection@details@Concurrency@@QAE@XZ
??1_TaskCollection@details@Concurrency@@QAE@XZ
??1_Timer@details@Concurrency@@MAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
??1exception@std@@UAE@XZ
??1reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??3@YAXPAXHPBDH@Z
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z
??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@std@@6B@
??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ
??_F_Context@details@Concurrency@@QAEXXZ
??_F_Scheduler@details@Concurrency@@QAEXXZ
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
??_V@YAXPAXHPBDH@Z
?Alloc@Concurrency@@YAPAXI@Z
?Block@Context@Concurrency@@SAXXZ
?CaptureCallstack@platform@details@Concurrency@@YAIPAPAXII@Z
?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@AAVlocation@2@@Z
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPAX@Z
?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsAvailableLocation@CurrentScheduler@Concurrency@@SA_NABVlocation@2@@Z
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?Log2@details@Concurrency@@YAKI@Z
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0AAVlocation@2@@Z
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QAE_NXZ
?_Copy_str@exception@std@@AAEXPBD@Z
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
?_Current_node@location@Concurrency@@SA?AV12@XZ
?_Destroy@_AsyncTaskCollection@details@Concurrency@@EAEXXZ
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ
?_GetConcRTTraceInfo@Concurrency@@YAPBU_CONCRT_TRACE_INFO@details@1@XZ
?_GetConcurrency@details@Concurrency@@YAIXZ
?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAAIXZ
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?_GetScheduler@_Scheduler@details@Concurrency@@QAEPAVScheduler@3@XZ
?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QBE_NXZ
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPAV123@PAV_CancellationTokenState@23@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ
?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z
?_Reference@_Scheduler@details@Concurrency@@QAEIXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_Scheduler@details@Concurrency@@QAEIXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@PAVlocation@3@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@PAVlocation@3@@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPAX@Z0@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z
?_SetUnobservedExceptionHandler@details@Concurrency@@YAXP6AXXZ@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IAEXXZ
?_Stop@_Timer@details@Concurrency@@IAEXXZ
?_Tidy@exception@std@@AAEXXZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrSwap@@YAXPAX0@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBE_NABV1@@Z
?current@location@Concurrency@@SA?AV12@XZ
?from_numa_node@location@Concurrency@@SA?AV12@G@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ
?lock@critical_section@Concurrency@@QAEXXZ
?lock@reader_writer_lock@Concurrency@@QAEXXZ
?lock_read@reader_writer_lock@Concurrency@@QAEXXZ
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?native_handle@critical_section@Concurrency@@QAEAAV12@XZ
?notify_all@_Condition_variable@details@Concurrency@@QAEXXZ
?notify_one@_Condition_variable@details@Concurrency@@QAEXXZ
?raw_name@type_info@@QBEPBDXZ
?reset@event@Concurrency@@QAEXXZ
?set@event@Concurrency@@QAEXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_task_execution_resources@Concurrency@@YAXGPAU_GROUP_AFFINITY@@@Z
?set_task_execution_resources@Concurrency@@YAXK@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ
?try_lock_for@critical_section@Concurrency@@QAE_NI@Z
?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ
?unexpected@@YAXXZ
?unlock@critical_section@Concurrency@@QAEXXZ
?unlock@reader_writer_lock@Concurrency@@QAEXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?wait@Concurrency@@YAXI@Z
?wait@_Condition_variable@details@Concurrency@@QAEXAAVcritical_section@3@@Z
?wait@event@Concurrency@@QAEII@Z
?wait_for@_Condition_variable@details@Concurrency@@QAE_NAAVcritical_section@3@I@Z
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_Cbuild
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FCbuild
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_LCbuild
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringEx
__crtCompareStringW
__crtCreateEventExW
__crtCreateSemaphoreExW
__crtCreateSymbolicLinkW
__crtEnumSystemLocalesEx
__crtFlsAlloc
__crtFlsFree
__crtFlsGetValue
__crtFlsSetValue
__crtGetDateFormatEx
__crtGetFileInformationByHandleEx
__crtGetLocaleInfoEx
__crtGetShowWindowMode
__crtGetTickCount64
__crtGetTimeFormatEx
__crtGetUserDefaultLocaleName
__crtInitializeCriticalSectionEx
__crtIsPackagedApp
__crtIsValidLocaleName
__crtLCMapStringA
__crtLCMapStringEx
__crtLCMapStringW
__crtSetFileInformationByHandle
__crtSetThreadStackGuarantee
__crtSetUnhandledExceptionFilter
__crtSleep
__crtTerminateProcess
__crtUnhandledException
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__setlc_active

Sections

.text
Size: 880KB - Virtual size: 880KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
noapp.exe
.exe windows:5 windows x86 arch:x86

96be2f989e54fcccc1b123c414812f4b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c7:31:a6:66:c4:63:ec:fa:42:4c:8b:56:e1:59:ba:2a:f7:43:d9:d2
Signer

Actual PE Digest

c7:31:a6:66:c4:63:ec:fa:42:4c:8b:56:e1:59:ba:2a:f7:43:d9:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\dev\PCHA_trunk\source\common\UnknownExtensionHook\Release\FileCure_noapp.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathAppendW
PathFindExtensionW
PathUnquoteSpacesW
PathStripPathW

kernel32

GetStringTypeW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
OutputDebugStringW
GetCPInfo
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetModuleFileNameW
MultiByteToWideChar
SizeofResource
LockResource
GetEnvironmentStringsW
LoadResource
FindResourceW
GetLongPathNameW
GetProcAddress
GetModuleHandleW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
MulDiv
FormatMessageW
CopyFileW
SetLastError
GetCurrentThread
GetCurrentThreadId
GetVersionExW
FreeLibrary
LoadLibraryExW
GlobalDeleteAtom
lstrcmpA
lstrcmpW
WideCharToMultiByte
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
OutputDebugStringA
FreeResource
QueryPerformanceCounter
GetStartupInfoW
GetStdHandle
GetSystemTimeAsFileTime
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
ExitThread
CreateThread
GetFileType
SetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleExW
ExitProcess
RtlUnwind
GetCommandLineW
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
Sleep
GetTempPathW
GetModuleHandleA
LoadLibraryW
CloseHandle
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
GetWindowsDirectoryW
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
lstrcmpiW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
FileTimeToSystemTime
GlobalGetAtomNameW
DeleteFileW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFindAtomW
LoadLibraryA
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetCurrentProcessId
GlobalAddAtomW
ResumeThread
SetThreadPriority
WaitForSingleObject

user32

MapDialogRect
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongW
SetCursorPos
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
ToUnicodeEx
LockWindowUpdate
SetRect
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
PostThreadMessageW
IsZoomed
GetComboBoxInfo
TrackMouseEvent
MonitorFromPoint
UpdateLayeredWindow
IsMenu
SetWindowRgn
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
SetParent
GetSystemMenu
UnionRect
GetKeyNameTextW
MapVirtualKeyW
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
MessageBeep
GetIconInfo
DrawIconEx
IsRectEmpty
DrawFocusRect
GetNextDlgGroupItem
GetMenuDefaultItem
ReuseDDElParam
UnpackDDElParam
LoadImageW
OffsetRect
SetRectEmpty
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
IntersectRect
DestroyIcon
InflateRect
GetMenuItemInfoW
DestroyMenu
CharUpperW
InvalidateRect
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
SystemParametersInfoW
CopyImage
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
LoadCursorW
GetSysColorBrush
FillRect
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
SendDlgItemMessageA
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
EnableWindow
LoadIconW
SendMessageW
IsIconic
GetSystemMetrics
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetClientRect
DrawIcon
UnregisterClassW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
PostMessageW
PostQuitMessage
UnhookWindowsHookEx
IsWindow
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongW
GetDesktopWindow
GetParent
LoadMenuW
GetWindowRect
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
ShowOwnedPopups
SetCursor
MessageBoxW
GetWindowThreadProcessId
GetLastActivePopup
GetKeyboardState

gdi32

SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
CreateCompatibleBitmap
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
ExtSelectClipRgn
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
SetBkColor
CreateBitmap
GetDeviceCaps
CreateDCW
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
EnumFontFamiliesW
CopyMetaFileW
GetStockObject
CreateCompatibleDC
BitBlt
GetObjectW
SetTextColor

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegQueryValueExW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

shell32

ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHBrowseForFolderW
SHAppBarMessage

comctl32

InitCommonControlsEx

uxtheme

GetWindowTheme
GetThemeSysColor
IsAppThemed
GetThemePartSize
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeColor
GetCurrentThemeName

ole32

OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoDisconnectObject
CoInitialize
CoCreateGuid
CoUninitialize
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
CoCreateInstance
IsAccelerator

oleaut32

SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
VarBstrFromDate
SysFreeString
SysAllocString

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
privacy.db
settings.xml
sqlite3.dll
.dll windows:4 windows x86 arch:x86

cd4a5c39f36662a6a2f5167f71af9796

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

de:e8:0c:bc:db:7e:c7:65:2f:74:f7:63:f7:f6:90:b1:79:89:14:04
Signer

Actual PE Digest

de:e8:0c:bc:db:7e:c7:65:2f:74:f7:63:f7:f6:90:b1:79:89:14:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetVersionExA
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
LockFile
LockFileEx
MultiByteToWideChar
ReadFile
SetEndOfFile
SetFilePointer
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
UnlockFile
WideCharToMultiByte
WriteFile

msvcrt

_iob
atof
atoi
free
isalnum
isdigit
isspace
isxdigit
localtime
malloc
memcpy
memset
realloc
sprintf
strcat
strcmp
strcpy
strncmp
strncpy
tolower
toupper

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_function
sqlite3_create_function16
sqlite3_data_count
sqlite3_db_handle
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_mprintf
sqlite3_open
sqlite3_open16
sqlite3_prepare
sqlite3_prepare16
sqlite3_progress_handler
sqlite3_reset
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_snprintf
sqlite3_step
sqlite3_thread_cleanup
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vmprintf

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 448B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssleay32.dll
.dll windows:6 windows x86 arch:x86

8adee78a0aba44a5e8fe574f02b8d625

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:84:6e:ed:d0:fd:3b:91:d6:5e:3f:f9:08:b8:0b:ab
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-12-2017 00:00

Not After

06-12-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA,1.2.840.113549.1.9.1=#0c17697467726f75704070617265746f6c6f6769632e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

94:a7:b3:9f:a2:d3:73:14:01:88:ab:3a:11:20:91:4f:91:95:8d:7f
Signer

Actual PE Digest

94:a7:b3:9f:a2:d3:73:14:01:88:ab:3a:11:20:91:4f:91:95:8d:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\coapp\openssl\COPKG\output\v120\Win32\Debug\dynamic\ssleay32.pdb

Imports

libeay32

ord3874
ord2630
ord2821
ord2712
ord2925
ord2589
ord3883
ord3109
ord269
ord2936
ord2915
ord961
ord256
ord323
ord333
ord167
ord170
ord1654
ord1653
ord1655
ord2411
ord905
ord909
ord910
ord914
ord903
ord1041
ord1027
ord1025
ord1004
ord1007
ord1005
ord187
ord176
ord3866
ord3826
ord53
ord87
ord85
ord67
ord65
ord74
ord98
ord58
ord497
ord206
ord892
ord890
ord897
ord2257
ord248
ord364
ord4331
ord4513
ord316
ord1010
ord285
ord281
ord629
ord626
ord628
ord630
ord3437
ord3527
ord3378
ord3610
ord3414
ord3495
ord3399
ord3559
ord575
ord541
ord577
ord641
ord654
ord636
ord2051
ord464
ord2206
ord3124
ord2478
ord3513
ord716
ord822
ord718
ord824
ord8
ord7
ord3700
ord32
ord3623
ord37
ord35
ord754
ord857
ord703
ord1091
ord151
ord123
ord125
ord118
ord120
ord129
ord128
ord165
ord4572
ord4580
ord4576
ord4570
ord4578
ord4582
ord4573
ord4577
ord4581
ord4575
ord4584
ord93
ord88
ord2426
ord86
ord680
ord1101
ord313
ord3724
ord3314
ord3315
ord3312
ord3313
ord299
ord304
ord329
ord325
ord959
ord2927
ord4601
ord3155
ord2996
ord4615
ord4637
ord4656
ord3795
ord3807
ord3914
ord292
ord293
ord169
ord168
ord3239
ord222
ord2201
ord3823
ord3857
ord3783
ord623
ord622
ord679
ord3365
ord3767
ord3766
ord3460
ord3891
ord3454
ord3394
ord3754
ord246
ord3846
ord2252
ord91
ord955
ord3489
ord907
ord904
ord111
ord110
ord486
ord493
ord484
ord495
ord498
ord4540
ord205
ord202
ord203
ord201
ord216
ord363
ord3165
ord268
ord289
ord290
ord282
ord4119
ord4430
ord4233
ord4125
ord4262
ord4164
ord1071
ord4488
ord2877
ord3570
ord3711
ord2924
ord2929
ord3178
ord2578
ord3663
ord3422
ord3575
ord3512
ord3608
ord3459
ord3480
ord3682
ord3550
ord3719
ord3644
ord763
ord635
ord572
ord4046
ord481
ord3528
ord3695
ord3729
ord3418
ord1202
ord4144
ord4372
ord3782
ord2400
ord4174
ord3899
ord3067
ord266
ord264
ord2747
ord2784
ord2572
ord964
ord965
ord3925
ord3922
ord2702
ord2898
ord3657
ord3396
ord911
ord2292
ord2760
ord1100
ord1023
ord2524
ord3505
ord3595
ord657
ord401
ord1081
ord891
ord887
ord889
ord4045
ord2475
ord368
ord370
ord367
ord369
ord4114
ord3841
ord2894
ord956
ord750
ord3205
ord279
ord283
ord748
ord280
ord774
ord751
ord2181
ord1959
ord400
ord399
ord3758
ord3704
ord1671
ord189
ord1147
ord314
ord315
ord4383
ord4320
ord901
ord490
ord225
ord247
ord1144
ord1145
ord276
ord274
ord866
ord912
ord219
ord4474
ord4369
ord4245
ord1070
ord3010
ord3666
ord267
ord503
ord1012
ord3631
ord3479
ord3664
ord3737
ord3633
ord3675
ord341
ord1011
ord3888
ord3836
ord3873
ord3816
ord3837
ord95
ord52
ord66
ord78
ord1097
ord1096
ord3245
ord181
ord188
ord3879
ord3896
ord3844
ord252
ord109
ord89
ord3906
ord3647
ord3244

kernel32

DisableThreadLibraryCalls
RaiseException
GetProcAddress
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
IsProcessorFeaturePresent
EncodePointer
DecodePointer
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetLastError
SetLastError
IsDebuggerPresent

msvcr120

_amsg_exit
free
_malloc_crt
_initterm
_initterm_e
_except_handler4_common
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_CRT_RTC_INITW
strncpy
_ftime64
strchr
abort
_errno
fprintf
__iob_func
strncmp
strcpy
memcmp
_time64
strlen
memmove
memset
memcpy
__CppXcptFilter

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
PEM_read_SSL_SESSION
PEM_read_bio_SSL_SESSION
PEM_write_SSL_SESSION
PEM_write_bio_SSL_SESSION
SRP_Calc_A_param
SRP_generate_client_master_secret
SRP_generate_server_master_secret
SSL_CIPHER_description
SSL_CIPHER_get_bits
SSL_CIPHER_get_id
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_CTX_SRP_CTX_free
SSL_CTX_SRP_CTX_init
SSL_CTX_add_client_CA
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_info_callback
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set1_param
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_psk_client_callback
SSL_CTX_set_psk_server_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_srp_cb_arg
SSL_CTX_set_srp_client_pwd_callback
SSL_CTX_set_srp_password
SSL_CTX_set_srp_strength
SSL_CTX_set_srp_username
SSL_CTX_set_srp_username_callback
SSL_CTX_set_srp_verify_param_callback
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tlsext_use_srtp
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_CTX_use_psk_identity_hint
SSL_SESSION_free
SSL_SESSION_get0_peer
SSL_SESSION_get_compress_id
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set1_id_context
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_SRP_CTX_free
SSL_SRP_CTX_init
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_cache_hit
SSL_callback_ctrl
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_export_keying_material
SSL_free
SSL_get0_next_proto_negotiated
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_psk_identity
SSL_get_psk_identity_hint
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_selected_srtp_profile
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shutdown
SSL_get_srp_N
SSL_get_srp_g
SSL_get_srp_userinfo
SSL_get_srp_username
SSL_get_srtp_profiles
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_abbreviated
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_select_next_proto
SSL_set1_param
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_bio
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_debug
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_psk_client_callback
SSL_set_psk_server_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_session_secret_cb
SSL_set_session_ticket_ext
SSL_set_session_ticket_ext_cb
SSL_set_shutdown
SSL_set_srp_server_param
SSL_set_srp_server_param_pw
SSL_set_ssl_method
SSL_set_state
SSL_set_tlsext_use_srtp
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_srp_server_param_with_username
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_use_psk_identity_hint
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_1_client_method
TLSv1_1_method
TLSv1_1_server_method
TLSv1_2_client_method
TLSv1_2_method
TLSv1_2_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION
ssl2_ciphers
ssl3_ciphers

Sections

.text
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:80:ec:46:86:9b:dc:47:56:2d:21:d0:41:e4:2b:cd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14-03-2017 00:00

Not After

27-03-2018 12:00

Subject

CN=Paretologic Inc,O=Paretologic Inc,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

22:33:3b:bc:82:7b:36:30:06:e8:02:fc:4f:a2:62:14:d6:58:0a:cb
Signer

Actual PE Digest

22:33:3b:bc:82:7b:36:30:06:e8:02:fc:4f:a2:62:14:d6:58:0a:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

e26d7460d0c04056b9226a899477ba4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
CloseHandle
OpenProcess
LoadLibraryW
GetProcAddress
GetVersionExW
GlobalFree
lstrcpyW
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
DisableThreadLibraryCalls
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLastError
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers

Exports

Exports

FindProc

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
whitelist.dat
Virussign.2024.06.08/virussign.com_2eda6044539c62f8b36b5bb0f6f6b6d6.vir
.dll windows:4 windows x64 arch:x64

dae02f32a21e03ce65412f6e56942daa

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:90:ff:ca:c3:dc:6b:0d:5c:fe:16:f2:34:b6:46:82
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

09-05-2024 00:00

Not After

11-06-2027 23:59

Subject

CN=René Gillmeister,O=René Gillmeister,ST=Niedersachsen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:70:6d:0c:15:e8:54:44:7a:35:79:b2:72:a8:0c:ad:5b:c7:8d:ae:5e:7b:f9:a7:35:63:5b:02:c8:44:a3:16
Signer

Actual PE Digest

33:70:6d:0c:15:e8:54:44:7a:35:79:b2:72:a8:0c:ad:5b:c7:8d:ae:5e:7b:f9:a7:35:63:5b:02:c8:44:a3:16

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_2f36193b4d18ebf2e14c19c67093be7c.vir
.exe windows:5 windows x86 arch:x86

ab2499e0e72dfad09db9c131cd20670f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
RegisterTypeLib
LoadTypeLib
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
GetUserNameW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
WaitForInputIdle
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongW
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageTimeoutW
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
ReplyMessage
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OffsetRect
OemToCharBuffA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyIcon
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AppendMenuW
CharToOemBuffA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCurrentDirectoryW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcpyW
lstrcmpW
WriteProfileStringW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
TransactNamedPipe
TerminateProcess
SwitchToThread
SizeofResource
SignalObjectAndWait
SetThreadLocale
SetNamedPipeHandleState
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
SetCurrentDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReleaseMutex
ReadFile
QueryPerformanceCounter
OpenProcess
OpenMutexW
MultiByteToWideChar
MulDiv
MoveFileExW
MoveFileW
LockResource
LocalFree
LocalFileTimeToFileTime
LoadResource
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
IsDBCSLeadByte
IsBadWritePtr
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetTickCount
GetThreadLocale
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetShortPathNameW
GetProfileStringW
GetProcAddress
GetPrivateProfileStringW
GetOverlappedResult
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetComputerNameW
GetCommandLineW
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FlushFileBuffers
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
EnumCalendarInfoW
EnterCriticalSection
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreateNamedPipeW
CreateMutexW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CompareFileTime
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetTextAlign
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
RemoveFontResourceW
Rectangle
RectVisible
RealizePalette
Polyline
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LineDDA
IntersectClipRect
GetWindowOrgEx
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
Chord
BitBlt
Arc
AddFontResourceW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetOpenEnumW
WNetGetUniversalNameW
WNetGetConnectionW
WNetEnumResourceW
WNetCloseEnum

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoInitialize
IsEqualGUID
CoDisconnectObject

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

shell32

ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
ExtractIconW
SHGetPathFromIDListW
SHGetMalloc
SHChangeNotify
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 639KB - Virtual size: 639KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_31c1fdfce96b9ec5c29768075d467cb0.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_321d30564704def18f15cb817d3c8b98.vir
.exe windows:4 windows x86 arch:x86

5318cd03ef5b5da86800f1483484cfd0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

kernel32

lstrcpyA
GetCommandLineA
SetErrorMode
lstrlenA
MulDiv
GetTempFileNameA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
FormatMessageA
lstrcatA
GetLastError
_lwrite
_llseek
GlobalUnlock
_lopen
GlobalAlloc
GlobalFree
_lclose
_lcreat
LoadLibraryA
GetProcAddress
FreeLibrary
OpenFile
GetVersionExA
GetCurrentProcess
WinExec
ExitProcess
_lread
LocalFree
GetTempPathA
GlobalLock

user32

GetDC
BeginPaint
EndPaint
InvalidateRect
PostQuitMessage
SendMessageA
DefWindowProcA
GetClientRect
CreateWindowExA
DrawTextA
ReleaseDC
SetWindowPos
ShowWindow
UpdateWindow
SetTimer
LoadIconA
wsprintfA
MessageBoxA
ExitWindowsEx
RegisterClassA
LoadCursorA

gdi32

DeleteObject
GetStockObject
GetDeviceCaps
PatBlt
CreateSolidBrush
TextOutA
SetTextColor
SetBkMode
SelectObject
StretchDIBits
CreateFontA
RealizePalette
SelectPalette
CreatePalette

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

Exports

Exports

_MainWndProc@16
_StubFileWrite@12

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_326363781971d0b7d661b57704c88578.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_32dfd38036d85d1b0de44e1c6b61cdff.vir
.exe windows:4 windows x86 arch:x86

b5b28c2ead798b2af62caf6d80a0098c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutRestart

ws2_32

htons
recvfrom
ioctlsocket
WSAAsyncSelect
recv
closesocket
accept
ntohs
send
select
inet_ntoa
WSAStartup
ntohl
WSACleanup
getpeername

rasapi32

RasHangUpA
RasGetConnectStatusA

kernel32

GetCurrentProcess
TerminateProcess
MultiByteToWideChar
SetLastError
GetFileSize
GetVersion
WideCharToMultiByte
FileTimeToSystemTime
TerminateThread
LocalFree
SuspendThread
InterlockedIncrement
InterlockedDecrement
FileTimeToLocalFileTime
lstrcpynA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
lstrcmpiA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetFilePointer
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
ReleaseMutex
CreateMutexA
GetSystemDirectoryA
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
lstrlenW
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
ExpandEnvironmentStringsA
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
GetFileAttributesA
CopyFileA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
InterlockedExchange
GetTimeZoneInformation

user32

IsDialogMessageA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA
GetSysColorBrush
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
RegisterClassA
GetMenuItemCount
GetMenuItemID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetLastActivePopup
RegisterWindowMessageA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
CharUpperA
GetWindowTextLengthA
UnregisterHotKey
RegisterHotKey
CreateWindowExA
CallWindowProcA
SetWindowTextA
GetForegroundWindow
GetWindowTextA
UnregisterClassA
GetDlgItem
GetClassNameA
GetDesktopWindow
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ScrollWindowEx
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
ModifyMenuA
OffsetRect
FindWindowExA

gdi32

GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
GetObjectA
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
EndPage
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
SetBkColor
CreateRectRgnIndirect
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
RestoreDC
SaveDC
TranslateCharsetInfo
CreateFontA
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
ScaleViewportExtEx
GetDeviceCaps

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
RegEnumKeyA
RegCreateKeyExA
RegQueryValueA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
ShellExecuteA
Shell_NotifyIconA

ole32

CLSIDFromProgID
OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun

oleaut32

VariantChangeType
VariantClear
VariantCopyInd
VariantInit
SysAllocString
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
UnRegisterTypeLi

comctl32

ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add
ImageList_SetBkColor
ImageList_GetImageCount
ImageList_Duplicate
ImageList_Read
ord17
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove

wininet

InternetCloseHandle

Sections

.text
Size: 892KB - Virtual size: 891KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 384KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_33e1f1c6b0f5473d54fd77c8abdbe05c.vir
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: - Virtual size: 24B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_33e405059d5b62741f24686347fa2383.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_342404ea10d3408d10a91c8554dc821d.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_34877f921a1f72e5c5874a44f60c90ab.vir
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_34c4fefded4198de4880fcf8901c6a8e.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_3558343cd176135ebc56fe70a6f79ec2.vir
.dll regsvr32 windows:4 windows x64 arch:x64

80c653aa8405827ed08d6a7c112a5eaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AcquireSRWLockExclusive
DelayLoadFailureHook
DisableThreadLibraryCalls
EnumResourceNamesW
FindResourceW
GetEnvironmentVariableW
GetFullPathNameW
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrA
IsBadStringPtrW
LoadLibraryW
LoadResource
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSRWLockExclusive
ResolveDelayLoadedAPI
SizeofResource

mpr

WNetGetUniversalNameW

ntdll

_vsnprintf

oleaut32

SysAllocString
SysFreeString
VariantInit
LoadRegTypeLib

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vswprintf
_assert
_strdup
_stricmp
_wcsicmp
_wcsnicmp
_wtoi
atoi
calloc
free
fwrite
getenv
malloc
memcmp
memmove
memset
realloc
strchr
strcmp
strcspn
strlen
strtok
strtok_s
wcscmp
wcscpy
wcslen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_356adb32b071675760c5af9490710a08.vir
Virussign.2024.06.08/virussign.com_35c737050fd19562d38b6bba222f85fd.vir
.exe windows:4 windows x86 arch:x86

49ee3de62b5dc4dcf2edd4d3a2858849

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
ReleaseMutex
GetLastError
CreateMutexA
GetProcAddress
GetModuleHandleA
GetUserDefaultLangID
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

siecadu8

scdlg_MessageBox
scdlg_SelectSlot
scdlg_InsertCard
scdlg_ChangePIN

msvcr80

vsprintf_s
strncpy_s
strcpy_s
_amsg_exit
__getmainargs
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
strchr
__iob_func
fprintf
memcpy
calloc
free
_cexit

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_35e76ffa40b395b493e906ec37893d76.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_367152d6914b05eb88ae869d14097b0f.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_37e21bc0e56ccfa3186da94055500c2b.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_37fa37fa7b74d828e05816fa935c83b9.vir
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_38352e0d20637fe078598221810e87a5.vir
.exe windows:4 windows x86 arch:x86

06ea752c2bfc857d5f84f3229253c7b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
SetFilePointer
ReadFile
CreateFileA
CreateProcessA
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
DeleteFileA
Sleep
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
LCMapStringW
GetStringTypeW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
GetLastError
WriteFile
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
CloseHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
SetStdHandle
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
HeapAlloc
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
LCMapStringA
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile

user32

LoadStringA
FindWindowA
MessageBeep
MessageBoxA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_386911abd85324ca950aa203bcfeed43.vir
.dll windows:6 windows

bbfad6d051e4e821bd93a6eb2becd28e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DCompile
D3DDisassemble

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateEventExW
SetEvent
WaitForSingleObjectEx
ReleaseSRWLockExclusive

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler

api-ms-win-core-handle-l1-1-0

CloseHandle

msvcp140_app

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAAAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAAAAV01@AAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAAAAV01@AAI@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAA@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
_Query_perf_frequency
_Query_perf_counter
?_Raise_handler@std@@3P6AXABVexception@stdext@@@ZA
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAA_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAAXH_N@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAAPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAA@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAA@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAA_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAA_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAAPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAAXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAA@XZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@P6AAAV01@AAV01@@Z@Z
_Thrd_hardware_concurrency
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Reset@_ContextCallback@details@Concurrency@@AAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBAXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AAA@XZ
_Mtx_current_owns
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
_Cnd_timedwait
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
_Cnd_register_at_thread_exit
_Cnd_wait
_Xtime_get_ticks
_Cnd_broadcast
_Cnd_destroy_in_situ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV12@PBD_J@Z
?in_avail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAA_JXZ

vcruntime140_app

__CxxFrameHandler3
memcmp
memcpy
__std_exception_destroy
__std_exception_copy
memset
__std_type_info_destroy_list
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
memmove
strstr
__std_terminate
_purecall

api-ms-win-crt-heap-l1-1-0

free
_callnewh
realloc
malloc

api-ms-win-crt-string-l1-1-0

strlen
strcmp
isdigit
strncpy
strncmp
tolower

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsprintf_s
__acrt_iob_func
fread
fwrite
fseek
fclose
fopen
ftell
__stdio_common_vsprintf

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-time-l1-1-0

_time64
_localtime64

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_seh_filter_dll
terminate
exit
_invoke_watson
abort
_errno
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

_dclass
atan2f
roundf
sin
log10f
round
log2
pow
modff
lroundf
asinhf
expf
ceil
asinf
tanf
sinhf
atanhf
acoshf
floorf
sqrtf
truncf
ceilf
_fdsign
tanhf
cosf
acosf
exp2f
coshf
atanf
sinf
cos
modf
_finite
logf
powf
floor

api-ms-win-crt-convert-l1-1-0

mbsrtowcs
wcstombs
atoi
strtoul

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

??0PlatformMethods@angle@@QAA@XZ
??4PlatformMethods@angle@@QAAAAU01@$$QAU01@@Z
??4PlatformMethods@angle@@QAAAAU01@ABU01@@Z
ADDON_Create
ADDON_GetTypeMinVersion
ADDON_GetTypeVersion
ANGLEGetDisplayPlatform
ANGLEResetDisplayPlatform

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_3911439793ffa4035bb3f69129bfee14.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_3de59f1e6b45420188ae2df6e8961e54.vir
.exe windows:4 windows x86 arch:x86

2ceeaa397f902a35200a4ee69bfd19f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
calloc
free
fwrite
malloc
memcpy
printf
puts
scanf
signal
vfprintf

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 96B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 473B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 15B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_3ee9237b2c2b10394e37a375aceaf429.vir
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_3fbfdefdf8abf0761a0a801cfe15113a.vir
.exe windows:5 windows x86 arch:x86

d23314c5bd8326712a667023f475bd80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

conime.pdb

Imports

kernel32

GetModuleHandleA
RegisterConsoleIME
UnregisterConsoleIME
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
lstrlenW
lstrcpyW
lstrcatW
lstrcpynW
WideCharToMultiByte
GetSystemDirectoryW
SetCurrentDirectoryW
OpenEventW
SetEvent
CloseHandle
LocalAlloc
LocalFree
GetStartupInfoA
GetCurrentThreadId

user32

IsWindowEnabled
ActivateKeyboardLayout
PostMessageW
GetKeyboardLayoutList
SendMessageTimeoutW
PostQuitMessage
SetForegroundWindow
DefWindowProcW
EnableWindow
DestroyWindow
GetKeyState
GetKeyboardLayoutNameW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
LoadIconW
LoadCursorW
RegisterClassW
GetSystemMetrics
CreateWindowExW
UnregisterClassW
AttachThreadInput

ntdll

RtlLeaveCriticalSection
NtOpenProcessToken
RtlUnicodeToMultiByteSize
NtQueryInformationToken
NtClose
RtlInitializeCriticalSection
NtQueryVirtualMemory
RtlUnwind
RtlCopyLuid
RtlEnterCriticalSection

imm32

ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmGetGuideLineW
ImmSetConversionStatus
ImmSimulateHotKey
ImmGetIMEFileNameW
ImmEscapeW
ImmDisableTextFrameService
ImmGetOpenStatus
ImmNotifyIME
ImmGetCandidateListW
ImmGetCompositionStringW
ImmSetActiveContextConsoleIME
ImmTranslateMessage
ImmCallImeConsoleIME
ImmGetProperty
ImmCreateContext
ImmAssociateContext
ImmSetOpenStatus
ImmDestroyContext
ImmIsIME

gdi32

GetStockObject

msvcrt

_controlfp
__set_app_type
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_3ff657f025f7f54fb7522091c995640d.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_40008a608e00848e6fbd91205efd13d3.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_40a391e264cf4d9eab9404778e12e98d.vir
.exe windows:4 windows x86 arch:x86

390eebdc4ee1150f6e2a4b7ef5adef7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart

ws2_32

WSAAsyncSelect
send
select
WSACleanup
WSAStartup
recvfrom
ioctlsocket
recv
getpeername
accept
inet_ntoa
closesocket

rasapi32

RasGetConnectStatusA
RasHangUpA

kernel32

MultiByteToWideChar
SetLastError
GetTimeZoneInformation
GetVersion
GetTempFileNameA
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FormatMessageA
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
InterlockedExchange
WaitForSingleObject
CloseHandle
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr

user32

DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
GetClassInfoA
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
WinHelpA
KillTimer
PostThreadMessageA
GetNextDlgGroupItem
GetSysColorBrush
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DrawFrameControl
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
LoadStringA
MapDialogRect
SetWindowContextHelpId
CharNextA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
RegisterClassA
CreateWindowExA
GetClassLongA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
RegisterWindowMessageA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
EndPaint
BeginPaint
CharUpperA
GetWindowTextLengthA
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
TranslateMessage
LoadIconA
GetDesktopWindow
GetClassNameA
UnregisterClassA
GetDlgItem
GetWindowTextA
GetCursor
DrawTextA
SetPropA
CallWindowProcA
MoveWindow
GetPropA
FrameRect
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
GetWindowDC
WindowFromDC
TabbedTextOutA
GrayStringA
DrawStateA
GetTabbedTextExtentA
GetMenuState
GetMenuStringA
GetMenuItemID
GetMenuItemCount
SetWindowTextA
DestroyIcon
EnumChildWindows

gdi32

GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
SetPixel
CreateRectRgnIndirect
SetBkColor
SetBkMode
SetTextColor
SetWindowOrgEx
SaveDC
RestoreDC
CreatePenIndirect
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetTextMetricsA
GetMapMode
GetBkColor
GetROP2
GetDeviceCaps
GetTextExtentPoint32A
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
Ellipse
SetPixelV
CreateCompatibleDC
GetPixel
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
SetROP2
SetPolyFillMode
CreateFontIndirectA
GetStockObject
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
GetObjectA
SelectObject
CreateBitmap
CreateBrushIndirect
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
SelectClipRgn
GetStretchBltMode

msimg32

GradientFill

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CLSIDFromProgID
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SafeArrayGetUBound
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
VariantClear
SysAllocStringByteLen
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SysAllocString
SafeArrayCreate
SafeArrayAccessData
UnRegisterTypeLi
SysFreeString
OleCreateFontIndirect
LoadTypeLi
VariantCopy
RegisterTypeLi

comctl32

ImageList_Draw
ImageList_GetImageInfo
_TrackMouseEvent
ImageList_GetImageCount
ImageList_AddMasked
ImageList_GetIcon
ImageList_SetBkColor
ord17
ImageList_Destroy
ImageList_Create
ImageList_Read
ImageList_DrawIndirect
ImageList_Duplicate

oledlg

ord8

wininet

InternetCloseHandle

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

Sections

.text
Size: 728KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_41018a7781184be84fa8e2f8512bf8d9.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_418c7dc96afdb54736b5f77449632d55.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\学习文档\编程相关\C#\Project\Symbol\Symbol\obj\Debug\Symbol.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 785KB - Virtual size: 785KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_420c147a08d0dfc78fb7d10e0ab15002.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_42dfe672dceb71cf3f3937199d720bc4.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_432c817c25ecdf1c94d1730f19be0d68.vir
.exe windows:4 windows x86 arch:x86

658ed9630effe4a5ed480da57ca32633

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetWindowPos
SetCursor
GetWindowRect
DefWindowProcA
BeginPaint
GetSysColor
GetClientRect
SetRect
EndPaint
SetWindowWord
GetWindowWord
RegisterClassA
OemToCharA
LoadIconA
OemToCharBuffA
LoadCursorA
DestroyWindow
GetWindowLongA
SetWindowLongA
SetWindowTextA
SendMessageA
GetTopWindow
GetLastActivePopup
ShowWindow
PostMessageA
EnableWindow
SetTimer
GetMessageA
KillTimer
PostQuitMessage
DialogBoxIndirectParamA
GetSystemMetrics
GetDlgItemTextA
EndDialog
PeekMessageA
TranslateMessage
DispatchMessageA
GetParent
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
InvalidateRect
UpdateWindow
wsprintfA
MessageBoxA

kernel32

_lclose
WinExec
CreateProcessA
GetVolumeInformationA
_lwrite
RtlUnwind
GetCommandLineA
GetModuleHandleA
FindNextFileA
MoveFileExA
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
CloseHandle
RemoveDirectoryA
SetFileAttributesA
DeleteFileA
SetErrorMode
GetVersion
LoadLibraryA
GetProcAddress
GetLastError
FormatMessageA
GetModuleFileNameA
FreeLibrary
WaitForSingleObject
GetTickCount
GetEnvironmentVariableA
FindClose
FindFirstFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
lstrlenA
CreateDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
_lcreat
lstrcpyA
_lopen
LocalAlloc
GetWindowsDirectoryA
OpenFile
_lread
lstrcatA
GetDriveTypeA
_llseek
LocalFree
GlobalLock
GlobalAlloc
GlobalFree
GlobalHandle
GlobalUnlock

gdi32

SetBkColor
SetTextAlign
GetTextExtentPoint32A
GetBkColor
SetTextColor
DeleteObject
ExtTextOutA
CreateDCA
GetDeviceCaps
CreateFontIndirectA
DeleteDC
SelectObject

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_43a2a02a532dc148a442fceb2c83fd2c.vir
Virussign.2024.06.08/virussign.com_440fcf4a5b7cbc7c262216adcf140ce4.vir
.dll windows:5 windows x86 arch:x86

c46f66ce3990b0a678c86c288ffbdc7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\wk\MSG\fifa2007\branches\EASEO_NewRender_Temp\Build2008\Release\ssconnector.pdb

Imports

ws2_32

connect
WSARecv
WSASend
WSARecvFrom
WSAGetOverlappedResult
WSACreateEvent
WSAResetEvent
listen
WSAWaitForMultipleEvents
WSASendTo
WSACleanup
htons
getsockname
setsockopt
bind
closesocket
gethostbyname
WSASocketA
WSAStartup
ntohl
inet_addr
htonl
WSAGetLastError
inet_ntoa
ntohs
WSAIoctl

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

kernel32

GetModuleHandleW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetQueuedCompletionStatus
CreateIoCompletionPort
CloseHandle
QueryPerformanceCounter
Sleep
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetSystemInfo
ResetEvent
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WideCharToMultiByte
GetTimeZoneInformation
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapSize
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
GetTickCount
GetCurrentProcessId
VirtualAlloc
HeapReAlloc

Exports

Exports

?AddPeer@SSConnector@@YAHPAXHPADIH_N@Z
?Chat@SSConnector@@YAHPAX_NHPAD2@Z
?Create@SSConnector@@YAHPAPAXUSSCONNECTOR_CONFIG@1@_N@Z
?Create@SSHolepunching@@YAHPAPAXUSSCONNECTOR_SERVER_CONFIG@1@@Z
?Create@SSRelayServer@@YAHPAPAXUSSRELAY_SERVER_CONFIG@1@@Z
?CreateSync@SSConnector@@YAHPAXHH@Z
?Destroy@SSConnector@@YAHPAX_N@Z
?Destroy@SSHolepunching@@YAHPAX@Z
?Destroy@SSRelayServer@@YAHPAX@Z
?DestroyUnusedChannels@SSRelayServer@@YAHPAXH@Z
?FinishLocalLoading@SSConnector@@YAHPAX@Z
?GetGapBetweenLocalAndSync@SSConnector@@YAHPAX@Z
?GetLocalSyncDataId@SSConnector@@YAHPAX@Z
?GetRepeatCount@SSConnector@@YAHPAX@Z
?GetSessionInitialNetworkInfo@SSConnector@@YA?AUSSCONNECTOR_SSSESSION_NETWORK_INFO@1@PAXH@Z
?GetSessionNetworkInfo@SSConnector@@YA?AUSSCONNECTOR_SSSESSION_NETWORK_INFO@1@PAXH@Z
?GetSessionNetworkInfoByName@SSConnector@@YA?AUSSCONNECTOR_SSSESSION_NETWORK_INFO@1@PAXPBD@Z
?GetSessionState@SSConnector@@YA?AW4SSCONNECTOR_SESSION_STATE@1@PAXH@Z
?GetSessionStateByName@SSConnector@@YA?AW4SSCONNECTOR_SESSION_STATE@1@PAXPBD@Z
?GetSyncBufferSize@SSConnector@@YAHPAX@Z
?GetSyncDataCount@SSConnector@@YAHPAX@Z
?GetSyncDataId@SSConnector@@YAHPAX@Z
?InputSyncData@SSConnector@@YAHPAXPAE@Z
?InputSyncInfo@SSConnector@@YAHPAXIH@Z
?NextSyncData@SSConnector@@YAHPAXPAEAAH@Z
?PauseSync@SSConnector@@YAHPAX@Z
?Process@SSConnector@@YA?AW4SSCONNECTOR_STATE@1@PAX@Z
?ProcessDesync@SSConnector@@YAXPAX@Z
?RemoveAllPeers@SSConnector@@YAHPAX@Z
?RemovePeer@SSConnector@@YAHPAXH@Z
?RemovePeerByName@SSConnector@@YAHPAXPBD@Z
?ReportStatsByQuery@SSConnector@@YAHPAXPBD@Z
?SetCallbackFunc@SSConnector@@YAHPAXP6AH0W4SSCONNECTOR_CALLBACK_COMMAND@1@0@Z@Z
?SetRelayServerAddr@SSConnector@@YAHPAXPADH_N@Z
?SetSessionNetworkInfoExitState@SSConnector@@YAXPAXHW4SSCONNECTOR_SESSION_EXIT_STATE@1@@Z
?SetSyncBufferSize@SSConnector@@YAHPAXH@Z
?StartGetInitialNetworkInfo@SSConnector@@YAHPAX@Z
?StartLoading@SSConnector@@YAHPAX@Z
?StartSync@SSConnector@@YAHPAX@Z
?SyncProcess@SSConnector@@YA?AW4SSCONNECTOR_SYNC_PROCESS_RESULT@1@PAX@Z
?UpdateChannel@SSConnector@@YAHPAPAXI@Z
?WaitForSyncData@SSConnector@@YAHPAXAAHH@Z
?WriteLog@SSConnector@@YAHPAX_NPBDZZ

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_443cfc5d8efc3b642f4d00401f04744c.vir
.exe windows:5 windows x86 arch:x86

d7273322b3721db17cd8df0e65301709

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wordpad.pdb

Imports

mfc42u

ord4150
ord2986
ord3412
ord5019
ord5623
ord1003
ord3444
ord4691
ord3055
ord3061
ord6332
ord2502
ord2534
ord5738
ord1740
ord5573
ord3167
ord5650
ord4417
ord4950
ord4854
ord4819
ord4381
ord3449
ord3193
ord3256
ord3275
ord3376
ord4617
ord4424
ord456
ord6076
ord6171
ord3782
ord2006
ord6391
ord5451
ord3293
ord4477
ord1773
ord2785
ord2853
ord5648
ord5013
ord5100
ord4915
ord4997
ord4724
ord4663
ord4484
ord4339
ord4332
ord4641
ord5016
ord4486
ord4506
ord4956
ord4649
ord4376
ord4639
ord2540
ord5504
ord4032
ord3263
ord3348
ord4616
ord4418
ord5820
ord720
ord420
ord5952
ord1868
ord1886
ord1797
ord260
ord826
ord4294
ord2859
ord2371
ord1662
ord2644
ord5506
ord2937
ord2550
ord4458
ord6195
ord2385
ord2793
ord4017
ord3295
ord6466
ord744
ord3765
ord2515
ord993
ord1079
ord447
ord2386
ord6336
ord1258
ord2154
ord1262
ord6335
ord5994
ord3211
ord2246
ord2153
ord2170
ord4037
ord1640
ord429
ord748
ord2394
ord1984
ord3437
ord3792
ord4487
ord3490
ord1722
ord1130
ord824
ord1255
ord738
ord1196
ord3764
ord2167
ord2513
ord441
ord3023
ord4583
ord4886
ord4526
ord5070
ord4335
ord4343
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord6051
ord1768
ord5236
ord5286
ord3743
ord1719
ord4426
ord341
ord303
ord654
ord448
ord2082
ord357
ord535
ord858
ord2776
ord6211
ord861
ord3450
ord3397
ord1941
ord589
ord764
ord1172
ord4370
ord4847
ord325
ord4229
ord4282
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord3694
ord489
ord4253
ord4254
ord4709
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord3695
ord496
ord768
ord771
ord2877
ord3658
ord3621
ord2406
ord3568
ord2855
ord4215
ord2576
ord3649
ord2430
ord1637
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord6168
ord5869
ord5785
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord2442
ord5783
ord4155
ord540
ord5871
ord283
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord567
ord692
ord2332
ord2294
ord2729
ord5268
ord2606
ord1197
ord1145
ord3087
ord2293
ord2350
ord1560
ord1137
ord268
ord5706
ord941
ord940
ord665
ord1971
ord3784
ord5180
ord354
ord4224
ord4602
ord4710
ord6238
ord1173
ord1561
ord5977
ord2634
ord922
ord4273
ord4272
ord5679
ord5568
ord2914
ord5061
ord4629
ord4601
ord4744
ord5010
ord4828
ord355
ord2331
ord616
ord772
ord4263
ord6138
ord5856
ord4270
ord1634
ord3614
ord3566
ord1143
ord5781
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord500
ord5748
ord5878
ord3312
ord2854
ord3871
ord2836
ord2099
ord3290
ord6150
ord2522
ord4360
ord4051
ord5467
ord4116
ord2381
ord1703
ord1708
ord5230
ord6365
ord5275
ord5058
ord5244
ord2436
ord3725
ord807
ord554
ord3084
ord2072
ord4448
ord4491
ord6451
ord5080
ord2290
ord609
ord4118
ord2567
ord4390
ord3569
ord3867
ord319
ord4357
ord5083
ord4358
ord5078
ord1702
ord1704
ord3375
ord3680
ord450
ord747
ord1878
ord4246
ord4497
ord5950
ord3099
ord3133
ord4143
ord5491
ord2096
ord4454
ord6142
ord5879
ord2112
ord2879
ord5652
ord5472
ord6060
ord2486
ord2619
ord2618
ord6266
ord2004
ord4940
ord3249
ord2433
ord1688
ord5000
ord4464
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord3398
ord2874
ord2873
ord4149
ord4072
ord5233
ord5281
ord2641
ord1658
ord4430
ord5248
ord4421
ord739
ord439
ord442
ord736
ord5082
ord1834
ord4237
ord5996
ord2109
ord4504
ord4356
ord2992
ord5193
ord4695
ord1263
ord1229
ord5047
ord6191
ord3865
ord5024
ord1946
ord5468
ord4146
ord5278
ord674
ord796
ord6373
ord4451
ord529
ord366
ord2912
ord2795
ord958
ord6308
ord4172
ord3313
ord6006
ord5769
ord2593
ord3175
ord3178
ord3171
ord3502
ord3609
ord1259
ord6023
ord6381
ord6022
ord5438
ord1105
ord3785
ord703
ord603
ord6397
ord5441
ord1961
ord273
ord403
ord6398
ord6385
ord2885
ord3515
ord3516
ord1008
ord1192
ord4128
ord4292
ord4225
ord5784
ord5035
ord3688
ord6115
ord562
ord3578
ord620
ord1230
ord1709
ord5147
ord298
ord3749
ord1887
ord4952
ord3402
ord4984
ord4921
ord4926
ord4931
ord4711
ord4682
ord4851
ord5012
ord5102
ord4906
ord4640

msvcrt

_ftol
memmove
setlocale
_wcsdup
free
_wcsicmp
_c_exit
wcstod
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_vsnwprintf
wcscoll
wcscmp
_exit
iswspace
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
__CxxFrameHandler
_purecall
wcslen
_controlfp
?terminate@@YAXXZ
_onexit

advapi32

RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

kernel32

ResetEvent
SetEvent
GlobalGetAtomNameW
lstrlenW
GetModuleFileNameW
GetFileAttributesW
GetLocalTime
GetUserDefaultLCID
EnumDateFormatsW
EnumTimeFormatsW
GetProcAddress
GetTimeFormatW
FreeLibrary
lstrcmpW
lstrcmpiW
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
InterlockedIncrement
LoadLibraryW
GlobalAlloc
lstrlenA
WideCharToMultiByte
CloseHandle
CreateEventW
FindResourceW
GlobalSize
lstrcmpA
DeleteAtom
GetModuleHandleW
FormatMessageW
MultiByteToWideChar
SetThreadPriority
ResumeThread
GlobalAddAtomW
GetLocaleInfoW
Sleep
GetShortPathNameW
GetVersion
GlobalDeleteAtom
SetCurrentDirectoryW
AddAtomW
LoadLibraryExA
ReadFile
CreateFileW
LoadLibraryExW
GetLastError
GetModuleHandleA
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetDateFormatW
LoadLibraryA

gdi32

CreateFontIndirectW
CreatePen
DeleteObject
EnumFontFamiliesW
EnumFontFamiliesExW
GetTextMetricsW
BitBlt
CreateCompatibleDC
CreateSolidBrush
GetStockObject
Escape
SetPixel
RectVisible
PtVisible
GetTextExtentPoint32W
TextOutW
Rectangle
GetTextColor
GetBkColor
CreateICW
GetPaletteEntries
ScaleWindowExtEx
DPtoLP
GetDeviceCaps
GetObjectW
SelectObject
SetDCBrushColor
SetBkMode
SetTextColor
ExtTextOutW
CreateDCW

user32

SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
DefWindowProcW
GetAsyncKeyState
KillTimer
SetTimer
LoadMenuW
RemoveMenu
GetSubMenu
GetMenuItemCount
DeleteMenu
GetWindow
GetActiveWindow
DialogBoxParamW
ChildWindowFromPoint
GetDlgCtrlID
GetCursorPos
SetCursor
SendMessageW
RegisterWindowMessageW
EnableWindow
RegisterClipboardFormatW
PtInRect
SetRect
OffsetRect
GetWindowRect
GetClientRect
ClientToScreen
UpdateWindow
InvalidateRect
SetActiveWindow
SetCapture
ReleaseCapture
GetKeyState
IsClipboardFormatAvailable
CountClipboardFormats
GetMonitorInfoW
MonitorFromWindow
WinHelpW
CopyRect
FillRect
DrawFocusRect
CreatePopupMenu
AppendMenuW
TabbedTextOutW
DrawTextW
GrayStringW
LoadStringW
GetSysColor
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetWindowTextW
SetFocus
IsWindow
IsWindowEnabled
GetFocus
GetParent
IsChild
LoadBitmapW
GetNextDlgTabItem
DispatchMessageW
TranslateMessage
GetDlgItem
GetDesktopWindow
BringWindowToTop
ScreenToClient
GetSystemMetrics
PostMessageW
LoadIconW
GetClassInfoW
PeekMessageW
MsgWaitForMultipleObjects
CharToOemBuffA
CharToOemA
OemToCharBuffA
SetRectEmpty
EqualRect
LoadCursorW
DrawEdge
GetCapture
SetForegroundWindow
SendMessageTimeoutW
GetClassNameW
IntersectRect
EnumWindows
GetDC
ReleaseDC
FindWindowW
SendDlgItemMessageW
EndDialog

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
CommDlgExtendedError

shell32

DragQueryFileW
SHGetSettings
ShellAboutW
ShellExecuteExW
SHGetSpecialFolderPathW
DragFinish

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromString
StringFromCLSID
OleInitialize
OleUninitialize
OleRegGetUserType
CoTaskMemFree
ReleaseStgMedium
ReadClassStg

shlwapi

PathFindFileNameW
SHRegGetValueW

Exports

Exports

DllVerifyCLSIDIsSafeToLoad

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_44d3db10f31d302e187c615a85d7af81.vir
.exe windows:4 windows x64 arch:x64

93467c6cf7d24e4fab55cd98c9f1c7b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_lock
_onexit
_unlock
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
printf
putchar
puts
scanf
signal
strlen
strncmp
system
vfprintf

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_44e76c0d2e79c1737e4e2241c844006d.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_459b68e06ba1a22febd9cce064aafe3a.vir
.dll windows:4 windows x86 arch:x86

b15f50e3f2711e0feb9b6d0b6f0258b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_45d0f930f413b4585d3ea574e9ff8c0d.vir
.exe windows:4 windows x86 arch:x86

62f205fe3d5e06c190cbad78ac9b9e4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pbvm90

ord137

kernel32

GetModuleFileNameA
FreeEnvironmentStringsA
LoadLibraryA
GetProcAddress
GetCommandLineA
GetCPInfo
IsDBCSLeadByte
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
GetACP
GetOEMCP
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
GetStringTypeA
VirtualFree
RtlUnwind
WriteFile
GetStringTypeW
HeapFree
HeapAlloc
VirtualAlloc

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_46340171c9ab0855476499f32490798d.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_466931397aadb3ceeedf11a211e75a64.vir
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_468060265efc10ef377343bd6ad2e612.vir
.exe windows:4 windows x86 arch:x86

b5046749118e45f3be8da8ca2ef5f48c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
WSAStartup
socket
htons
connect
WSAAsyncSelect
WSAGetLastError
shutdown
recv
setsockopt
send
closesocket
ioctlsocket
gethostbyname

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetVersionExA
lstrcmpiA
lstrcatA
lstrcpyA
lstrlenA
_lwrite
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
_lclose
GetProcAddress
LoadLibraryA
_lcreat
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
WritePrivateProfileStringA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
FreeLibrary
DeleteFileA
_llseek
lstrcmpA
_lread
GetCommandLineA
CloseHandle
GetFileTime
CreateFileA
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
GetFileAttributesA
ExitProcess
_lopen
GetExitCodeProcess
WaitForSingleObject
GetModuleFileNameA
CreateDirectoryA
LocalAlloc
MulDiv
GetUserDefaultLangID
SetCurrentDirectoryA
GetCurrentProcess
ExpandEnvironmentStringsA
Sleep
GetFileSize
SetEnvironmentVariableA
GetModuleHandleA
lstrcpynA
SetErrorMode

user32

DispatchMessageA
TranslateMessage
PeekMessageA
wsprintfA
GetDC
MessageBoxA
DestroyWindow
CharNextA
LoadStringA
SendMessageA
GetDlgItem
EnumChildWindows
ReleaseDC
EndDialog
GetDlgItemTextA
SetWindowTextA
SetDlgItemTextA
CreateDialogParamA
ExitWindowsEx
EnableWindow
ShowWindow
SetTimer
DialogBoxParamA

gdi32

GetDeviceCaps
DeleteObject
CreateFontA

advapi32

RegCreateKeyExA
RegDeleteValueA
RegEnumValueA
OpenSCManagerA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteExA

Exports

Exports

_LanguageDlg@16
_PasswordDlg@16
_ProgressDlg@16
_UpdateCRC@8
_t1@40
_t2@12

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WISE
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_46b4c53dd7187f541e3758f45f3a5722.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_46d4412944b083e481987efa5ded80ae.vir
.exe windows:4 windows x86 arch:x86

c9bb04e76e0bf2330445a39ac0cf1609

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
GetACP
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
lstrlenW
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
InterlockedIncrement

user32

SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
OpenClipboard
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
GetClipboardData
CloseClipboard
wsprintfA
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
WaitForInputIdle
PostMessageA
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
UnregisterClassA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer

gdi32

CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBrushIndirect
CreateHatchBrush
CreateBitmap
CreatePatternBrush
SelectObject
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
GetClipRgn
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
CreateSolidBrush
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CLSIDFromProgID
OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun

oleaut32

VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
UnRegisterTypeLi
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
SafeArrayGetElement

comctl32

ImageList_Destroy
ord17

ws2_32

recvfrom
ioctlsocket
recv
getpeername
accept
WSAAsyncSelect
closesocket
WSACleanup
inet_ntoa

comdlg32

GetOpenFileNameA
ChooseFontA
ChooseColorA
GetSaveFileNameA
GetFileTitleA

Sections

.text
Size: 632KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1008KB - Virtual size: 1006KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_4818127a12a7fe876c8bd549b8e9407e.vir
.exe windows:4 windows x86 arch:x86

d689fdc2df451f0502a37fd0266c5f26

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

comdlg32

GetOpenFileNameA
PrintDlgA
GetSaveFileNameA

gdi32

CreateFontA
GetTextExtentPoint32A
EndDoc
EndPage
DeleteObject
CreateCompatibleBitmap
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
SetTextColor
CreateHatchBrush
CreateSolidBrush
CreatePen
IntersectClipRect
SelectClipRgn
ExtTextOutW
SetBkMode
GetTextExtentPoint32W
GetTextMetricsA
CreateFontIndirectA
Rectangle
SetPixel
Polyline
Ellipse
GetStockObject
Polygon
SetMapMode
StartDocA
StartPage
GetDeviceCaps

user32

LoadIconA
MessageBeep
TranslateMessage
BeginPaint
IntersectRect
EndPaint
PostQuitMessage
ReleaseCapture
SetCapture
DefWindowProcA
CreateMenu
AppendMenuA
SetMenu
GetKeyboardState
EnableMenuItem
CheckMenuItem
DrawMenuBar
CheckDlgButton
DefDlgProcA
LoadCursorA
RegisterClassA
EnableWindow
ShowWindow
IsDialogMessageA
DispatchMessageA
GetMessageA
SetForegroundWindow
DestroyWindow
SendMessageA
GetDlgItemTextA
IsDlgButtonChecked
SendDlgItemMessageA
GetWindowLongA
CreateWindowExA
SetWindowLongA
SystemParametersInfoA
GetClientRect
AdjustWindowRectEx
GetMenu
SetRect
GetMenuItemCount
GetMenuItemRect
UnionRect
SetWindowPos
GetWindowRect
WinHelpA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetTimer
KillTimer
OffsetRect
InvalidateRect
GetSysColor
GetDC
ReleaseDC
SetWindowTextA
MessageBoxA
DestroyMenu

kernel32

RaiseException
SetEndOfFile
InterlockedExchange
RtlUnwind
CreateFileA
SetStdHandle
HeapSize
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
VirtualQuery
GetSystemInfo
VirtualProtect
GetCPInfo
GetLocaleInfoA
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
FlushFileBuffers
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
ReadFile
WriteFile
CloseHandle
LCMapStringW
LCMapStringA
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
TerminateProcess
GetModuleHandleA
ExitProcess
HeapReAlloc
HeapFree
HeapAlloc
MulDiv
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
FormatMessageA
GetLastError
GetLocalTime
MultiByteToWideChar
GetTickCount

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_4981d406b5936dd98bc805f00b4e3ac7.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_4ac25f35a4bc029d5b9a5d4ac5439219.vir
.dll windows:4 windows x86 arch:x86

7546ff2574e47d28dfaf32226e89e92b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

tsreader_sourcehelper

ord5
ord34
ord32
ord35
ord4
ord33
ord28
ord3

kernel32

GetStartupInfoA
FlushFileBuffers
SetFilePointer
SetStdHandle
GetProcAddress
LoadLibraryA
FreeLibrary
Sleep
OutputDebugStringA
lstrcpyA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
ResumeThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
ReadFile
LCMapStringA
LCMapStringW

user32

MessageBoxA
wsprintfA

Exports

Exports

DllMain
TSReader_DeInit
TSReader_GetDescription
TSReader_GetSignalString
TSReader_GetSyncLossCount
TSReader_GetTunerString
TSReader_Init
TSReader_IsPIDActive
TSReader_PIDManagement
TSReader_ParseCommandLine
TSReader_SendDiSEqC
TSReader_SetChannel
TSReader_Start
TSReader_Stop
TSReader_Tune
TSReader_TuneDialog

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_4bbbf9b5ac4e0ed9b63a1992beef4ac1.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_4bf885cdfe705be6127c06434668edbd.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_4c05c7bded47185197e39c40625e5e39.vir
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.3MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_4c36e69f663341ae9bf1f7d0f37d6632.vir
.exe windows:5 windows x86 arch:x86

c7b970e94adc98925b1b7437286dfe12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wuauclt1.pdb

Imports

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
?terminate@@YAXXZ
memmove
exit
_c_exit
_wcsicmp
wcslen
wcschr
_CxxThrowException
malloc
free
_vsnwprintf
__CxxFrameHandler
??2@YAPAXI@Z
_vsnprintf
_wtoi
_wsplitpath
_ftol
wcstoul
_cexit
_exit
_XcptFilter
??3@YAXPAX@Z

kernel32

InterlockedIncrement
InterlockedDecrement
WaitForMultipleObjects
CreateThread
TryEnterCriticalSection
Sleep
CompareStringW
GetTimeFormatW
GetProcAddress
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalFree
GetModuleHandleA
GetStartupInfoA
GetSystemDirectoryW
CreateProcessW
GetSystemDefaultLangID
lstrlenW
GetLocalTime
SystemTimeToFileTime
ExitProcess
GetTickCount
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
OpenEventW
RegisterWaitForSingleObject
SetEvent
WaitForSingleObject
QueryPerformanceCounter
ReleaseMutex
CreateEventW
FormatMessageW
SetFilePointer
SetEndOfFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CompareStringA
WriteFile
CompareFileTime
GetCurrentThread
SetFileTime
GlobalFree
GlobalAlloc
InterlockedCompareExchange
HeapReAlloc
WideCharToMultiByte
GetDateFormatW
FileTimeToSystemTime
MoveFileW
GetFileTime
CopyFileW
lstrcpynW
LoadLibraryExW
GetVersionExW
GetModuleHandleW
InitializeCriticalSection
CreateFileW
GetFileSize
ReadFile
lstrlenA
MultiByteToWideChar
SetLastError
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
DeleteFileW
CreateDirectoryW
SetFileAttributesW
GetSystemTime
GetProcessHeap
HeapAlloc
HeapFree
lstrcmpiW
GetFileAttributesW
GetPrivateProfileStringW
VerSetConditionMask
VerifyVersionInfoW
GetCommandLineW
LoadLibraryA
CloseHandle
ProcessIdToSessionId
GetCurrentProcessId
GetLastError
DeleteCriticalSection
FreeLibrary
UnregisterWaitEx

gdi32

TextOutW
CreateSolidBrush
GetTextExtentPoint32W
BitBlt
SetBkColor
CreateCompatibleDC
SetStretchBltMode
StretchBlt
DeleteDC
SetBkMode
SetTextColor
SelectObject
DeleteObject
GetStockObject
CreateFontIndirectW
GetObjectW
GetCurrentObject

user32

PostMessageW
EndDialog
LoadCursorW
LoadAcceleratorsW
CharLowerA
CharUpperA
RegisterClassExW
SetWindowLongW
GetWindowTextLengthW
GetWindowTextW
GetPropW
SetPropW
CheckDlgButton
LoadStringW
CheckRadioButton
IsDlgButtonChecked
UpdateWindow
GetKeyState
DrawEdge
EqualRect
RemovePropW
OffsetRect
CopyRect
GetDesktopWindow
IsWindow
SetWindowTextW
SendMessageW
CreateDialogParamW
BeginPaint
EndPaint
SetWindowPos
GetSystemMenu
EnableMenuItem
TranslateAcceleratorW
CallNextHookEx
GetDlgCtrlID
GetSysColor
GetSysColorBrush
MessageBoxW
GetWindowRect
MapWindowPoints
ReleaseDC
GetDlgItem
EnableWindow
GetDC
DrawFocusRect
GetWindowLongW
DrawTextW
GetFocus
GetCapture
ReleaseCapture
GetParent
GetClientRect
FillRect
SetCursor
ScreenToClient
PtInRect
CallWindowProcW
CreateCursor
InvalidateRect
DestroyCursor
SetRectEmpty
DestroyMenu
CreatePopupMenu
AppendMenuW
CreateWindowExW
ShowWindow
SetTimer
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
DestroyWindow
PostQuitMessage
SetWindowsHookExW
DefWindowProcW
GetCursorPos
SetForegroundWindow
TrackPopupMenu
SetActiveWindow
SetFocus
DialogBoxParamW
KillTimer
LoadImageW
GetSystemMetrics
CharNextW
SetCapture

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SafeArrayDestroy
SysReAllocString
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayAccessData
SysAllocString
SafeArrayUnaccessData
VariantClear
SafeArrayGetUBound
VariantInit
SafeArrayGetElement

urlmon

CreateURLMoniker

comctl32

InitCommonControlsEx

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

advapi32

LookupPrivilegeValueW
RegQueryValueExA
RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
SetNamedSecurityInfoW
OpenProcessToken
QueryServiceStatus
AdjustTokenPrivileges
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCloseKey

shlwapi

StrStrW
StrChrW
StrRChrW
PathIsRootW
PathIsUNCW
PathStripToRootW
PathIsRelativeW
StrToIntW
PathFindFileNameW

advpack

ExtractFiles

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CryptHashPublicKeyInfo
CertGetCertificateContextProperty

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tshyxvm
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_4c5523063c3e55b743614ed70a788885.vir
.dll windows:4 windows x86 arch:x86

a5188fdc85fd6d4de1e07e76df3878f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

3dwindll

?get_name@MScene@@QAEPADXZ
?my_malloc@@YAPAXI@Z
?my_free@@YAXPAX@Z
?MakeDefaultSurfaceList1@MScene@@QAEXXZ

kernel32

GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
LoadLibraryA
RtlUnwind
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

?v88DUwZqWOch_decode@@YAXPAEH0H@Z
?v88DUwZqWOch_doit@@YAXPAVMScene@@@Z
?v88DUwZqWOch_generate_keybytes@@YAXPADHE@Z
?v88DUwZqWOch_generate_keystr@@YAXPADH@Z
?v88DUwZqWOch_getuserinfo@@YAXPAUUSER_INFO_2@@@Z

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Test
Size: 4KB - Virtual size: 61B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

USER2
Size: 4KB - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

USER1
Size: 4KB - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_4d870aa289a994867bac4cc7db686281.vir
.dll windows:6 windows x64 arch:x64

33ac2ff16b61c91f4ef7ccf19efbba8f

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:15:62:0f:43:7d:94:f8:7d:3b:0f:17:58:c8:ab:dd
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

27-04-2022 00:00

Not After

26-04-2025 23:59

Subject

CN=Tobias Hüllmandel,O=Tobias Hüllmandel,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:15:62:0f:43:7d:94:f8:7d:3b:0f:17:58:c8:ab:dd
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

27-04-2022 00:00

Not After

26-04-2025 23:59

Subject

CN=Tobias Hüllmandel,O=Tobias Hüllmandel,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:b7:73:41:09:fa:ef:41:5e:a6:e0:59:7f:9f:b0:24:30:63:16:91:d2:fd:e6:17:a4:99:19:d5:95:e4:66:2e
Signer

Actual PE Digest

de:b7:73:41:09:fa:ef:41:5e:a6:e0:59:7f:9f:b0:24:30:63:16:91:d2:fd:e6:17:a4:99:19:d5:95:e4:66:2e

Digest Algorithm

sha256

PE Digest Matches

true

47:d7:61:1f:f3:3b:98:e8:86:27:81:57:05:fa:e6:d4:2d:bd:8c:37
Signer

Actual PE Digest

47:d7:61:1f:f3:3b:98:e8:86:27:81:57:05:fa:e6:d4:2d:bd:8c:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

SetFocus
GetFocus
EnableWindow
SetParent
BringWindowToTop
GetKeyState
SetActiveWindow
GetWindowRect
SetWindowLongA

qt5widgetsr

?minimumSizeHint@QWidget@qtsh@@UEBA?AVQSize@2@XZ
?mouseDoubleClickEvent@QWidget@qtsh@@MEAAXPEAVQMouseEvent@2@@Z
?mouseMoveEvent@QWidget@qtsh@@MEAAXPEAVQMouseEvent@2@@Z
?mousePressEvent@QWidget@qtsh@@MEAAXPEAVQMouseEvent@2@@Z
?mouseReleaseEvent@QWidget@qtsh@@MEAAXPEAVQMouseEvent@2@@Z
?moveEvent@QWidget@qtsh@@MEAAXPEAVQMoveEvent@2@@Z
?paintEngine@QWidget@qtsh@@UEBAPEAVQPaintEngine@2@XZ
?paintEvent@QWidget@qtsh@@MEAAXPEAVQPaintEvent@2@@Z
?redirected@QWidget@qtsh@@MEBAPEAVQPaintDevice@2@PEAVQPoint@2@@Z
?setVisible@QWidget@qtsh@@UEAAX_N@Z
?sharedPainter@QWidget@qtsh@@MEBAPEAVQPainter@2@XZ
?sizeHint@QWidget@qtsh@@UEBA?AVQSize@2@XZ
?tabletEvent@QWidget@qtsh@@MEAAXPEAVQTabletEvent@2@@Z
?wheelEvent@QWidget@qtsh@@MEAAXPEAVQWheelEvent@2@@Z
?isWindow@QWidget@qtsh@@QEBA_NXZ
?window@QWidget@qtsh@@QEBAPEAV12@XZ
?show@QWidget@qtsh@@QEAAXXZ
?hide@QWidget@qtsh@@QEAAXXZ
?setGeometry@QWidget@qtsh@@QEAAXHHHH@Z
?focusWidget@QWidget@qtsh@@QEBAPEAV12@XZ
?nextInFocusChain@QWidget@qtsh@@QEBAPEAV12@XZ
?windowHandle@QWidget@qtsh@@QEBAPEAVQWindow@2@XZ
?testAttribute_helper@QWidget@qtsh@@AEBA_NW4WidgetAttribute@Qt@2@@Z
?staticMetaObject@QWidget@qtsh@@2UQMetaObject@2@B
?qt_metacast@QWidget@qtsh@@UEAAPEAXPEBD@Z
?qt_metacall@QWidget@qtsh@@UEAAHW4Call@QMetaObject@2@HPEAPEAX@Z
?leaveEvent@QWidget@qtsh@@MEAAXPEAVQEvent@2@@Z
?keyReleaseEvent@QWidget@qtsh@@MEAAXPEAVQKeyEvent@2@@Z
?keyPressEvent@QWidget@qtsh@@MEAAXPEAVQKeyEvent@2@@Z
?inputMethodQuery@QWidget@qtsh@@UEBA?AVQVariant@2@W4InputMethodQuery@Qt@2@@Z
?inputMethodEvent@QWidget@qtsh@@MEAAXPEAVQInputMethodEvent@2@@Z
?metric@QWidget@qtsh@@MEBAHW4PaintDeviceMetric@QPaintDevice@2@@Z
?initPainter@QWidget@qtsh@@MEBAXPEAVQPainter@2@@Z
?hideEvent@QWidget@qtsh@@MEAAXPEAVQHideEvent@2@@Z
?heightForWidth@QWidget@qtsh@@UEBAHH@Z
?hasHeightForWidth@QWidget@qtsh@@UEBA_NXZ
?focusOutEvent@QWidget@qtsh@@MEAAXPEAVQFocusEvent@2@@Z
?focusNextPrevChild@QWidget@qtsh@@MEAA_N_N@Z
?enterEvent@QWidget@qtsh@@MEAAXPEAVQEvent@2@@Z
?dropEvent@QWidget@qtsh@@MEAAXPEAVQDropEvent@2@@Z
?dragMoveEvent@QWidget@qtsh@@MEAAXPEAVQDragMoveEvent@2@@Z
?dragLeaveEvent@QWidget@qtsh@@MEAAXPEAVQDragLeaveEvent@2@@Z
?dragEnterEvent@QWidget@qtsh@@MEAAXPEAVQDragEnterEvent@2@@Z
?devType@QWidget@qtsh@@UEBAHXZ
?contextMenuEvent@QWidget@qtsh@@MEAAXPEAVQContextMenuEvent@2@@Z
?closeEvent@QWidget@qtsh@@MEAAXPEAVQCloseEvent@2@@Z
?changeEvent@QWidget@qtsh@@MEAAXPEAVQEvent@2@@Z
?actionEvent@QWidget@qtsh@@MEAAXPEAVQActionEvent@2@@Z
?showEvent@QWidget@qtsh@@MEAAXPEAVQShowEvent@2@@Z
?resizeEvent@QWidget@qtsh@@MEAAXPEAVQResizeEvent@2@@Z
?event@QWidget@qtsh@@MEAA_NPEAVQEvent@2@@Z
?setAttribute@QWidget@qtsh@@QEAAXW4WidgetAttribute@Qt@2@_N@Z
?focusPolicy@QWidget@qtsh@@QEBA?AW4FocusPolicy@Qt@2@XZ
??1QWidget@qtsh@@UEAA@XZ
??0QWidget@qtsh@@QEAA@PEAV01@V?$QFlags@W4WindowType@Qt@qtsh@@@1@@Z
?setFocus@QWidget@qtsh@@QEAAXW4FocusReason@Qt@2@@Z
?winId@QWidget@qtsh@@QEBA_KXZ

qt5guir

?setFlags@QWindow@qtsh@@QEAAXV?$QFlags@W4WindowType@Qt@qtsh@@@2@@Z
?reason@QFocusEvent@qtsh@@QEBA?AW4FocusReason@Qt@2@XZ
??1QFocusEvent@qtsh@@UEAA@XZ
??0QFocusEvent@qtsh@@QEAA@W4Type@QEvent@1@W4FocusReason@Qt@1@@Z
?platformNativeInterface@QGuiApplication@qtsh@@SAPEAVQPlatformNativeInterface@2@XZ

qt5corer

?dynamicMetaObject@QObjectData@qtsh@@QEBAPEAUQMetaObject@2@XZ
??0QVariant@qtsh@@QEAA@_K@Z
??1QVariant@qtsh@@QEAA@XZ
?sendEvent@QCoreApplication@qtsh@@SA_NPEAVQObject@2@PEAVQEvent@2@@Z
??1QEvent@qtsh@@UEAA@XZ
??0QEvent@qtsh@@QEAA@W4Type@01@@Z
?deleteLater@QObject@qtsh@@QEAAXXZ
?setProperty@QObject@qtsh@@QEAA_NPEBDAEBVQVariant@2@@Z
?removeEventFilter@QObject@qtsh@@QEAAXPEAV12@@Z
?installEventFilter@QObject@qtsh@@QEAAXPEAV12@@Z
?setParent@QObject@qtsh@@QEAAXPEAV12@@Z
?isWidgetType@QObject@qtsh@@QEBA_NXZ
?qt_qFindChild_helper@qtsh@@YAPEAVQObject@1@PEBV21@AEBVQString@1@AEBUQMetaObject@1@V?$QFlags@W4FindChildOption@Qt@qtsh@@@1@@Z
?tr@QMetaObject@qtsh@@QEBA?AVQString@2@PEBD0H@Z
??1QString@qtsh@@QEAA@XZ
??0QString@qtsh@@QEAA@XZ
??1QByteArray@qtsh@@QEAA@XZ
??0QByteArray@qtsh@@QEAA@PEBDH@Z
?warning@QMessageLogger@qtsh@@QEBAXPEBDZZ
??0QMessageLogger@qtsh@@QEAA@PEBDH0@Z
?timerEvent@QObject@qtsh@@MEAAXPEAVQTimerEvent@2@@Z
?eventFilter@QObject@qtsh@@UEAA_NPEAV12@PEAVQEvent@2@@Z
?disconnectNotify@QObject@qtsh@@MEAAXAEBVQMetaMethod@2@@Z
?customEvent@QObject@qtsh@@MEAAXPEAVQEvent@2@@Z
?connectNotify@QObject@qtsh@@MEAAXAEBVQMetaMethod@2@@Z
?childEvent@QObject@qtsh@@MEAAXPEAVQChildEvent@2@@Z

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CloseHandle
GetModuleHandleW
GetCurrentThreadId

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
memset
__std_type_info_destroy_list
__C_specific_handler
__current_exception_context

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
terminate
_initterm
_configure_narrow_argv
_initterm_e

Exports

Exports

??0QWinWidget@qtsh@@QEAA@PEAUHWND__@@PEAVQObject@1@V?$QFlags@W4WindowType@Qt@qtsh@@@1@@Z
??1QWinWidget@qtsh@@UEAA@XZ
??_7QWinWidget@qtsh@@6BQObject@1@@
??_7QWinWidget@qtsh@@6BQPaintDevice@1@@
?center@QWinWidget@qtsh@@QEAAXXZ
?childEvent@QWinWidget@qtsh@@MEAAXPEAVQChildEvent@2@@Z
?eventFilter@QWinWidget@qtsh@@MEAA_NPEAVQObject@2@PEAVQEvent@2@@Z
?focusInEvent@QWinWidget@qtsh@@MEAAXPEAVQFocusEvent@2@@Z
?focusNextPrevChild@QWinWidget@qtsh@@MEAA_N_N@Z
?init@QWinWidget@qtsh@@AEAAXXZ
?metaObject@QWinWidget@qtsh@@UEBAPEBUQMetaObject@2@XZ
?nativeEvent@QWinWidget@qtsh@@MEAA_NAEBVQByteArray@2@PEAXPEAJ@Z
?parentWindow@QWinWidget@qtsh@@QEBAPEAUHWND__@@XZ
?qt_metacall@QWinWidget@qtsh@@UEAAHW4Call@QMetaObject@2@HPEAPEAX@Z
?qt_metacast@QWinWidget@qtsh@@UEAAPEAXPEBD@Z
?qt_static_metacall@QWinWidget@qtsh@@CAXPEAVQObject@2@W4Call@QMetaObject@2@HPEAPEAX@Z
?resetFocus@QWinWidget@qtsh@@AEAAXXZ
?saveFocus@QWinWidget@qtsh@@AEAAXXZ
?show@QWinWidget@qtsh@@QEAAXXZ
?showCentered@QWinWidget@qtsh@@QEAAXXZ
?staticMetaObject@QWinWidget@qtsh@@2UQMetaObject@2@B
?tr@QWinWidget@qtsh@@SA?AVQString@2@PEBD0H@Z
?trUtf8@QWinWidget@qtsh@@SA?AVQString@2@PEBD0H@Z

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_4e096c4054ef0e636ebad7524c764a56.vir
.dll windows:4 windows x86 arch:x86

7aca4c98ce3e8d39b42d11897f88f1de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

d3dcompiler_47

D3DCompile
D3DPreprocess

d3dxof

DirectXFileCreate

gdi32

CreateCompatibleDC
CreateFontIndirectW
CreateFontW
DeleteDC
DeleteObject
GetCharacterPlacementW
GetCurrentObject
GetGlyphIndicesW
GetGlyphOutlineW
GetObjectW
GetOutlineTextMetricsW
GetTextExtentExPointW
GetTextMetricsA
GetTextMetricsW
ScriptBreak
SelectObject

kernel32

CloseHandle
CreateFileA
CreateFileMappingW
CreateFileW
DelayLoadFailureHook
DisableThreadLibraryCalls
EnterCriticalSection
FindResourceA
FindResourceW
GetFileSize
GetModuleHandleW
GetProcAddress
GetTickCount
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitOnceExecuteOnce
IsBadStringPtrA
IsBadStringPtrW
LeaveCriticalSection
LoadResource
LockResource
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ResolveDelayLoadedAPI
SizeofResource
UnmapViewOfFile
WideCharToMultiByte
WriteFile

ntdll

_vsnprintf

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
_assert
_dclass
_fdclass
_recalloc
_strdup
_stricmp
acos
asin
atan
atan2
atoi
calloc
cos
fmax
fmin
free
fwrite
getenv
isalpha
isprint
log2
lrint
malloc
memcmp
memcpy
memmove
memset
pow
qsort
realloc
sin
sqrt
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strrchr
strstr
tan

Exports

Exports

D3DXAssembleShader
D3DXAssembleShaderFromFileA
D3DXAssembleShaderFromFileW
D3DXAssembleShaderFromResourceA
D3DXAssembleShaderFromResourceW
D3DXBoxBoundProbe
D3DXCheckCubeTextureRequirements
D3DXCheckTextureRequirements
D3DXCheckVersion
D3DXCheckVolumeTextureRequirements
D3DXCleanMesh
D3DXColorAdjustContrast
D3DXColorAdjustSaturation
D3DXCompileShader
D3DXCompileShaderFromFileA
D3DXCompileShaderFromFileW
D3DXCompileShaderFromResourceA
D3DXCompileShaderFromResourceW
D3DXComputeBoundingBox
D3DXComputeBoundingSphere
D3DXComputeIMTFromPerTexelSignal
D3DXComputeIMTFromPerVertexSignal
D3DXComputeIMTFromSignal
D3DXComputeIMTFromTexture
D3DXComputeNormalMap
D3DXComputeNormals
D3DXComputeTangent
D3DXComputeTangentFrame
D3DXComputeTangentFrameEx
D3DXConcatenateMeshes
D3DXConvertMeshSubsetToSingleStrip
D3DXConvertMeshSubsetToStrips
D3DXCreateAnimationController
D3DXCreateBox
D3DXCreateBuffer
D3DXCreateCompressedAnimationSet
D3DXCreateCubeTexture
D3DXCreateCubeTextureFromFileA
D3DXCreateCubeTextureFromFileExA
D3DXCreateCubeTextureFromFileExW
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileW
D3DXCreateCubeTextureFromResourceA
D3DXCreateCubeTextureFromResourceExA
D3DXCreateCubeTextureFromResourceExW
D3DXCreateCubeTextureFromResourceW
D3DXCreateCylinder
D3DXCreateEffect
D3DXCreateEffectCompiler
D3DXCreateEffectCompilerFromFileA
D3DXCreateEffectCompilerFromFileW
D3DXCreateEffectCompilerFromResourceA
D3DXCreateEffectCompilerFromResourceW
D3DXCreateEffectEx
D3DXCreateEffectFromFileA
D3DXCreateEffectFromFileExA
D3DXCreateEffectFromFileExW
D3DXCreateEffectFromFileW
D3DXCreateEffectFromResourceA
D3DXCreateEffectFromResourceExA
D3DXCreateEffectFromResourceExW
D3DXCreateEffectFromResourceW
D3DXCreateEffectPool
D3DXCreateFontA
D3DXCreateFontIndirectA
D3DXCreateFontIndirectW
D3DXCreateFontW
D3DXCreateFragmentLinker
D3DXCreateKeyframedAnimationSet
D3DXCreateLine
D3DXCreateMatrixStack
D3DXCreateMesh
D3DXCreateMeshFVF
D3DXCreateNPatchMesh
D3DXCreatePMeshFromStream
D3DXCreatePRTBuffer
D3DXCreatePRTBufferTex
D3DXCreatePRTCompBuffer
D3DXCreatePRTEngine
D3DXCreatePatchMesh
D3DXCreatePolygon
D3DXCreateRenderToEnvMap
D3DXCreateRenderToSurface
D3DXCreateSPMesh
D3DXCreateSkinInfo
D3DXCreateSkinInfoFVF
D3DXCreateSkinInfoFromBlendedMesh
D3DXCreateSphere
D3DXCreateSprite
D3DXCreateTeapot
D3DXCreateTextA
D3DXCreateTextW
D3DXCreateTexture
D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileExA
D3DXCreateTextureFromFileExW
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileW
D3DXCreateTextureFromResourceA
D3DXCreateTextureFromResourceExA
D3DXCreateTextureFromResourceExW
D3DXCreateTextureFromResourceW
D3DXCreateTextureGutterHelper
D3DXCreateTextureShader
D3DXCreateTorus
D3DXCreateVolumeTexture
D3DXCreateVolumeTextureFromFileA
D3DXCreateVolumeTextureFromFileExA
D3DXCreateVolumeTextureFromFileExW
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileW
D3DXCreateVolumeTextureFromResourceA
D3DXCreateVolumeTextureFromResourceExA
D3DXCreateVolumeTextureFromResourceExW
D3DXCreateVolumeTextureFromResourceW
D3DXDebugMute
D3DXDeclaratorFromFVF
D3DXDisassembleEffect
D3DXDisassembleShader
D3DXFVFFromDeclarator
D3DXFileCreate
D3DXFillCubeTexture
D3DXFillCubeTextureTX
D3DXFillTexture
D3DXFillTextureTX
D3DXFillVolumeTexture
D3DXFillVolumeTextureTX
D3DXFilterTexture
D3DXFindShaderComment
D3DXFloat16To32Array
D3DXFloat32To16Array
D3DXFrameAppendChild
D3DXFrameCalculateBoundingSphere
D3DXFrameDestroy
D3DXFrameFind
D3DXFrameNumNamedMatrices
D3DXFrameRegisterNamedMatrices
D3DXFresnelTerm
D3DXGatherFragments
D3DXGatherFragmentsFromFileA
D3DXGatherFragmentsFromFileW
D3DXGatherFragmentsFromResourceA
D3DXGatherFragmentsFromResourceW
D3DXGenerateOutputDecl
D3DXGeneratePMesh
D3DXGetDeclLength
D3DXGetDeclVertexSize
D3DXGetDriverLevel
D3DXGetFVFVertexSize
D3DXGetImageInfoFromFileA
D3DXGetImageInfoFromFileInMemory
D3DXGetImageInfoFromFileW
D3DXGetImageInfoFromResourceA
D3DXGetImageInfoFromResourceW
D3DXGetPixelShaderProfile
D3DXGetShaderConstantTable
D3DXGetShaderInputSemantics
D3DXGetShaderOutputSemantics
D3DXGetShaderSamplers
D3DXGetShaderSize
D3DXGetShaderVersion
D3DXGetVertexShaderProfile
D3DXIntersect
D3DXIntersectSubset
D3DXIntersectTri
D3DXLoadMeshFromXA
D3DXLoadMeshFromXInMemory
D3DXLoadMeshFromXResource
D3DXLoadMeshFromXW
D3DXLoadMeshFromXof
D3DXLoadMeshHierarchyFromXA
D3DXLoadMeshHierarchyFromXInMemory
D3DXLoadMeshHierarchyFromXW
D3DXLoadPRTBufferFromFileA
D3DXLoadPRTBufferFromFileW
D3DXLoadPRTCompBufferFromFileA
D3DXLoadPRTCompBufferFromFileW
D3DXLoadPatchMeshFromXof
D3DXLoadSkinMeshFromXof
D3DXLoadSurfaceFromFileA
D3DXLoadSurfaceFromFileInMemory
D3DXLoadSurfaceFromFileW
D3DXLoadSurfaceFromMemory
D3DXLoadSurfaceFromResourceA
D3DXLoadSurfaceFromResourceW
D3DXLoadSurfaceFromSurface
D3DXLoadVolumeFromFileA
D3DXLoadVolumeFromFileInMemory
D3DXLoadVolumeFromFileW
D3DXLoadVolumeFromMemory
D3DXLoadVolumeFromResourceA
D3DXLoadVolumeFromResourceW
D3DXLoadVolumeFromVolume
D3DXMatrixAffineTransformation
D3DXMatrixAffineTransformation2D
D3DXMatrixDecompose
D3DXMatrixDeterminant
D3DXMatrixInverse
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixMultiply
D3DXMatrixMultiplyTranspose
D3DXMatrixOrthoLH
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXMatrixOrthoRH
D3DXMatrixPerspectiveFovLH
D3DXMatrixPerspectiveFovRH
D3DXMatrixPerspectiveLH
D3DXMatrixPerspectiveOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXMatrixPerspectiveRH
D3DXMatrixReflect
D3DXMatrixRotationAxis
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixScaling
D3DXMatrixShadow
D3DXMatrixTransformation
D3DXMatrixTransformation2D
D3DXMatrixTranslation
D3DXMatrixTranspose
D3DXOptimizeFaces
D3DXOptimizeVertices
D3DXPlaneFromPointNormal
D3DXPlaneFromPoints
D3DXPlaneIntersectLine
D3DXPlaneNormalize
D3DXPlaneTransform
D3DXPlaneTransformArray
D3DXPreprocessShader
D3DXPreprocessShaderFromFileA
D3DXPreprocessShaderFromFileW
D3DXPreprocessShaderFromResourceA
D3DXPreprocessShaderFromResourceW
D3DXQuaternionBaryCentric
D3DXQuaternionExp
D3DXQuaternionInverse
D3DXQuaternionLn
D3DXQuaternionMultiply
D3DXQuaternionNormalize
D3DXQuaternionRotationAxis
D3DXQuaternionRotationMatrix
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionSlerp
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXQuaternionToAxisAngle
D3DXRectPatchSize
D3DXSHAdd
D3DXSHDot
D3DXSHEvalConeLight
D3DXSHEvalDirection
D3DXSHEvalDirectionalLight
D3DXSHEvalHemisphereLight
D3DXSHEvalSphericalLight
D3DXSHMultiply2
D3DXSHMultiply3
D3DXSHMultiply4
D3DXSHMultiply5
D3DXSHMultiply6
D3DXSHPRTCompSplitMeshSC
D3DXSHPRTCompSuperCluster
D3DXSHProjectCubeMap
D3DXSHRotate
D3DXSHRotateZ
D3DXSHScale
D3DXSaveMeshHierarchyToFileA
D3DXSaveMeshHierarchyToFileW
D3DXSaveMeshToXA
D3DXSaveMeshToXW
D3DXSavePRTBufferToFileA
D3DXSavePRTBufferToFileW
D3DXSavePRTCompBufferToFileA
D3DXSavePRTCompBufferToFileW
D3DXSaveSurfaceToFileA
D3DXSaveSurfaceToFileInMemory
D3DXSaveSurfaceToFileW
D3DXSaveTextureToFileA
D3DXSaveTextureToFileInMemory
D3DXSaveTextureToFileW
D3DXSaveVolumeToFileA
D3DXSaveVolumeToFileInMemory
D3DXSaveVolumeToFileW
D3DXSimplifyMesh
D3DXSphereBoundProbe
D3DXSplitMesh
D3DXTessellateNPatches
D3DXTessellateRectPatch
D3DXTessellateTriPatch
D3DXTriPatchSize
D3DXUVAtlasCreate
D3DXUVAtlasPack
D3DXUVAtlasPartition
D3DXValidMesh
D3DXValidPatchMesh
D3DXVec2BaryCentric
D3DXVec2CatmullRom
D3DXVec2Hermite
D3DXVec2Normalize
D3DXVec2Transform
D3DXVec2TransformArray
D3DXVec2TransformCoord
D3DXVec2TransformCoordArray
D3DXVec2TransformNormal
D3DXVec2TransformNormalArray
D3DXVec3BaryCentric
D3DXVec3CatmullRom
D3DXVec3Hermite
D3DXVec3Normalize
D3DXVec3Project
D3DXVec3ProjectArray
D3DXVec3Transform
D3DXVec3TransformArray
D3DXVec3TransformCoord
D3DXVec3TransformCoordArray
D3DXVec3TransformNormal
D3DXVec3TransformNormalArray
D3DXVec3Unproject
D3DXVec3UnprojectArray
D3DXVec4BaryCentric
D3DXVec4CatmullRom
D3DXVec4Cross
D3DXVec4Hermite
D3DXVec4Normalize
D3DXVec4Transform
D3DXVec4TransformArray
D3DXWeldVertices

Sections

.text
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_4e143144898e645ebb4a45d8549c6bf1.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_4e809dcfad795aa1376718dd6b0c7883.vir
.dll windows:6 windows x86 arch:x86

6cbaa5599dec7a7103a33c80f4f59055

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DCompile
D3DDisassemble

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
SetEvent
CreateEventExW
AcquireSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler

api-ms-win-core-handle-l1-1-0

CloseHandle

msvcp140_app

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in_avail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JXZ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Cnd_unregister_at_thread_exit
_Cnd_wait
_Cnd_register_at_thread_exit
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
_Cnd_timedwait
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCopy@@YAXPAXPBX@Z
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
?_Throw_C_error@std@@YAXH@Z
_Thrd_detach
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Raise_handler@std@@3P6AXABVexception@stdext@@@ZA
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
_Thrd_hardware_concurrency
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AAE@XZ
_Mtx_current_owns
_Cnd_init_in_situ
?__ExceptionPtrCreate@@YAXPAX@Z

vcruntime140_app

__CxxFrameHandler3
__std_terminate
memchr
memcpy
__std_exception_destroy
memmove
memset
__std_exception_copy
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__current_exception_context
_purecall
__current_exception
strstr

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-heap-l1-1-0

malloc
realloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_cexit
_beginthreadex
_crt_atexit
terminate
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_register_onexit_function
_invoke_watson
abort
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
exit
_errno

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fflush
__stdio_common_vsprintf
fgetc
fputc
__acrt_iob_func
_get_stream_buffer_pointers
__stdio_common_vfprintf
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fclose

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-convert-l1-1-0

strtoul
mbsrtowcs
wcstombs
atoi

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

strncpy
tolower
strncmp
isdigit

api-ms-win-crt-math-l1-1-0

roundf
_CIatan2
_CIcosh
_CIsinh
_CItanh
_libm_sse2_acos_precise
_libm_sse2_asin_precise
round
log2
_libm_sse2_atan_precise
modf
lroundf
asinhf
atanhf
acoshf
truncf
_fdsign
exp2f
_libm_sse2_cos_precise
_libm_sse2_exp_precise
_libm_sse2_log10_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
ceil
floor
_libm_sse2_log_precise

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

??0PlatformMethods@angle@@QAE@XZ
??4PlatformMethods@angle@@QAEAAU01@$$QAU01@@Z
??4PlatformMethods@angle@@QAEAAU01@ABU01@@Z
ADDON_Create
ADDON_GetTypeMinVersion
ADDON_GetTypeVersion
_ANGLEGetDisplayPlatform@20
_ANGLEResetDisplayPlatform@4

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 591KB - Virtual size: 590KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_4e96f17d923a201fc12bd990be583ae5.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_4f396704e3baf930dcf58795905ee744.vir
.exe windows:4 windows x86 arch:x86

2b1c6861dd48ccf3ca6a105c9a7ecf58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
ord518
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarIndexLoadRefLock
__vbaBoolStr
__vbaVarForInit
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord631
ord525
__vbaVargVarMove
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
ord616
__vbaVarCopy
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_50cf2ed9c00d0710cdbd58839c9dd584.vir
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_50f08bf3fb36383580bfabe0fc808873.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_50fad9b4a1b6a33bc0919e08e03bfe71.vir
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_Java_oracle_forms_webutil_cApi_CFunc_callCPtr@12
_Java_oracle_forms_webutil_cApi_CFunc_callDouble@12
_Java_oracle_forms_webutil_cApi_CFunc_callFloat@12
_Java_oracle_forms_webutil_cApi_CFunc_callInt@12
_Java_oracle_forms_webutil_cApi_CFunc_callVoid@12
_Java_oracle_forms_webutil_cApi_CFunc_find@16
_Java_oracle_forms_webutil_cApi_CMalloc_free@16
_Java_oracle_forms_webutil_cApi_CMalloc_malloc@12
_Java_oracle_forms_webutil_cApi_CPtr_copyIn__I_3BII@24
_Java_oracle_forms_webutil_cApi_CPtr_copyIn__I_3CII@24
_Java_oracle_forms_webutil_cApi_CPtr_copyIn__I_3DII@24
_Java_oracle_forms_webutil_cApi_CPtr_copyIn__I_3FII@24
_Java_oracle_forms_webutil_cApi_CPtr_copyIn__I_3III@24
_Java_oracle_forms_webutil_cApi_CPtr_copyIn__I_3JII@24
_Java_oracle_forms_webutil_cApi_CPtr_copyIn__I_3SII@24
_Java_oracle_forms_webutil_cApi_CPtr_copyOut__I_3BII@24
_Java_oracle_forms_webutil_cApi_CPtr_copyOut__I_3CII@24
_Java_oracle_forms_webutil_cApi_CPtr_copyOut__I_3DII@24
_Java_oracle_forms_webutil_cApi_CPtr_copyOut__I_3FII@24
_Java_oracle_forms_webutil_cApi_CPtr_copyOut__I_3III@24
_Java_oracle_forms_webutil_cApi_CPtr_copyOut__I_3JII@24
_Java_oracle_forms_webutil_cApi_CPtr_copyOut__I_3SII@24
_Java_oracle_forms_webutil_cApi_CPtr_getByte@12
_Java_oracle_forms_webutil_cApi_CPtr_getCPtr@12
_Java_oracle_forms_webutil_cApi_CPtr_getDouble@12
_Java_oracle_forms_webutil_cApi_CPtr_getFloat@12
_Java_oracle_forms_webutil_cApi_CPtr_getInt@12
_Java_oracle_forms_webutil_cApi_CPtr_getLong@12
_Java_oracle_forms_webutil_cApi_CPtr_getShort@12
_Java_oracle_forms_webutil_cApi_CPtr_getString@12
_Java_oracle_forms_webutil_cApi_CPtr_initIDs@12
_Java_oracle_forms_webutil_cApi_CPtr_setByte@16
_Java_oracle_forms_webutil_cApi_CPtr_setCPtr@16
_Java_oracle_forms_webutil_cApi_CPtr_setDouble@20
_Java_oracle_forms_webutil_cApi_CPtr_setFloat@16
_Java_oracle_forms_webutil_cApi_CPtr_setInt@16
_Java_oracle_forms_webutil_cApi_CPtr_setLong@20
_Java_oracle_forms_webutil_cApi_CPtr_setShort@16
_Java_oracle_forms_webutil_cApi_CPtr_setString@16

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_5246f964c2f4357c4214d2d0e30446cf.vir
.exe windows:5 windows x86 arch:x86

514383cb1bf5d51a698688e6e0449940

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

attrib.pdb

Imports

ulib

?Get_Standard_Output_Stream@@YGPAVSTREAM@@XZ
??0DSTRING@@QAE@XZ
??0PATH@@QAE@XZ
??0STRING_ARGUMENT@@QAE@XZ
??0ARRAY@@QAE@XZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ
?QueryFsnodeArray@FSN_DIRECTORY@@QBEPAVARRAY@@PAVFSN_FILTER@@@Z
??1PROGRAM@@UAE@XZ
??1PATH_ARGUMENT@@UAE@XZ
??1FSN_FILTER@@UAE@XZ
??1STREAM_MESSAGE@@UAE@XZ
?ValidateVersion@PROGRAM@@UBEXKK@Z
?Usage@PROGRAM@@UBEXXZ
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
?Get_Standard_Input_Stream@@YGPAVSTREAM@@XZ
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
?Fatal@PROGRAM@@UBEXXZ
?Fatal@PROGRAM@@UBAXKKPADZZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
?Compare@OBJECT@@UBEJPBV1@@Z
??0STREAM_MESSAGE@@QAE@XZ
??0FSN_FILTER@@QAE@XZ
??0PATH_ARGUMENT@@QAE@XZ
??0FLAG_ARGUMENT@@QAE@XZ
??0PROGRAM@@IAE@XZ
?Initialize@CLASS_DESCRIPTOR@@QAEEXZ
??0CLASS_DESCRIPTOR@@QAE@XZ
?Initialize@STREAM_MESSAGE@@QAEEPAVSTREAM@@00@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?Initialize@ARRAY@@QAEEKK@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?IsValueSet@ARGUMENT@@QAEEXZ
?Initialize@PATH@@QAEEPBGE@Z
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
?IsDrive@PATH@@QBEEXZ
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Strcat@WSTRING@@QAEEPBV1@@Z
?Initialize@PATH@@QAEEPBV1@E@Z
?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z
?SetFileName@FSN_FILTER@@QAEEPBD@Z
?Initialize@FSN_FILTER@@QAEEXZ
?SetAttributes@FSN_FILTER@@QAEEKKK@Z
?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z
?DeleteAllMembers@ARRAY@@UAEEXZ
??1STRING_ARGUMENT@@UAE@XZ
??1PATH@@UAE@XZ
??1ARRAY@@UAE@XZ
??1ARGUMENT_LEXEMIZER@@UAE@XZ
??1DSTRING@@UAE@XZ
??1OBJECT@@UAE@XZ
?Display@MESSAGE@@QAAEPBDZZ
?Initialize@WSTRING@@QAEEPBDK@Z
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?QueryString@WSTRING@@QBEPAV1@KK@Z

ntdll

wcschr
RtlFreeHeap
RtlAllocateHeap
swprintf

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetFileAttributesW
GetLastError
GetModuleHandleA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_53cf5c0c260465cf811f095f1d5c0b77.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_55da778f36009d3ab5ad372053980063.vir
.exe windows:4 windows x64 arch:x64

015c6cfe615d839fa3dadcd6c55887d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 416B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/68
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_55e31cb578c4152d8b9f4a8fd9d31ab3.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_56c8177c509adf551d978f7d4802626b.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_5758aa33727f30321d766d8b2b77644e.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_579dd453e4e86e94a8fb64d89462a35c.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_57d2678fc8f616470b50362afad900eb.vir
.exe windows:6 windows x64 arch:x64

1e2f1157724358595d4ba5f4d5e8d784

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:8b:e2:f5:34:52:c8:82:f1:8e:d4:1a:5d:d4:e7:a3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19-08-2021 00:00

Not After

19-08-2023 23:59

Subject

CN=Oracle America\, Inc.,OU=Software Engineering,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:0d:54:c2:ed:e9:d6:93:81:02:8f:84:a9:09:f5:ca:bd:ca:e1:5a:94:05:ad:6c:8a:ba:11:11:82:2b:56:3e
Signer

Actual PE Digest

e2:0d:54:c2:ed:e9:d6:93:81:02:8f:84:a9:09:f5:ca:bd:ca:e1:5a:94:05:ad:6c:8a:ba:11:11:82:2b:56:3e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\jenkins\workspace\8-2-build-windows-amd64-cygwin\jdk8u321-mos\2142\build\windows-amd64\jdk\objs\jabswitch\jabswitch.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

user32

wsprintfW

kernel32

GetProcAddress
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentProcessId
ProcessIdToSessionId
GetVersionExW
GetModuleFileNameW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleW
GetLastError

vcruntime140

_CxxThrowException
__std_exception_destroy
__vcrt_GetModuleFileNameW
__vcrt_LoadLibraryExW
memset
strstr
wcsstr
__C_specific_handler
__C_specific_handler_noexcept
__std_exception_copy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsprintf_s
_set_fmode
__p__commode
fputs
fgets
fclose
fopen_s
__acrt_iob_func
feof

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
perror
terminate
_crt_atexit
_errno
exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
__p___argv
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_c_exit
__p___argc
_cexit

api-ms-win-crt-filesystem-l1-1-0

rename
remove

api-ms-win-crt-string-l1-1-0

strcat_s
strtok_s
_stricmp
strcpy_s
_wcslwr_s
wcscpy_s
wcslen
wcstok_s
wcscat_s

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
_callnewh
malloc

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_57f6ca2a69d5893105f28204f0f881d2.vir
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 806KB - Virtual size: 806KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_58580dce6993598e18142b5c37e1a1d4.vir
.exe windows:5 windows x86 arch:x86

f0d4d888365525da27840d92b16e9939

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_acmdln
__set_app_type
_controlfp
_except_handler3
exit
_XcptFilter
_cexit
_exit
__p__fmode
_c_exit

kernel32

GetModuleHandleA
GetStartupInfoA

hypertrm

MessageLoop
InitInstance

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_58cd6dd54b25350b5cebc4647e4e0237.vir
.exe windows:5 windows x86 arch:x86

44da0db04844b8ad84714d28b1110c57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

drwtsn32.pdb

Imports

msvcrt

calloc
strchr
swprintf
free
malloc
wprintf
isprint
sprintf
_snwprintf
_vsnwprintf
wcsncpy
swscanf
_wtoi
wcscmp
_wgetcwd
_wcsicmp
tolower
realloc
_wtol
_wsplitpath
_wmakepath
_c_exit
_exit
_XcptFilter
_cexit
exit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
wcscat
isdigit
wcscpy
wcslen

advapi32

RegOpenKeyExA
RegQueryValueExA
IsTextUnicode
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ReadEventLogW
OpenEventLogW
ClearEventLogW
CloseEventLog
GetUserNameW

kernel32

SetFilePointer
ReadFile
ReleaseSemaphore
WriteFile
GetModuleFileNameW
CreateDirectoryW
GetLastError
LocalFree
SetErrorMode
SetEvent
GetLocalTime
GetDateFormatW
OpenProcess
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
CreateThread
DeleteFileW
GetFileAttributesW
LoadResource
FindResourceExW
ExpandEnvironmentStringsW
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryA
GetModuleHandleA
CreateSemaphoreW
OpenSemaphoreW
TerminateThread
TerminateProcess
GetCommandLineW
DelayLoadFailureHook
GetModuleHandleW
FormatMessageW
ExitProcess
GetComputerNameW
GetVersion
GetSystemInfo
ProcessIdToSessionId
CloseHandle
WaitForSingleObject
Sleep

gdi32

SelectObject
GetTextMetricsW
GetTextExtentPointW
GetStockObject

user32

CallWindowProcW
GetCursorPos
ScreenToClient
ChildWindowFromPoint
GetDlgCtrlID
WinHelpW
IsDlgButtonChecked
SendDlgItemMessageW
SetDlgItemTextA
GetDlgItemTextW
GetSystemMenu
AppendMenuW
GetDC
ReleaseDC
LoadIconW
LoadCursorW
RegisterClassW
CreateDialogParamW
MessageBeep
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DialogBoxParamW
GetDlgItem
ShowWindow
EnableWindow
DefDlgProcW
KillTimer
PostQuitMessage
DefWindowProcW
SetTimer
EndDialog
SetDlgItemTextW
MessageBoxW
EnumChildWindows
SetWindowLongW
GetWindowLongW
UpdateWindow
SendMessageW
PostMessageW
SetForegroundWindow
GetParent
SetFocus

dbgeng

DebugCreate

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_58f8bfc54f0a5902c0477f3c7d7b4390.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_598050317d5359a3537221a0e287bf63.vir
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_5a569cdf156e5d9365111cbd268a602d.vir
.exe windows:5 windows x86 arch:x86

ae9f6a32bb8b03dce37903edbc855ba1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileTime
CloseHandle
CreateFileW
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
MoveFileW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
WaitForSingleObject
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwind
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_5a763f68e4e0f6d32d30133d19c3682f.vir
.dll windows:10 windows x86 arch:x86

69069c168a105792f8d5d99ad398a87d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

zipfldr.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
strncmp
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__mktime32
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_abort
_o_calloc
_o_free
_o_iswspace
_o_malloc
_o_qsort
__CxxFrameHandler3
_except_handler4_common
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
wcsrchr
wcsstr
__std_terminate
wcschr
_o__access
_o___stdio_common_vswscanf
_o__ismbstrail
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__localtime32
_o__invalid_parameter_noinfo_noreturn
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o___std_exception_copy
_o__gmtime32
_o__getdrive
_CxxThrowException
memcmp
memcpy

propsys

VariantToStringArrayAlloc
VariantToBuffer
PSCreateSimplePropertyChange
VariantToPropVariant
PSFormatForDisplay
PropVariantToVariant
VariantCompare
PropVariantGetElementCount
PSCreatePropertyChangeArray
InitVariantFromFileTime
InitVariantFromBuffer

shell32

ord239
SHChangeNotifySuspendResume
ord28
SHChangeNotify
SHGetFileInfoW
SHGetIDListFromObject
SHBindToObject
ord165
SHGetNameFromIDList
SHGetItemFromDataObject
SHCreateShellItemArrayFromDataObject
ord16
SHFileOperationW
SHCreateItemFromParsingName
DragQueryFileW
SHParseDisplayName
ord155
SHCreateItemFromIDList
ord18
ord190
ord760
ord714
SHGetFolderPathEx
ShellExecuteW
SHCreateItemWithParent
ord152
ord25
SHCreateDataObject
ord67
ShellExecuteExW
ord73
ExtractIconExW
SHGetStockIconInfo
SHGetSpecialFolderPathW
ord75
ord21
SHBindToParent
SHGetPathFromIDListW
ord19
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
ord256
AssocCreateForClasses
ord743
SHAddToRecentDocs
ord744
ord781
SHGetSpecialFolderLocation
ord853
ord17

shlwapi

PathCanonicalizeW
ord456
StrDupW
PathIsPrefixW
StrCmpW
ord476
StrChrW
ord619
ord485
PathCompactPathW
ord346
PathRemoveExtensionW
ord540
SHCreateStreamOnFileW
ord176
PathRemoveBlanksW
ord517
PathIsDirectoryW
PathIsRelativeW
StrTrimW
ord516
SHAutoComplete
PathAddBackslashW
PathRemoveBackslashW
ord186
ord174
StrCmpNIW
ord199
ord218
ord172
ord446
PathFileExistsW
PathStripPathW
ord16
PathRemoveFileSpecW
PathSkipRootW
PathStripToRootW
PathCombineW
ord219
PathFindFileNameW
PathIsUNCW
ord157
ord158
ord215
ord217
ord354
StrFormatKBSizeW
ord388
PathAppendW
PathGetDriveNumberW
PathFindExtensionW
StrRetToBufW
SHStrDupW
StrCmpIW
ord231
ord216
PathMatchSpecExA
PathIsSameRootW
PathFindExtensionA

archiveint

_archive_read_new@0
_archive_entry_size@4
_archive_entry_mtime@4
_archive_entry_mtime_nsec@4
_archive_format@4
_archive_entry_filetype@4
_archive_entry_symlink_type@4
_archive_read_support_format_all@4
_archive_read_data_block@16
_archive_entry_fflags@12
_archive_entry_mode@4
_archive_entry_birthtime@4
_archive_entry_birthtime_nsec@4
_archive_entry_birthtime_is_set@4
_archive_entry_atime@4
_archive_entry_atime_nsec@4
_archive_entry_atime_is_set@4
_archive_entry_mtime_is_set@4
_archive_read_free@4
_archive_read_has_encrypted_entries@4
_archive_read_next_header@8
_archive_errno@4
_archive_read_open_filename_w@12
_archive_read_set_format_option@16
_archive_read_support_filter_all@4
_archive_read_support_format_raw@4
_archive_entry_symlink_w@4
_archive_entry_hardlink_w@4
_archive_entry_pathname_w@4

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FindStringOrdinal
LoadLibraryExW
LoadStringW
DisableThreadLibraryCalls
GetProcAddress
FindResourceExW
LockResource
LoadResource
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateMutexExW
CreateEventExW
AcquireSRWLockExclusive
ReleaseSRWLockShared
OpenSemaphoreW
ReleaseSRWLockExclusive
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReleaseMutex
InitializeCriticalSection
WaitForSingleObject
ResetEvent
ReleaseSemaphore
CreateEventW
DeleteCriticalSection
CreateSemaphoreExW
WaitForSingleObjectEx
InitializeCriticalSectionEx
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetProcessId
TlsFree

api-ms-win-core-localization-l1-2-0

FormatMessageW
IsDBCSLeadByte

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoCreateInstance
PropVariantClear
CoGetCallContext
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathCchCanonicalizeEx
PathCchAppend
PathCchCombine
PathCchRemoveFileSpec
PathAllocCombine

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-file-l1-1-0

GetDriveTypeA
GetFileAttributesExW
DeleteFileW
RemoveDirectoryW
CreateFileA
FileTimeToLocalFileTime
FindNextFileA
GetVolumeInformationW
SetFileAttributesW
FindFirstFileW
GetFileInformationByHandle
CreateFileW
ReadFile
SetFilePointer
GetDiskFreeSpaceExW
SetFileTime
GetFileSizeEx
WriteFile
FindClose
FindFirstFileA
FindNextFileW
CreateDirectoryW
GetFileTime
CompareFileTime
SetFileInformationByHandle
GetFullPathNameW
GetFileAttributesExA
GetDriveTypeW
LocalFileTimeToFileTime
GetFileAttributesW

api-ms-win-core-string-l2-1-0

CharUpperW
CharUpperBuffW
CharLowerW
CharNextW

api-ms-win-security-credentials-l1-1-0

CredFree
CredReadW
CredWriteW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree
GlobalFree
LocalAlloc

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
SetCurrentDirectoryW

oleaut32

SysAllocString
SetErrorInfo
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SafeArrayDestroy
VariantInit
SysFreeString
VariantClear

api-ms-win-core-file-l2-1-0

CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
ReplaceFileW

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegGetValueA

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

gdi32

GetStockObject

kernel32

DeactivateActCtx
ActivateActCtx
lstrcmpiA
ReleaseActCtx
FileTimeToDosDateTime
lstrlenA
GlobalReAlloc
GlobalHandle
lstrcmpA
DosDateTimeToFileTime
lstrlenW
lstrcmpW
GlobalLock
GlobalSize
GlobalUnlock
lstrcmpiW
CreateActCtxW

ntdll

RtlIsPartialPlaceholder
WinSqmAddToStream
RtlGetLastNtStatus

ole32

CreateBindCtx
CoAllowSetForegroundWindow
OleSetClipboard
OleGetClipboard
ReleaseStgMedium

user32

CreateWindowExW
CharUpperBuffA
CharPrevA
CharToOemBuffA
CharLowerA
CharNextA
DispatchMessageA
PeekMessageA
GetWindowTextLengthW
GetDesktopWindow
DialogBoxParamW
RemoveMenu
GetSubMenu
LoadMenuW
DestroyWindow
TrackPopupMenu
GetForegroundWindow
RegisterClassW
DefWindowProcW
GetAsyncKeyState
SetForegroundWindow
GetWindowRect
GetDlgItemTextW
CheckDlgButton
SetWindowTextW
SendDlgItemMessageW
DestroyIcon
ShowCursor
LoadCursorW
SetCursor
EndDialog
DeleteMenu
DispatchMessageW
TranslateMessage
PeekMessageW
SetThreadDpiAwarenessContext
SetFocus
IsDlgButtonChecked
GetWindowTextW
SetDlgItemTextW
GetDlgItem
EnableWindow
PostMessageW
InsertMenuW
RegisterClipboardFormatW
CharToOemA
OemToCharBuffA
SetMenuDefaultItem
DestroyMenu
GetParent
SetWindowLongW
SendMessageW
GetWindowLongW

msvcp_win

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
RouteTheCall

Sections

.text
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_5a8ff2c1c33b4eec07dc3034815fcc29.vir
.exe windows:5 windows x64 arch:x64

2c43cda2243b5af72e180e8d1f09446d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\re\jdk7u45\229\build\windows-amd64\tmp\sun\launcher\rmiregistry\obj64\rmiregistry.pdb

Imports

jli

JLI_CmdToArgs
JLI_GetStdArgc
JLI_MemAlloc
JLI_GetStdArgs
JLI_Launch

msvcr100

__getmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
__initenv
_amsg_exit
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
getenv
printf
__argc
__argv
_initterm

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
EncodePointer
Sleep
GetCommandLineA
DecodePointer

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_5adb9430547499adcf47a82bc78110be.vir
.exe windows:4 windows x86 arch:x86

ef9b8e6863d1f74a617655ec935c6c32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
lstrcatA
GetDriveTypeA
SetEnvironmentVariableA
lstrcpyA
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
GlobalHandle
_lwrite
_lcreat
_lopen
_lclose
WinExec
GetEnvironmentVariableA
RemoveDirectoryA
CreateDirectoryA
GetWindowsDirectoryA
GetProcessHeap
ExitProcess
TerminateProcess
SetStdHandle
SetFilePointer
FlushFileBuffers
GetStringTypeA
WriteFile
GetStringTypeW
GetFileType
GetStdHandle
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
SetHandleCount
GlobalLock
GetCurrentProcess
FreeEnvironmentStringsA
UnhandledExceptionFilter
FreeEnvironmentStringsW
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetVersionExA
HeapAlloc
GetCurrentThread
CloseHandle
HeapFree
LoadLibraryA
GetProcAddress
GetCurrentThreadId
FreeLibrary
_lread
_llseek
GlobalUnlock
GlobalFree
GlobalAlloc
HeapDestroy
HeapCreate
GetOEMCP
GetLastError
DeleteFileA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
GetACP
WideCharToMultiByte
VirtualFree
VirtualAlloc
HeapReAlloc
GetCPInfo

user32

ReleaseDC
ExitWindowsEx
MessageBoxA
LoadIconA
RegisterClassA
LoadCursorA
SetWindowPos
UpdateWindow
ShowWindow
wsprintfA
LoadStringA
InvalidateRect
BeginPaint
EndPaint
DefWindowProcA
PostQuitMessage
SendMessageA
GetDC
GetClientRect
CreateWindowExA

gdi32

GetDeviceCaps
GetStockObject
PatBlt
DeleteObject
SelectObject
RealizePalette
CreateSolidBrush
CreatePalette
SelectPalette

advapi32

SetSecurityDescriptorDacl
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
RevertToSelf
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
ImpersonateSelf
OpenThreadToken
MapGenericMask
AccessCheck

Exports

Exports

_MainWndProc@16
_StubFileWrite@12

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_5b26586cdb6d60fb75fdda904c177640.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_5c3d4b02dc8adc6d6d150ce6dcbcb5d8.vir
.dll windows:6 windows x86 arch:x86

9d4590db6646b04b549916869f96346a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcp140_app

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z

vcruntime140_app

__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
strrchr
strchr
__current_exception
__current_exception_context
_CxxThrowException
__std_type_info_destroy_list
_except_handler4_common
memset
memmove
memcpy
memchr

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
free
calloc
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
strtol

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
terminate
_cexit
_crt_atexit
_execute_onexit_table
_errno
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

toupper
strncmp
strncpy
_strdup

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-crt-math-l1-1-0

floor
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_CIfmod
_CItanh
_libm_sse2_log_precise
_libm_sse2_cos_precise
_libm_sse2_pow_precise

Exports

Exports

ADDON_Create
ADDON_GetTypeMinVersion
ADDON_GetTypeVersion

Sections

.text
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 693KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_5e04fd477d71b5e3de01302a322d8a08.vir
.exe windows:5 windows x86 arch:x86

9402b48d966c911f0785b076b349b5ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

ord17

kernel32

DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GlobalAlloc
lstrlenA
GetModuleFileNameA
FindResourceA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoA
GetNumberFormatA
lstrcmpiA
GetProcAddress
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
SetCurrentDirectoryA
Sleep
GetTempPathA
MoveFileExA
UnmapViewOfFile
GetCommandLineA
MapViewOfFile
CreateFileMappingA
GetModuleFileNameW
SetEnvironmentVariableA
OpenFileMappingA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
IsDBCSLeadByte
GetCPInfo
FreeLibrary
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameA
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
SetLastError
GetStdHandle
ReadFile
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileA
SetFileTime
GetCurrentProcess
CloseHandle
GetLastError
DosDateTimeToFileTime

user32

ReleaseDC
GetDC
SendMessageA
wsprintfA
SetDlgItemTextA
EndDialog
DestroyIcon
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
WaitForInputIdle
GetSysColor
PostMessageA
SetMenu
SetFocus
LoadBitmapA
LoadIconA
CharToOemA
OemToCharA
GetClassNameA
CharUpperA
GetWindowRect
GetParent
MapWindowPoints
CreateWindowExA
UpdateWindow
SetWindowTextA
LoadCursorA
RegisterClassExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetClientRect
CopyRect
IsWindow
MessageBoxA
ShowWindow
GetDlgItem
EnableWindow
FindWindowExA
wvsprintfA
CharToOemBuffA
LoadStringA
SetWindowPos
GetWindowTextA
GetWindow
GetSystemMetrics
OemToCharBuffA
DestroyWindow

gdi32

GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteExA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHChangeNotify

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_5e4b27eee034335798079061fb63e37d.vir
.dll windows:4 windows x86 arch:x86

b15f50e3f2711e0feb9b6d0b6f0258b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_5ea941b5fa21b96c70a0eed23622fa6b.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_5eb2a280b19395a701cd925dcde0f7ee.vir
.dll windows:4 windows x64 arch:x64

47b86d785e7a5b4ff58189b09635b02e

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:fd:d8:26:61:a7:0c:76:59:ca:e2:24:bb:57:92:45
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25-05-2021 00:00

Not After

21-08-2024 23:59

Subject

CN=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,O=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:fd:d8:26:61:a7:0c:76:59:ca:e2:24:bb:57:92:45
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25-05-2021 00:00

Not After

21-08-2024 23:59

Subject

CN=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,O=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:21:fb:c0:80:c8:cf:6d:89:17:09:10:7e:6d:14:7b:c1:e3:a1:27:d7:d1:c1:4c:97:fc:26:10:97:b1:30:3c
Signer

Actual PE Digest

9d:21:fb:c0:80:c8:cf:6d:89:17:09:10:7e:6d:14:7b:c1:e3:a1:27:d7:d1:c1:4c:97:fc:26:10:97:b1:30:3c

Digest Algorithm

sha256

PE Digest Matches

true

b1:15:26:40:8e:84:cf:4d:be:6c:db:f7:88:41:ea:b3:76:6f:13:e0
Signer

Actual PE Digest

b1:15:26:40:8e:84:cf:4d:be:6c:db:f7:88:41:ea:b3:76:6f:13:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__iob_func
_amsg_exit
_errno
_initterm
_lock
_onexit
_unlock
_vsnprintf
_wopen
abort
calloc
free
fwrite
malloc
memchr
memcpy
memset
signal
strerror
strlen
strncmp
vfprintf
wcstombs
_write
_read
_open
_lseek
_close

Exports

Exports

adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_5ed6dec336c1b6f0809bf26329e1ecbd.vir
.exe windows:4 windows x86 arch:x86

8a1ebef032b45b56925e4bdcfdc386ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapReAlloc
GetLastError
VirtualAlloc
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetFilePointer
SetStdHandle
FlushFileBuffers
CloseHandle

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_5f56153757e3a5424f9411691c001dae.vir
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

drSendCommand

Sections

CODE
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_5f9e78115632c46f3ce3cabc9c5f819d.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.xjs
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_6101d70315014cb4b72a9f7cc2f64bfa.vir
.dll windows:4 windows x86 arch:x86

b7bbd83e92a8a47c0d35c184f8a24edd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
HeapCreate
HeapDestroy
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
HeapAlloc
WideCharToMultiByte
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
HeapFree
LoadLibraryA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers
GetLocaleInfoA
GetLocaleInfoW
CloseHandle

Exports

Exports

CreateMICodeString
UploadMICode

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_613d9cb0959764db500acbbff0e46172.vir
.exe windows:6 windows x86 arch:x86

83e1606ad80d37730d373033acd45dcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\ClampTower\Bin\FarawayClient.pdb

Imports

dbghelp

StackWalk64
SymGetSymFromAddr64
SymInitialize
SymGetLineFromAddr64
SymGetModuleBase64
SymGetModuleInfo64
SymFunctionTableAccess64
SymCleanup

libegl

ord9
ord25
ord32
ord34
ord7
ord6
ord3
ord2
ord23

comctl32

ImageList_Draw
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ord17
ord16
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_Add
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Replace
ImageList_AddMasked
ImageList_Remove
ImageList_GetIcon
ImageList_GetIconSize
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW
UuidFromStringW

kernel32

CreateEventW
GetExitCodeProcess
CreateThread
CreateProcessW
WaitForMultipleObjects
ExpandEnvironmentStringsW
QueryPerformanceCounter
QueryPerformanceFrequency
GetDriveTypeW
GetLogicalDriveStringsW
RaiseException
FindNextFileW
IsBadReadPtr
IsBadStringPtrA
DeleteFileW
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetFullPathNameA
HeapReAlloc
HeapCompact
SetEvent
PeekNamedPipe
SetNamedPipeHandleState
CreatePipe
VirtualQuery
HeapFree
HeapAlloc
LoadLibraryExW
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetModuleHandleA
LoadLibraryA
OutputDebugStringA
GetModuleFileNameA
FindFirstFileA
CreateProcessA
CreateFileA
DuplicateHandle
WriteFile
ReadFile
SetFileTime
GetTempFileNameW
GetShortPathNameW
GetFileTime
GetFileSize
FindFirstFileW
FindClose
CopyFileW
GetWindowsDirectoryW
GetFileType
GetFileAttributesW
CreateFileW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
SystemTimeToFileTime
UnlockFile
LockFile
GetTickCount
UnlockFileEx
FormatMessageA
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
FlushFileBuffers
LockFileEx
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
GetSystemTimeAsFileTime
GetStdHandle
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentThread
FatalAppExitW
AllocConsole
WriteConsoleA
MulDiv
GetLastError
SetLastError
GetCurrentThreadId
GetCommandLineW
GetVersionExW
ReadConsoleOutputCharacterA
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
FreeConsole
WriteConsoleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
LoadLibraryW
GlobalAlloc
GlobalLock
GlobalUnlock
HeapSize
GetProcessHeap
GlobalSize
GlobalFree
SetErrorMode
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexW
Sleep
ExitProcess
SetThreadPriority
GetFullPathNameW
TerminateThread
GetExitCodeThread
SuspendThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
GetProcAddress
GetProcessAffinityMask
CreateSemaphoreW
SetCurrentDirectoryW
GetUserDefaultLCID
LocalFree
SetThreadLocale
IsValidLocale
GetLocaleInfoW
GetACP
OutputDebugStringW
GetTempPathW
GetCPInfo
IsValidCodePage
GetComputerNameW
GetProfileStringW
FindResourceW
GlobalMemoryStatus
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetModuleFileNameW
OpenProcess
TerminateProcess
GetCurrentProcessId
GetDiskFreeSpaceW
GetEnvironmentVariableW
EnumResourceNamesW
FormatMessageW

user32

DdeFreeStringHandle
DdeQueryStringW
DdeCreateStringHandleW
DdeGetLastError
DdeFreeDataHandle
DdeGetData
DdeCreateDataHandle
DdeClientTransaction
DdeNameService
DdePostAdvise
DdeDisconnect
DdeConnect
DdeUninitialize
DdeInitializeW
WaitForInputIdle
KillTimer
SetTimer
GetWindowThreadProcessId
EnumWindows
ExitWindowsEx
GetDialogBaseUnits
ShowCursor
AdjustWindowRectEx
GetClassInfoW
wsprintfW
IsClipboardFormatAvailable
EmptyClipboard
EnumClipboardFormats
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetClipboardFormatNameW
RegisterClipboardFormatW
FindWindowExW
EnumDisplaySettingsW
ChangeDisplaySettingsW
CheckMenuRadioItem
SetRect
GetSysColorBrush
DrawStateW
CheckMenuItem
DrawEdge
ValidateRgn
ChildWindowFromPoint
OffsetRect
CopyRect
DrawFocusRect
DrawTextW
UnionRect
ValidateRect
PostThreadMessageW
GetMessageW
DrawIconEx
DrawFrameControl
EndPaint
BeginPaint
GetWindowDC
GetClassNameW
MessageBeep
GetWindowTextW
CreateIconIndirect
DestroyCursor
LoadCursorFromFileW
GetIconInfo
LoadImageW
LoadIconW
LoadBitmapW
SetMenuItemInfoW
InsertMenuItemW
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetSubMenu
CreatePopupMenu
CreateMenu
GetMenuState
DestroyIcon
GetDoubleClickTime
TranslateAcceleratorW
DestroyAcceleratorTable
CreateAcceleratorTableW
LoadAcceleratorsW
ShowCaret
HideCaret
GetWindowTextLengthW
keybd_event
LoadCursorW
MsgWaitForMultipleObjects
MessageBoxW
GetDesktopWindow
SetForegroundWindow
EnableMenuItem
GetSystemMenu
DrawMenuBar
CreateDialogIndirectParamW
IsZoomed
BringWindowToTop
IsIconic
GetWindowPlacement
FlashWindow
UnregisterClassW
RegisterClassW
SetWindowRgn
GetDlgItem
CreateDialogParamW
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
SetParent
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
InflateRect
FillRect
GetSysColor
ChildWindowFromPointEx
PostQuitMessage
MapWindowPoints
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
SetWindowTextW
EnableScrollBar
ScrollWindow
RedrawWindow
InvalidateRect
GetUpdateRgn
ReleaseDC
UpdateWindow
GetMenuItemInfoW
TrackPopupMenu
GetMenuItemCount
GetSystemMetrics
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
GetKeyState
GetFocus
CallWindowProcW
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
MoveWindow
SetWindowPos
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
SetFocus
DestroyMenu
DefWindowProcW
MessageBoxA
DefWindowProcA
WindowFromPoint
GetDC
SendMessageW
PostMessageW
SetMenu
GetWindowRect
TranslateMessage
DispatchMessageW
PeekMessageW
RegisterHotKey
UnregisterHotKey
GetMessagePos
GetMessageTime
SendMessageA
LoadCursorA
SetWindowLongA
GetWindowLongA
CreateWindowExA
RegisterClassA
GetActiveWindow

gdi32

StretchBlt
DeleteDC
CreateCompatibleDC
ExtCreatePen
DeleteObject
CreatePen
GetObjectW
GetStockObject
SetTextColor
SetBkMode
SetBkColor
OffsetRgn
GetRegionData
ExtCreateRegion
GdiFlush
SetBrushOrgEx
GetTextMetricsW
SelectPalette
SelectObject
RealizePalette
ExcludeClipRect
CreateRectRgn
ExtFloodFill
GetBkColor
GetClipBox
GetPixel
MaskBlt
Pie
GetDeviceCaps
Rectangle
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetMapMode
SetPixel
SetPolyFillMode
StretchDIBits
SetROP2
SetStretchBltMode
ExtTextOutW
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
CreateBitmap
CreateRectRgnIndirect
GetCharABCWidthsW
GetTextExtentExPointW
CreateICW
SetTextAlign
CreateDIBitmap
GetDIBits
CreateDIBSection
GetDIBColorTable
CreateBitmapIndirect
EnumFontFamiliesExW
SetAbortProc
CreateDCW
StartDocW
EndDoc
StartPage
EndPage
GetMetaFileBitsEx
SetMetaFileBitsEx
CloseEnhMetaFile
CopyEnhMetaFileW
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader
GetWinMetaFileBits
PlayEnhMetaFile
SetWinMetaFileBits
GetSystemPaletteEntries
LineTo
MoveToEx
CreateFontIndirectW
GetOutlineTextMetricsW
CombineRgn
GetRgnBox
EqualRgn
PtInRegion
RectInRegion
CreatePolygonRgn
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetTextExtentPoint32W
CreateHatchBrush
CreatePatternBrush
Ellipse
CreateSolidBrush
Arc
BitBlt
CreateCompatibleBitmap
PolyPolygon
AddFontResourceW
CreateFontIndirectA
RemoveFontResourceW
GetObjectA

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

comdlg32

PageSetupDlgW
GetOpenFileNameW
PrintDlgW
CommDlgExtendedError
ChooseFontW
GetSaveFileNameW

ole32

CoTaskMemAlloc
CoCreateInstance
OleUninitialize
OleInitialize
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
ReleaseStgMedium
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
VarBstrFromCy
VariantInit
SafeArrayGetVartype
SafeArrayDestroy
SafeArrayCreate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysFreeString
SysReAllocString
SysAllocString

msvcp120d

?_Debug_message@std@@YAXPB_W0I@Z
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0id@locale@std@@QAE@I@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?setf@ios_base@std@@QAEHHH@Z
?precision@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?flags@ios_base@std@@QBEHXZ

msvcr120d

_wgetcwd
_wmkdir
_wrmdir
_wrename
_wremove
wcscat
_fileno
_get_osfhandle
_getcwd
_wchmod
?_wopen@@YAHPB_WHH@Z
_fdopen
_open_osfhandle
feof
_waccess
_close
_commit
_eof
_read
_write
_lseeki64
_telli64
bsearch
fputwc
fputws
_putws
_vswprintf_p
_vswprintf
_wperror
wcsspn
strpbrk
strspn
mbstowcs
wcstombs
fgets
_create_locale
_free_locale
strtod
strtol
strtoul
_ctime64
_wenviron
frexp
ldexp
_HUGE
strerror
fopen
remove
pow
modf
fseek
ftell
_wassert
sprintf_s
raise
isxdigit
_ftelli64
_fseeki64
fread
ferror
strcspn
strncat
strcoll
iswctype
freopen
ungetc
vsprintf
clearerr
_wfopen
fwprintf
setlocale
fprintf
??3@YAXPAXHPBDH@Z
??_U@YAPAXIHPBDH@Z
??2@YAPAXIHPBDH@Z
_CrtSetDbgFlag
wcsncat
_wputenv
_wgetenv
getenv
isalnum
isdigit
isalpha
atof
_wtol
_mktime64
_localtime64
_gmtime64
_difftime64
_tzset
_get_timezone
_endthreadex
_beginthreadex
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
qsort
_wcsicmp
wcsstr
iscntrl
isprint
fputs
isupper
islower
ispunct
memchr
fscanf
setvbuf
tmpfile
system
clock
strftime
rename
tmpnam
rand
srand
acos
asin
atan
cosh
exp
fmod
log
log10
sinh
tan
tanh
strrchr
rewind
_wfopen_s
_wstat64
strcat_s
_stricmp
_strnicmp
sscanf_s
_vsnprintf_s
__RTDynamicCast
roundf
printf
vfprintf
_lock
_unlock
_calloc_dbg
__dllonexit
_onexit
_CRT_RTC_INITW
??1type_info@@UAE@XZ
_except1
?terminate@@YAXXZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
_CrtSetCheckCount
_exit
_cexit
_ismbblead
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_acmdln
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
wcscpy_s
_wmakepath_s
_wsplitpath_s
_strlwr
_localtime64_s
_msize
getc
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_hypot
memcpy
memset
strcmp
strlen
memmove
_CxxThrowException
__CxxFrameHandler3
floor
__RTtypeid
memcmp
strcpy_s
strncpy_s
wcslen
free
_aligned_free
_aligned_malloc
_aligned_realloc
fclose
fflush
fopen_s
fwrite
vsprintf_s
??_V@YAXPAX@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
_time64
_invalid_parameter
swscanf
malloc
sscanf
_CrtDbgReportW
calloc
realloc
towupper
wcschr
wcsncpy
toupper
_wcsdup
__iob_func
strncmp
exit
wcscpy
_wtoi
strncpy
abs
cos
sin
sqrt
fabs
__RTCastToVoid
wcsftime
iswprint
towlower
ceil
wcscmp
strcpy
strcat
strstr
sprintf
atan2
isspace
tolower
_strdup
strchr
iswalpha
iswdigit
iswalnum
longjmp
__CxxLongjmpUnwind
_setjmp3
abort
_errno
iswspace
wcstod
_wcstod_l
wcstol
_wcstol_l
wcstoul
_wcstoul_l
_wcstoi64
_wcstoui64
wcspbrk
strnlen

advapi32

RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHFileOperationW
ExtractIconExW
ExtractIconW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW

winmm

mciSendCommandA
timeGetTime

libglesv2

ord54
ord31
ord7
ord1
ord141
ord42
ord4
ord131
ord125
ord90
ord77
ord65
ord34
ord32
ord106
ord2
ord142
ord104
ord100
ord97
ord61
ord44
ord43
ord39
ord19
ord17
ord16
ord12
ord11
ord109
ord3
ord21
ord27
ord68
ord69
ord114
ord26
ord99

Sections

.textbss
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_614540209fb04457b782d1bcd4f8f37b.vir
.exe windows:4 windows x64 arch:x64

79cbfbb91c31716315225945d0789058

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_getch
_initterm
_lock
_onexit
_unlock
abort
calloc
exit
fprintf
free
fwrite
gets
malloc
memcpy
printf
putchar
signal
strlen
strncmp
vfprintf

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_6192b669a189c17bc8e9d7ef3c7f66c8.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_625a3a67662d7423b6774e976e119b26.vir
.exe windows:4 windows x86 arch:x86

f5fc7df540b5910f4932f60ad5e23ac4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4303
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord4407
ord3567
ord2411
ord2023
ord4218
ord2578
ord6055
ord4078
ord1776
ord4398
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord6740
ord6502
ord807
ord796
ord3350
ord5012
ord567
ord6491
ord554
ord529
ord541
ord366
ord825
ord620
ord602
ord2863
ord6000
ord2117
ord5871
ord2864
ord6565
ord2076
ord6612
ord6146
ord5885
ord4160
ord5882
ord5883
ord4284
ord2453
ord2862
ord2097
ord6625
ord686
ord800
ord6619
ord4457
ord540
ord384
ord5252
ord537
ord860
ord6781
ord6805
ord2884
ord6199
ord3317
ord6784
ord3874
ord4220
ord2584
ord3654
ord2438
ord6270
ord1175
ord1644
ord1146
ord3663
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord4467
ord674
ord801
ord4698
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord535
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord823
ord1134
ord1270
ord1232
ord1199
ord1247
ord1168
ord2725
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord6597
ord6800
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6839
ord6846
ord6816
ord6815
ord6812
ord6845
ord6856
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord6614
ord6691
ord4432
ord6478
ord6514
ord5260
ord1233
ord3495
ord4720
ord6661
ord465
ord3499
ord2515
ord355
ord858
ord941
ord4129
ord5683
ord2614
ord5100
ord3059
ord2390
ord2723
ord4242
ord1842
ord5103
ord5307
ord5302
ord4079
ord2621
ord1576

msvcrt

_setmbcp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
sprintf
_stricmp
__dllonexit
_onexit
_adjust_fdiv
__setusermatherr
_exit
__CxxFrameHandler

kernel32

LoadLibraryA
GetStartupInfoA
GetPrivateProfileStringA
GetModuleHandleA

user32

EnableWindow
SetCursor
LoadCursorA
UpdateWindow
ClientToScreen
SendMessageA
GetWindowRect
GetMenu
GetSubMenu
LoadIconA
DeleteMenu
DefWindowProcA
AppendMenuA
LoadMenuA

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

oleaut32

VariantClear

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 420KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_6334e1bdaeceafae570a54415a0d506a.vir
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_6489c8d4609aaf24fb807cc3539a5d68.vir
.exe windows:6 windows x86 arch:x86

957ad369c10d4e477935f25e8093fc09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\vc2015\LW_room_info\Debug\LW_room_info.pdb

Imports

mfc140ud

ord12887
ord8456
ord4739
ord3089
ord5393
ord14184
ord10763
ord17181
ord13868
ord4477
ord14049
ord10945
ord13645
ord13644
ord6832
ord12115
ord12111
ord12113
ord12114
ord12112
ord17378
ord1610
ord3313
ord3027
ord5156
ord9876
ord12081
ord3899
ord3902
ord16164
ord7549
ord2736
ord9164
ord9006
ord1652
ord1662
ord1176
ord12076
ord6994
ord17154
ord16776
ord3752
ord3751
ord4017
ord4016
ord4759
ord12304
ord13299
ord12901
ord10840
ord1223
ord2928
ord5037
ord11018
ord3312
ord16160
ord7547
ord14092
ord14183
ord14233
ord9885
ord14215
ord7198
ord4493
ord8268
ord1095
ord16367
ord15450
ord7728
ord17261
ord7729
ord17262
ord7727
ord17260
ord9592
ord5906
ord17050
ord13920
ord13921
ord2379
ord9533
ord15117
ord4757
ord4819
ord11212
ord17188
ord9511
ord17182
ord14609
ord14610
ord2887
ord6470
ord10024
ord5352
ord9589
ord5501
ord15030
ord15098
ord12265
ord14223
ord11065
ord1606
ord3024
ord5153
ord10210
ord1225
ord7941
ord493
ord14137
ord11044
ord9016
ord15857
ord8649
ord550
ord3763
ord10126
ord5992
ord5993
ord7426
ord14518
ord2045
ord7224
ord16090
ord16100
ord7229
ord16098
ord7228
ord3088
ord5392
ord13333
ord7251
ord10618
ord11166
ord1266
ord2942
ord5057
ord9875
ord11021
ord13721
ord13716
ord6486
ord14141
ord4483
ord5499
ord14063
ord11046
ord14041
ord13398
ord12231
ord11115
ord5924
ord5918
ord5912
ord5971
ord5955
ord5900
ord5977
ord5932
ord5870
ord5885
ord5946
ord5405
ord7021
ord11511
ord5391
ord3635
ord17183
ord9512
ord17189
ord8290
ord13636
ord16093
ord7225
ord3220
ord14085
ord4596
ord3976
ord3977
ord3856
ord14132
ord1102
ord8273
ord6303
ord6711
ord6991
ord11164
ord6679
ord6306
ord6537
ord6282
ord9264
ord9265
ord9254
ord6535
ord9889
ord11017
ord1517
ord963
ord15341
ord1660
ord16316
ord3857
ord14245
ord14241
ord1978
ord2000
ord2026
ord2012
ord2033
ord5894
ord10108
ord5961
ord2616
ord9165
ord14599
ord1653
ord2804

kernel32

RaiseException
DecodePointer
SetLastError
OutputDebugStringW
HeapDestroy
HeapAlloc
HeapReAlloc
FreeLibrary
VirtualQuery
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
GetLastError

user32

PostQuitMessage
UnregisterClassW
LoadCursorW
PeekMessageW

gdi32

DeleteDC

oleaut32

SysFreeString

gdiplus

GdiplusShutdown

vcruntime140d

__vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
__CxxFrameHandler3
memset
memmove

ucrtbased

free
malloc
_CrtDbgReportW
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_CrtDbgReport
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
terminate
_controlfp_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
_invalid_parameter_noinfo
_errno
_recalloc
__stdio_common_vswprintf_s
__stdio_common_vswprintf
wcslen
wcscpy_s
__stdio_common_vsnwprintf_s

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 409B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_64f12e09a2ab63ebef22d6ab8d84c5fc.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_65040479002bbae643b68872d5ce175c.vir
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_6528bef189a9d5f5fb5896bf92d53f89.vir
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_654e27fb167a7d051a12ba5773ed3bee.vir
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_65cc8fa8c1f7fef91a6774c7e652ac1f.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_66552bd9f8ac18b8a42db7a6ab2bec4c.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_6660e75929307350c4f97e003c1c6385.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\MyBook\Visual C# 2008\Chapter-05\SwitchCaseSample\SwitchCaseSample\obj\Debug\SwitchCaseSample.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_67307fdc227723dbf98a3b5fdfd93dea.vir
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 150KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_674d24a3084bf2de2a2a9e762b870143.vir
.dll windows:6 windows x64 arch:x64

923ab64cad8f6359cf968c626ff11fb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DCompile
D3DDisassemble

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceBeginInitialize
Sleep
SleepConditionVariableSRW
InitOnceComplete

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-synch-l1-1-0

CreateEventExW
SetEvent
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler

api-ms-win-core-handle-l1-1-0

CloseHandle

msvcp140_app

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Query_perf_counter
_Thrd_join
_Mtx_unlock
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
_Thrd_hardware_concurrency
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
_Mtx_current_owns
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Xbad_function_call@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_timedwait
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_register_at_thread_exit
_Cnd_wait
_Xtime_get_ticks
_Cnd_broadcast
_Cnd_destroy_in_situ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?in_avail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JXZ

vcruntime140_1_app

__CxxFrameHandler4

vcruntime140_app

memset
memchr
memcpy
memmove
_purecall
__std_exception_copy
memcmp
__std_type_info_destroy_list
_CxxThrowException
__std_terminate
__current_exception_context
__current_exception
strstr
__C_specific_handler
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

feof
fread
ungetc
__stdio_common_vsprintf
fopen_s
__stdio_common_vfprintf
fgetc
__stdio_common_vsprintf_s
fseek
fwrite
fclose
__acrt_iob_func
ferror

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_errno
exit
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_crt_atexit
_cexit
_initterm
_initterm_e
_invoke_watson
_beginthreadex
abort
_execute_onexit_table

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

strcmp
isdigit
strncpy
strncmp
tolower

api-ms-win-crt-math-l1-1-0

sqrt
sin
floor
atan2f
powf
ceil
roundf
sinf
atanf
log2
cos
round
coshf
modff
lroundf
asinhf
expf
logf
asinf
tanf
sinhf
atanhf
acoshf
floorf
sqrtf
truncf
ceilf
_fdsign
tanhf
cosf
acosf
exp2f
pow

api-ms-win-crt-convert-l1-1-0

mbsrtowcs
wcstombs
atoi
strtoul

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

??0PlatformMethods@angle@@QEAA@XZ
??4PlatformMethods@angle@@QEAAAEAU01@$$QEAU01@@Z
??4PlatformMethods@angle@@QEAAAEAU01@AEBU01@@Z
ADDON_Create
ADDON_GetTypeMinVersion
ADDON_GetTypeVersion
ANGLEGetDisplayPlatform
ANGLEResetDisplayPlatform

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 797KB - Virtual size: 797KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_67b919b73e8cdc77082efc4e44606b44.vir
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_68ba31dd64e0ac0c1d0a647a4b0d1717.vir
.exe windows:5 windows x86 arch:x86

e3133d02d8a01efc3e833630ac0c200c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Shaiya_USA_PX\Client\Game\Bin\ENGLISH\GAME.pdb

Imports

ijl15

ord2
ord3
ord5

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

timeGetTime

ddraw

DirectDrawCreate

kernel32

CompareStringA
GetLocaleInfoA
GetSystemDirectoryA
CreateDirectoryA
SetCurrentDirectoryA
WaitForSingleObjectEx
CreateThread
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
SetLastError
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrcmpA
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
InterlockedCompareExchange
CompareStringW
GetLocaleInfoW
GetProcessHeap
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
HeapCreate
LCMapStringW
LCMapStringA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
InterlockedExchange
GetStdHandle
SetHandleCount
GetFileType
WideCharToMultiByte
lstrcmpiA
GetOEMCP
GetACP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetEnvironmentVariableA
GetConsoleMode
GetConsoleCP
WriteFile
UnhandledExceptionFilter
HeapReAlloc
GetStartupInfoA
VirtualProtect
HeapAlloc
HeapFree
GetDateFormatA
GetTimeFormatA
ExitThread
GetSystemTimeAsFileTime
MoveFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitProcess
RtlUnwind
CreateFileW
CreateFileMappingW
UnmapViewOfFile
SetFilePointer
SetEndOfFile
GetFileSize
ReadFile
GetSystemInfo
VirtualAlloc
VirtualFree
InterlockedDecrement
InterlockedIncrement
lstrlenW
RaiseException
OutputDebugStringA
WaitForSingleObject
CreateEventA
SetEvent
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetTickCount
WritePrivateProfileStringA
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
CreateMutexA
GetLastError
Sleep
OpenProcess
TerminateProcess
DeleteFileA
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
GetFullPathNameA
CreateProcessA
CreateFileA
CloseHandle
lstrcpyA
lstrlenA
GetCurrentDirectoryA
WinExec
GetUserDefaultLangID
GetModuleFileNameW
IsBadWritePtr
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
GetVersion
CopyFileA
IsBadReadPtr
GetCurrentProcessId
SetUnhandledExceptionFilter
GetPrivateProfileIntA
GetCommandLineA
FormatMessageA
LocalFree
GetComputerNameA
GetUserDefaultUILanguage
EnumResourceLanguagesA
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
IsDBCSLeadByteEx
IsDBCSLeadByte
VirtualQuery
GetVersionExA
GlobalMemoryStatus
GetPrivateProfileStringA
GetModuleHandleA
GetFileAttributesA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
IsValidCodePage
FreeLibrary
SetStdHandle

user32

ClientToScreen
MoveWindow
DialogBoxIndirectParamA
SendDlgItemMessageA
ChangeDisplaySettingsA
LoadStringA
EnumDisplayMonitors
GetMonitorInfoA
GetWindowRect
ShowWindow
SetCursor
GetSystemMetrics
SetFocus
GetDlgItem
EndDialog
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
GetMessageA
MessageBoxA
PostMessageA
MessageBoxW
wsprintfA
UnregisterClassA
DispatchMessageA
TranslateMessage
PeekMessageA
DefWindowProcW
DefWindowProcA
PostQuitMessage
GetKeyState
OpenClipboard
GetClipboardData
CloseClipboard
GetKeyboardLayout
ShowCursor
SetCursorPos
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
GetClassInfoExA
IsWindow
GetDesktopWindow
GetFocus
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
FillRect
ReleaseCapture
GetClassNameA
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
UpdateWindow
GetClientRect
GetSysColor
CharNextA
GetWindowLongA
SetWindowLongA
SendMessageA
GetCursorPos
ScreenToClient
SetWindowPos
SetRectEmpty
SetRect
GetAsyncKeyState
PeekMessageW
DispatchMessageW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
FindWindowA
GetWindowThreadProcessId
DestroyWindow

gdi32

SetTextAlign
CreateFontIndirectW
CreateFontIndirectA
GetFontLanguageInfo
GetTextMetricsW
SetBkMode
ExtTextOutA
GetCharacterPlacementA
GetGlyphOutlineA
GetTextMetricsA
GetObjectW
DeleteDC
GetTextExtentPoint32A
SelectObject
GetCharacterPlacementW
ExtTextOutW
GetDeviceGammaRamp
CreateDIBSection
SetMapMode
SetTextColor
SetBkColor
CreateFontA
GetDIBits
MoveToEx
SetDeviceGammaRamp
GetStockObject
GetObjectA
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
DeleteObject
GetDeviceCaps
CreateDCA
CreateCompatibleDC

advapi32

RegSetValueA
RegQueryValueExA
RegOpenKeyA
RegEnumValueA
RegEnumKeyA
GetUserNameA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegDeleteKeyA
RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegDeleteValueA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderPathA

ole32

CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
CoUninitialize
CoInitialize
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
OleInitialize
CoTaskMemAlloc

oleaut32

LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VarUI4FromStr
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysStringLen
SystemTimeToVariantTime

imm32

ImmGetContext
ImmGetCandidateListW
ImmGetCompositionStringW
ImmGetProperty
ImmSetCompositionWindow
ImmAssociateContext
ImmSetConversionStatus
ImmIsIME
ImmGetConversionStatus
ImmGetOpenStatus
ImmReleaseContext
ImmNotifyIME
ImmGetIMEFileNameA

d3d9

Direct3DCreate9

ws2_32

WSAAsyncSelect
connect
setsockopt
inet_addr
htons
WSAStartup
recv
WSAGetLastError
send
closesocket
socket

dinput8

DirectInput8Create

dsound

ord11

comdlg32

GetOpenFileNameA
GetSaveFileNameA

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 27.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Shen
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_68ccabab1dc958986e5f1cbaacd705d9.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_692ffef716b0374a7bdee3e5568f1839.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_69791fa252e6309da5bec780c6d8600a.vir
.exe windows:5 windows x86 arch:x86

ab2499e0e72dfad09db9c131cd20670f

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:d7:1f:dd:49:a3:e4:3d:fc:5d:e6:f5
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

16-02-2023 08:32

Not After

11-04-2026 05:04

Subject

SERIALNUMBER=22178368,CN=MICRO-STAR INTERNATIONAL CO.\, LTD.,O=MICRO-STAR INTERNATIONAL CO.\, LTD.,STREET=No. 69\, Lide St.\, Zhonghe Dist.,L=New Taipei,ST=New Taipei,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f7:06:68:9e:ee:10:b0:49:8f:22:21:bc:c3:8d:19:cb:f6:98:39:fc:3b:b0:bc:89:6a:31:07:c8:07:f8:1a:a7
Signer

Actual PE Digest

f7:06:68:9e:ee:10:b0:49:8f:22:21:bc:c3:8d:19:cb:f6:98:39:fc:3b:b0:bc:89:6a:31:07:c8:07:f8:1a:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
RegisterTypeLib
LoadTypeLib
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
GetUserNameW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
WaitForInputIdle
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongW
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageTimeoutW
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
ReplyMessage
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OffsetRect
OemToCharBuffA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyIcon
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AppendMenuW
CharToOemBuffA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCurrentDirectoryW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcpyW
lstrcmpW
WriteProfileStringW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
TransactNamedPipe
TerminateProcess
SwitchToThread
SizeofResource
SignalObjectAndWait
SetThreadLocale
SetNamedPipeHandleState
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
SetCurrentDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReleaseMutex
ReadFile
QueryPerformanceCounter
OpenProcess
OpenMutexW
MultiByteToWideChar
MulDiv
MoveFileExW
MoveFileW
LockResource
LocalFree
LocalFileTimeToFileTime
LoadResource
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
IsDBCSLeadByte
IsBadWritePtr
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetTickCount
GetThreadLocale
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetShortPathNameW
GetProfileStringW
GetProcAddress
GetPrivateProfileStringW
GetOverlappedResult
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetComputerNameW
GetCommandLineW
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FlushFileBuffers
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
EnumCalendarInfoW
EnterCriticalSection
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreateNamedPipeW
CreateMutexW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CompareFileTime
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetTextAlign
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
RemoveFontResourceW
Rectangle
RectVisible
RealizePalette
Polyline
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LineDDA
IntersectClipRect
GetWindowOrgEx
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
Chord
BitBlt
Arc
AddFontResourceW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetOpenEnumW
WNetGetUniversalNameW
WNetGetConnectionW
WNetEnumResourceW
WNetCloseEnum

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoInitialize
IsEqualGUID
CoDisconnectObject

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

shell32

ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
ExtractIconW
SHGetPathFromIDListW
SHGetMalloc
SHChangeNotify
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_6a445a3fe184dff22112379f8724974c.vir
.exe windows:5 windows x86 arch:x86

b28c641d753fb51b62a00fe6115070ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_controlfp_s
_invoke_watson
strncpy
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
realloc
bsearch
qsort
memset
memcpy
setbuf
getenv
atoi
malloc
free
_snprintf
strncmp
strrchr
fprintf
__iob_func
_crt_debugger_hook
_stricmp
_strdup

kernel32

LocalFree
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapAlloc
IsBadReadPtr
SetLastError
GetProcessHeap
HeapFree
VirtualFree
VirtualProtect
VirtualAlloc
FreeLibrary
GetModuleHandleA
OutputDebugStringA
GetFullPathNameA
LoadLibraryA
GetProcAddress
UnmapViewOfFile
CreateFileA
GetFileSize
CreateFileMappingA
CloseHandle
MapViewOfFile
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetLastError
FormatMessageA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_6a8595aac8a1e6c5aa40706fbd057846.vir
.exe windows:4 windows x86 arch:x86

f1fabbf32406ba9ee16fc4c180b5ae1d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
ord690
__vbaStrI2
__vbaNextEachAry
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
ord587
__vbaCyMul
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
ord588
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaNextEachVar
ord621
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord626
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaResume
__vbaVarCmpNe
__vbaForEachCollAd
__vbaStrCat
__vbaError
__vbaLsetFixstr
ord553
ord660
__vbaBoolErrVar
__vbaRecDestruct
__vbaStrDate
ord661
__vbaSetSystemError
ord662
__vbaLenBstrB
__vbaHresultCheckObj
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaVarTstLe
ord666
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
ord591
__vbaVarIndexLoadRefLock
__vbaLateMemSt
__vbaCyErrVar
__vbaBoolStr
__vbaForEachCollObj
__vbaExitProc
ord300
__vbaI4Abs
ord301
__vbaCyAdd
__vbaStrLike
ord595
__vbaObjSet
__vbaOnError
ord302
_adj_fdiv_m16i
ord303
ord702
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord703
ord598
__vbaVarIndexLoad
ord305
ord704
__vbaFpR4
__vbaCyStr
ord306
ord705
ord520
__vbaBoolVar
ord307
ord308
ord707
ord309
__vbaRefVarAry
__vbaFpR8
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord631
__vbaErase
ord709
ord525
__vbaVargVarMove
__vbaVarZero
__vbaVarCmpGt
ord632
__vbaNextEachCollObj
__vbaChkstk
ord526
__vbaI2Cy
__vbaCyVar
__vbaFileClose
EVENT_SINK_AddRef
ord527
ord528
__vbaGenerateBoundsError
ord529
__vbaExitEachColl
__vbaStrCmp
__vbaCyI2
__vbaAryConstruct2
__vbaVarTstEq
ord560
__vbaDateR8
__vbaCyI4
__vbaPrintObj
__vbaObjVar
__vbaI2I4
ord561
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
ord564
__vbaCySub
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaR8Cy
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
ord601
_CIsqrt
ord310
__vbaVarAnd
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaStr2Vec
__vbaUI1I4
__vbaStrUI1
ord710
__vbaFpCmpCy
__vbaExceptHandler
ord312
ord711
ord313
__vbaPrintFile
__vbaStrToUnicode
ord712
ord606
_adj_fprem
_adj_fdivr_m64
ord714
__vbaVarDiv
ord607
__vbaLateIdStAd
__vbaFailedFriend
__vbaI2Str
ord608
ord715
__vbaVarCmpLe
__vbaFPException
ord717
__vbaStrVarVal
__vbaUbound
__vbaGetOwner3
__vbaVarCat
__vbaCheckType
__vbaDateVar
__vbaI2Var
ord537
ord644
ord645
ord538
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaR8Str
ord648
ord570
__vbaNew2
__vbaCyMulI2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
ord681
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
ord579
__vbaI4Var
__vbaVarCmpEq
__vbaForEachAry
ord689
ord610
__vbaFpCy
__vbaInStrB
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
__vbaFreeVarg
__vbaStrToAnsi
__vbaVarDup
__vbaVerifyVarObj
__vbaFpI2
__vbaCheckTypeVar
__vbaVarTstGe
__vbaUnkVar
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
ord616
__vbaRecDestructAnsi
ord617
__vbaLateMemCallLd
_CIatan
__vbaI2ErrVar
ord540
__vbaAryCopy
__vbaCastObj
__vbaStrMove
ord618
ord541
__vbaI4Cy
__vbaForEachVar
ord619
__vbaStrVarCopy
ord542
ord650
_allmul
__vbaLenVarB
__vbaLateIdSt
ord545
_CItan
__vbaNextEachCollAd
ord546
__vbaFPInt
__vbaUI1Var
__vbaAryUnlock
_CIexp
__vbaStrCy
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_6a86b9d9addf7db6546e13d53c5e144f.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_6a9af68413bcb2507c94b43825e62e13.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_6ac8a17001f592234f2a376c458f9ade.vir
.exe windows:6 windows x86 arch:x86

7c77b89cd344508d2ca812dd1c349c70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

mpr

WNetEnumResourceW
WNetGetUniversalNameW
WNetGetConnectionW
WNetCloseEnum
WNetOpenEnumW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

comctl32

FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_Draw
ImageList_Remove

shell32

SHBrowseForFolderW
ExtractIconW
SHGetMalloc
SHGetFileInfoW
SHChangeNotify
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
GetMessageW
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
ScrollWindowEx
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
OffsetRect
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
GetSystemMenu
WaitForInputIdle
ShowOwnedPopups
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
InflateRect
GetKeyboardLayoutList
OemToCharBuffA
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
SendNotifyMessageW
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ExitWindowsEx
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
CharToOemBuffA
DrawTextW
SetScrollRange
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
SetRectEmpty
UpdateWindow
RemovePropW
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SendMessageTimeoutW
BringWindowToTop
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowPos
SetWindowRgn
GetMenuItemCount
RemoveMenu
AppendMenuW
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
DestroyCursor
ReplyMessage
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
LoadTypeLib
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
RegisterTypeLib
VariantChangeType
VariantCopyInd

advapi32

RegSetValueExW
RegEnumKeyExW
AdjustTokenPrivileges
OpenThreadToken
GetUserNameW
RegDeleteKeyW
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegQueryInfoKeyW
AllocateAndInitializeSid
FreeSid
EqualSid
RegDeleteValueW
RegFlushKey
RegQueryValueExW
RegEnumValueW
GetTokenInformation
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW
SetSecurityDescriptorDacl

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
SetFileTime
GetACP
GetExitCodeProcess
IsBadWritePtr
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
HeapAlloc
ExitProcess
WriteProfileStringW
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
HeapDestroy
CompareFileTime
ReadFile
CreateProcessW
TransactNamedPipe
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
OpenMutexW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
GetSystemTimeAsFileTime
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetLogicalDrives
LocalFileTimeToFileTime
SetNamedPipeHandleState
LoadLibraryExW
TerminateProcess
LockResource
FileTimeToSystemTime
GetShortPathNameW
GetCurrentThreadId
UnhandledExceptionFilter
MoveFileExW
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
FlushFileBuffers
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
DeviceIoControl
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateNamedPipeW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetOverlappedResult
GetSystemDefaultUILanguage
EnumCalendarInfoW
GetProfileStringW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
IsDBCSLeadByte
CreateEventW
GetPrivateProfileStringW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

ole32

StgCreateDocfileOnILockBytes
CoCreateInstance
CLSIDFromString
CoUninitialize
IsEqualGUID
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoDisconnectObject
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Arc
Pie
SetBkMode
SelectPalette
CreateCompatibleBitmap
ExcludeClipRect
RectVisible
SetWindowOrgEx
MaskBlt
AngleArc
Chord
SetTextColor
StretchBlt
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
RemoveFontResourceW
GetWindowOrgEx
CreatePalette
CreateBrushIndirect
PatBlt
LineDDA
PolyBezierTo
GetStockObject
CreateSolidBrush
Polygon
Rectangle
MoveToEx
DeleteDC
SaveDC
BitBlt
Ellipse
FrameRgn
GetDeviceCaps
GetBitmapBits
GetTextExtentPoint32W
GetClipBox
Polyline
IntersectClipRect
GetSystemPaletteEntries
CreateBitmap
AddFontResourceW
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
CreatePenIndirect
SetStretchBltMode
GetDIBits
CreateFontIndirectW
PolyBezier
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
SetBkColor
CreateCompatibleDC
GetObjectW
GetBrushOrgEx
GetCurrentPositionEx
SetROP2
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
ArcTo
GdiFlush
SetPixel
EnumFontFamiliesExW
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 30KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_6acf316276934ab94ef6e7f3772aefb1.vir
.dll windows:4 windows x86 arch:x86

8840456b737f91ac21c4638acaed6e49

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileType
lstrcmpiA
lstrcpynA
lstrcatA
lstrlenA
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
CloseHandle
GetFileInformationByHandle
CreateFileA
SetFilePointer
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
GetTempFileNameA
DeleteFileA
SetEndOfFile
WriteFile
ReadFile
DeleteCriticalSection
InitializeCriticalSection
GetDriveTypeA
GetFileSize
CreateDirectoryA
GetTempPathA
LeaveCriticalSection
GetLastError
EnterCriticalSection
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
RemoveDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetCurrentDirectoryA
CopyFileA
MoveFileA
GetTimeZoneInformation
GetVolumeInformationA
lstrcmpA
GetFullPathNameA
GetVersion
SetLastError
SetFileTime
TlsFree
TlsGetValue
FileTimeToSystemTime
SetEnvironmentVariableA
CompareStringW
LoadLibraryA
GetProcAddress
CompareStringA
lstrcpyA
HeapAlloc
HeapFree
RtlUnwind
InterlockedDecrement
InterlockedIncrement
LocalFileTimeToFileTime
SystemTimeToFileTime
GetCommandLineA
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetStringTypeW
FlushFileBuffers
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetSystemTime
GetLocalTime
GetStringTypeA
SetUnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr

user32

wsprintfA

lz32

LZOpenFileA
LZCopy
GetExpandedNameA
LZClose

Exports

Exports

mcArcCloseArch
mcArcDelete
mcArcExtract
mcArcExtract2File
mcArcFindFirst
mcArcFindNext
mcArcFlushHPQueues
mcArcGetCompStatus
mcArcGetTypeInfo
mcArcGetTypeInfoEx
mcArcIsCompressedFile
mcArcOpenArch
mcArcReplace
mcArcSetWorkSpace
mcArcUseHPQueues

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_6b6772add59b629695889ff3d70f0998.vir
.exe windows:6 windows x86 arch:x86

c1c5a70bd804b110cc575ebd7060870c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:16:70:a1:c7:4e:3e:59:b4:37:90:1c:a7:5c:fa:a8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

25-10-2023 00:00

Not After

24-10-2024 23:59

Subject

SERIALNUMBER=91320506MA7LWP79XC,CN=苏州四次纬网络科技有限公司,O=苏州四次纬网络科技有限公司,ST=江苏省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:16:70:a1:c7:4e:3e:59:b4:37:90:1c:a7:5c:fa:a8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

25-10-2023 00:00

Not After

24-10-2024 23:59

Subject

SERIALNUMBER=91320506MA7LWP79XC,CN=苏州四次纬网络科技有限公司,O=苏州四次纬网络科技有限公司,ST=江苏省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:df:cc:73:16:3f:33:83:41:f3:4f:cd:76:7b:b4:81:43:6b:1e:d4:c7:76:88:40:12:77:51:b7:7e:18:1f:a7
Signer

Actual PE Digest

9c:df:cc:73:16:3f:33:83:41:f3:4f:cd:76:7b:b4:81:43:6b:1e:d4:c7:76:88:40:12:77:51:b7:7e:18:1f:a7

Digest Algorithm

sha256

PE Digest Matches

true

c3:7b:6d:f7:6d:0a:fc:58:92:12:46:24:a9:21:09:52:37:0b:7f:a5
Signer

Actual PE Digest

c3:7b:6d:f7:6d:0a:fc:58:92:12:46:24:a9:21:09:52:37:0b:7f:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetFullPathNameW
SetLastError
FreeResource
MulDiv
GetTickCount
FreeLibrary
LoadLibraryW
GetLocalTime
GetVersionExA
GetModuleHandleA
LoadLibraryA
FormatMessageW
MoveFileExW
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemInfo
FileTimeToLocalFileTime
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventW
CreateSemaphoreW
QueryPerformanceCounter
WaitForMultipleObjects
ReadFile
SetEndOfFile
SetFilePointer
GetCurrentDirectoryW
CreateDirectoryW
GetProcAddress
WaitForSingleObject
GetCurrentProcessId
SetCurrentDirectoryW
GetCurrentThreadId
GetCurrentProcess
OutputDebugStringW
Sleep
CreateFileW
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
WriteFile
CreateFileA
GetVersionExW
DeviceIoControl
WideCharToMultiByte
MultiByteToWideChar
GetTempFileNameW
CopyFileW
GetTempPathW
GetDriveTypeW
lstrcmpW
DeleteFileW
GetFileAttributesW
FindClose
GetModuleFileNameW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
HeapCreate
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
FindFirstFileExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetFileAttributesExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GlobalLock
GlobalUnlock
GlobalAlloc
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetStringTypeW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
lstrcpyW
GetProcessHeap
DeleteCriticalSection
LocalFree
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
CloseHandle
HeapReAlloc
Process32FirstW
LockResource
Process32NextW
GetLastError
CreateToolhelp32Snapshot
HeapSize
OpenProcess
lstrlenA
lstrcmpA
LCMapStringEx
EncodePointer
GetExitCodeThread
WaitForSingleObjectEx
InitializeCriticalSection
LocalAlloc
InitializeCriticalSectionEx
TerminateProcess
lstrcpynW
HeapFree
SizeofResource
FreeLibraryAndExitThread
GetModuleHandleW

user32

GetWindowRect
MapWindowPoints
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadCursorW
MonitorFromWindow
GetMonitorInfoW
DestroyCursor
IsWindow
SetFocus
GetFocus
GetKeyState
DrawIconEx
InvertRect
FillRect
SetCursor
SetTimer
KillTimer
SetRect
CopyRect
GetDlgItem
IntersectRect
UnionRect
IsRectEmpty
EqualRect
PtInRect
PostQuitMessage
EnableWindow
IsWindowEnabled
SetActiveWindow
GetDesktopWindow
TrackMouseEvent
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
GetCapture
SetCapture
ReleaseCapture
UpdateWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
SetWindowPos
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
SendMessageW
GetActiveWindow
ShowWindow
PostMessageW
DestroyWindow
SetWindowTextW
GetCursorPos
CreateCaret
GetCaretBlinkTime
HideCaret
SetCaretPos
ScreenToClient
GetClassNameW
DestroyIcon
MessageBoxA
MessageBoxW
UnregisterClassW
GetClientRect
InflateRect
LoadBitmapW
CharPrevExA
CharUpperW
GetForegroundWindow
MsgWaitForMultipleObjects
SetMenuContextHelpId
SetForegroundWindow
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
IsWindowVisible
GetSystemMetrics
GetSysColor
EnableMenuItem
ClientToScreen
GetIconInfo
CharNextW
OffsetRect
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadImageW
CreateIconFromResource

gdi32

GetViewportOrgEx
SetViewportOrgEx
CreateCompatibleBitmap
StretchBlt
GetObjectW
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
GetDeviceCaps
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
DeleteObject
CreateRoundRectRgn
EnumFontsW
BitBlt
Arc
CombineRgn
CreateEllipticRgnIndirect
CreatePen
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
Ellipse
ExcludeClipRect
GetClipRgn
GetRgnBox
GetTextColor
GetTextExtentPoint32W
IntersectClipRect
OffsetRgn
Pie
PtInRegion
RectInRegion
RestoreDC
RoundRect
SaveDC
ExtSelectClipRgn
SetRectRgn
SetROP2
SetTextColor
GetWorldTransform
SetWorldTransform
CreateDIBSection
ExtCreatePen
Polyline
GetCurrentObject

advapi32

RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW

shell32

ord165
ShellExecuteW
SHCreateDirectoryExW
SHFileOperationW

ole32

CLSIDFromProgID
CreateBindCtx
CreateStreamOnHGlobal
CLSIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
OleLockRunning

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString
VariantCopy
VariantClear

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptDecodeObject
CryptQueryObject

shlwapi

StrToIntExW
SHDeleteKeyW
SHCreateStreamOnFileEx

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext

wininet

HttpOpenRequestA
HttpOpenRequestW
HttpAddRequestHeadersA
HttpSendRequestA
HttpSendRequestW
HttpQueryInfoA
HttpQueryInfoW
InternetConnectW
InternetConnectA
InternetCloseHandle
InternetReadFile
InternetOpenW

ws2_32

htons
WSAStartup
closesocket
connect
gethostbyname
inet_addr
recv
send
setsockopt
socket

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipBitmapLockBits
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipGraphicsClear
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipSaveImageToFile

msimg32

GradientFill
AlphaBlend

Exports

Exports

??0CharReader@Json@@QAE@ABV01@@Z
??0CharReader@Json@@QAE@XZ
??0CharReaderBuilder@Json@@QAE@ABV01@@Z
??0CharReaderBuilder@Json@@QAE@XZ
??0Exception@Json@@QAE@ABV01@@Z
??0Exception@Json@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Factory@CharReader@Json@@QAE@ABV012@@Z
??0Factory@CharReader@Json@@QAE@XZ
??0Factory@StreamWriter@Json@@QAE@ABV012@@Z
??0Factory@StreamWriter@Json@@QAE@XZ
??0FastWriter@Json@@QAE@ABV01@@Z
??0FastWriter@Json@@QAE@XZ
??0Features@Json@@QAE@XZ
??0LogicError@Json@@QAE@$$QAV01@@Z
??0LogicError@Json@@QAE@ABV01@@Z
??0LogicError@Json@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Path@Json@@QAE@$$QAV01@@Z
??0Path@Json@@QAE@ABV01@@Z
??0Path@Json@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVPathArgument@1@1111@Z
??0PathArgument@Json@@QAE@$$QAV01@@Z
??0PathArgument@Json@@QAE@ABV01@@Z
??0PathArgument@Json@@QAE@I@Z
??0PathArgument@Json@@QAE@PBD@Z
??0PathArgument@Json@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0PathArgument@Json@@QAE@XZ
??0Reader@Json@@QAE@$$QAV01@@Z
??0Reader@Json@@QAE@ABV01@@Z
??0Reader@Json@@QAE@ABVFeatures@1@@Z
??0Reader@Json@@QAE@XZ
??0RuntimeError@Json@@QAE@$$QAV01@@Z
??0RuntimeError@Json@@QAE@ABV01@@Z
??0RuntimeError@Json@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0StaticString@Json@@QAE@PBD@Z
??0StreamWriter@Json@@QAE@ABV01@@Z
??0StreamWriter@Json@@QAE@XZ
??0StreamWriterBuilder@Json@@QAE@ABV01@@Z
??0StreamWriterBuilder@Json@@QAE@XZ
??0StyledStreamWriter@Json@@QAE@ABV01@@Z
??0StyledStreamWriter@Json@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0StyledWriter@Json@@QAE@ABV01@@Z
??0StyledWriter@Json@@QAE@XZ
??0Value@Json@@QAE@$$QAV01@@Z
??0Value@Json@@QAE@ABV01@@Z
??0Value@Json@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Value@Json@@QAE@ABVStaticString@1@@Z
??0Value@Json@@QAE@H@Z
??0Value@Json@@QAE@I@Z
??0Value@Json@@QAE@N@Z
??0Value@Json@@QAE@PBD0@Z
??0Value@Json@@QAE@PBD@Z
??0Value@Json@@QAE@W4ValueType@1@@Z
??0Value@Json@@QAE@_J@Z
??0Value@Json@@QAE@_K@Z
??0Value@Json@@QAE@_N@Z
??0ValueConstIterator@Json@@AAE@ABV?$_Tree_iterator@V?$_Tree_val@U?$_Tree_simple_types@U?$pair@$$CBVCZString@Value@Json@@V23@@std@@@std@@@std@@@std@@@Z
??0ValueConstIterator@Json@@QAE@ABVValueIterator@1@@Z
??0ValueConstIterator@Json@@QAE@XZ
??0ValueIterator@Json@@AAE@ABV?$_Tree_iterator@V?$_Tree_val@U?$_Tree_simple_types@U?$pair@$$CBVCZString@Value@Json@@V23@@std@@@std@@@std@@@std@@@Z
??0ValueIterator@Json@@QAE@ABV01@@Z
??0ValueIterator@Json@@QAE@ABVValueConstIterator@1@@Z
??0ValueIterator@Json@@QAE@XZ
??0ValueIteratorBase@Json@@QAE@ABV?$_Tree_iterator@V?$_Tree_val@U?$_Tree_simple_types@U?$pair@$$CBVCZString@Value@Json@@V23@@std@@@std@@@std@@@std@@@Z
??0ValueIteratorBase@Json@@QAE@XZ
??0Writer@Json@@QAE@ABV01@@Z
??0Writer@Json@@QAE@XZ
??1CharReader@Json@@UAE@XZ
??1CharReaderBuilder@Json@@UAE@XZ
??1Exception@Json@@UAE@XZ
??1Factory@CharReader@Json@@UAE@XZ
??1Factory@StreamWriter@Json@@UAE@XZ
??1FastWriter@Json@@UAE@XZ
??1LogicError@Json@@UAE@XZ
??1Path@Json@@QAE@XZ
??1PathArgument@Json@@QAE@XZ
??1Reader@Json@@QAE@XZ
??1RuntimeError@Json@@UAE@XZ
??1StreamWriter@Json@@UAE@XZ
??1StreamWriterBuilder@Json@@UAE@XZ
??1StyledStreamWriter@Json@@QAE@XZ
??1StyledWriter@Json@@UAE@XZ
??1Value@Json@@QAE@XZ
??1Writer@Json@@UAE@XZ
??4CharReader@Json@@QAEAAV01@ABV01@@Z
??4CharReaderBuilder@Json@@QAEAAV01@ABV01@@Z
??4Exception@Json@@QAEAAV01@ABV01@@Z
??4Factory@CharReader@Json@@QAEAAV012@ABV012@@Z
??4Factory@StreamWriter@Json@@QAEAAV012@ABV012@@Z
??4FastWriter@Json@@QAEAAV01@ABV01@@Z
??4Features@Json@@QAEAAV01@$$QAV01@@Z
??4Features@Json@@QAEAAV01@ABV01@@Z
??4LogicError@Json@@QAEAAV01@$$QAV01@@Z
??4LogicError@Json@@QAEAAV01@ABV01@@Z
??4Path@Json@@QAEAAV01@$$QAV01@@Z
??4Path@Json@@QAEAAV01@ABV01@@Z
??4PathArgument@Json@@QAEAAV01@$$QAV01@@Z
??4PathArgument@Json@@QAEAAV01@ABV01@@Z
??4Reader@Json@@QAEAAV01@$$QAV01@@Z
??4Reader@Json@@QAEAAV01@ABV01@@Z
??4RuntimeError@Json@@QAEAAV01@$$QAV01@@Z
??4RuntimeError@Json@@QAEAAV01@ABV01@@Z
??4StaticString@Json@@QAEAAV01@$$QAV01@@Z
??4StaticString@Json@@QAEAAV01@ABV01@@Z
??4StreamWriter@Json@@QAEAAV01@ABV01@@Z
??4StreamWriterBuilder@Json@@QAEAAV01@ABV01@@Z
??4StyledStreamWriter@Json@@QAEAAV01@ABV01@@Z
??4StyledWriter@Json@@QAEAAV01@ABV01@@Z
??4Value@Json@@QAEAAV01@$$QAV01@@Z
??4Value@Json@@QAEAAV01@ABV01@@Z
??4ValueConstIterator@Json@@QAEAAV01@$$QAV01@@Z
??4ValueConstIterator@Json@@QAEAAV01@ABV01@@Z
??4ValueConstIterator@Json@@QAEAAV01@ABVValueIteratorBase@1@@Z
??4ValueIterator@Json@@QAEAAV01@ABV01@@Z
??4ValueIteratorBase@Json@@QAEAAV01@$$QAV01@@Z
??4ValueIteratorBase@Json@@QAEAAV01@ABV01@@Z
??4Writer@Json@@QAEAAV01@ABV01@@Z
??5Json@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@std@@AAV12@AAVValue@0@@Z
??6Json@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV12@ABVValue@0@@Z
??8Value@Json@@QBE_NABV01@@Z
??8ValueIteratorBase@Json@@QBE_NABV01@@Z
??9Value@Json@@QBE_NABV01@@Z
??9ValueIteratorBase@Json@@QBE_NABV01@@Z
??ACharReaderBuilder@Json@@QAEAAVValue@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AStreamWriterBuilder@Json@@QAEAAVValue@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AValue@Json@@QAEAAV01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AValue@Json@@QAEAAV01@ABVStaticString@1@@Z
??AValue@Json@@QAEAAV01@H@Z
??AValue@Json@@QAEAAV01@I@Z
??AValue@Json@@QAEAAV01@PBD@Z
??AValue@Json@@QBEABV01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AValue@Json@@QBEABV01@H@Z
??AValue@Json@@QBEABV01@I@Z
??AValue@Json@@QBEABV01@PBD@Z
??BStaticString@Json@@QBEPBDXZ
??BValue@Json@@QBE_NXZ
??CValueConstIterator@Json@@QBEPBVValue@1@XZ
??CValueIterator@Json@@QAEPAVValue@1@XZ
??DValueConstIterator@Json@@QBEABVValue@1@XZ
??DValueIterator@Json@@QAEAAVValue@1@XZ
??EValueConstIterator@Json@@QAE?AV01@H@Z
??EValueConstIterator@Json@@QAEAAV01@XZ
??EValueIterator@Json@@QAE?AV01@H@Z
??EValueIterator@Json@@QAEAAV01@XZ
??FValueConstIterator@Json@@QAE?AV01@H@Z
??FValueConstIterator@Json@@QAEAAV01@XZ
??FValueIterator@Json@@QAE?AV01@H@Z
??FValueIterator@Json@@QAEAAV01@XZ
??GValueIteratorBase@Json@@QBEHABV01@@Z
??MValue@Json@@QBE_NABV01@@Z
??NValue@Json@@QBE_NABV01@@Z
??OValue@Json@@QBE_NABV01@@Z
??PValue@Json@@QBE_NABV01@@Z
??_7CharReader@Json@@6B@
??_7CharReaderBuilder@Json@@6B@
??_7Exception@Json@@6B@
??_7Factory@CharReader@Json@@6B@
??_7Factory@StreamWriter@Json@@6B@
??_7FastWriter@Json@@6B@
??_7LogicError@Json@@6B@
??_7RuntimeError@Json@@6B@
??_7StreamWriter@Json@@6B@
??_7StreamWriterBuilder@Json@@6B@
??_7StyledWriter@Json@@6B@
??_7Writer@Json@@6B@
??_FStyledStreamWriter@Json@@QAEXXZ
??_FValue@Json@@QAEXXZ
?addComment@Reader@Json@@AAEXPBD0W4CommentPlacement@2@@Z
?addError@Reader@Json@@AAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVToken@12@PBD@Z
?addErrorAndRecover@Reader@Json@@AAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVToken@12@W4TokenType@12@@Z
?addPathInArg@Path@Json@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$vector@PBVPathArgument@Json@@V?$allocator@PBVPathArgument@Json@@@std@@@4@AAV?$_Vector_const_iterator@V?$_Vector_val@U?$_Simple_types@PBVPathArgument@Json@@@std@@@std@@@4@W4Kind@PathArgument@2@@Z
?all@Features@Json@@SA?AV12@XZ
?append@Value@Json@@QAEAAV12@$$QAV12@@Z
?append@Value@Json@@QAEAAV12@ABV12@@Z
?asBool@Value@Json@@QBE_NXZ
?asCString@Value@Json@@QBEPBDXZ
?asDouble@Value@Json@@QBENXZ
?asFloat@Value@Json@@QBEMXZ
?asInt64@Value@Json@@QBE_JXZ
?asInt@Value@Json@@QBEHXZ
?asLargestInt@Value@Json@@QBE_JXZ
?asLargestUInt@Value@Json@@QBE_KXZ
?asString@Value@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?asUInt64@Value@Json@@QBE_KXZ
?asUInt@Value@Json@@QBEIXZ
?begin@Value@Json@@QAE?AVValueIterator@2@XZ
?begin@Value@Json@@QBE?AVValueConstIterator@2@XZ
?c_str@StaticString@Json@@QBEPBDXZ
?clear@Value@Json@@QAEXXZ
?compare@Value@Json@@QBEHABV12@@Z
?computeDistance@ValueIteratorBase@Json@@IBEHABV12@@Z
?containsNewLine@Reader@Json@@CA_NPBD0@Z
?copy@Value@Json@@QAEXABV12@@Z
?copy@ValueIteratorBase@Json@@IAEXABV12@@Z
?copyPayload@Value@Json@@QAEXABV12@@Z
?currentValue@Reader@Json@@AAEAAVValue@2@XZ
?decodeDouble@Reader@Json@@AAE_NAAVToken@12@@Z
?decodeDouble@Reader@Json@@AAE_NAAVToken@12@AAVValue@2@@Z
?decodeNumber@Reader@Json@@AAE_NAAVToken@12@@Z
?decodeNumber@Reader@Json@@AAE_NAAVToken@12@AAVValue@2@@Z
?decodeString@Reader@Json@@AAE_NAAVToken@12@@Z
?decodeString@Reader@Json@@AAE_NAAVToken@12@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?decodeUnicodeCodePoint@Reader@Json@@AAE_NAAVToken@12@AAPBDPBDAAI@Z
?decodeUnicodeEscapeSequence@Reader@Json@@AAE_NAAVToken@12@AAPBDPBDAAI@Z
?decrement@ValueIteratorBase@Json@@IAEXXZ
?defaultRealPrecision@Value@Json@@2IB
?demand@Value@Json@@QAEPAV12@PBD0@Z
?deref@ValueIteratorBase@Json@@IAEAAVValue@2@XZ
?deref@ValueIteratorBase@Json@@IBEABVValue@2@XZ
?dropNullPlaceholders@FastWriter@Json@@QAEXXZ
?dupMeta@Value@Json@@AAEXABV12@@Z
?dupPayload@Value@Json@@AAEXABV12@@Z
?empty@Value@Json@@QBE_NXZ
?enableYAMLCompatibility@FastWriter@Json@@QAEXXZ
?end@Value@Json@@QAE?AVValueIterator@2@XZ
?end@Value@Json@@QBE?AVValueConstIterator@2@XZ
?find@Value@Json@@QBEPBV12@PBD0@Z
?get@Value@Json@@QBE?AV12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV12@@Z
?get@Value@Json@@QBE?AV12@IABV12@@Z
?get@Value@Json@@QBE?AV12@PBD0ABV12@@Z
?get@Value@Json@@QBE?AV12@PBDABV12@@Z
?getComment@Value@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4CommentPlacement@2@@Z
?getFormatedErrorMessages@Reader@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getFormattedErrorMessages@Reader@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getLocationLineAndColumn@Reader@Json@@ABE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
?getLocationLineAndColumn@Reader@Json@@ABEXPBDAAH1@Z
?getMemberNames@Value@Json@@QBE?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?getNextChar@Reader@Json@@AAEDXZ
?getOffsetLimit@Value@Json@@QBEHXZ
?getOffsetStart@Value@Json@@QBEHXZ
?getString@Value@Json@@QBE_NPAPBD0@Z
?getStructuredErrors@Reader@Json@@QBE?AV?$vector@UStructuredError@Reader@Json@@V?$allocator@UStructuredError@Reader@Json@@@std@@@std@@XZ
?good@Reader@Json@@QBE_NXZ
?hasComment@Value@Json@@QBE_NW4CommentPlacement@2@@Z
?hasCommentForValue@StyledStreamWriter@Json@@CA_NABVValue@2@@Z
?hasCommentForValue@StyledWriter@Json@@CA_NABVValue@2@@Z
?increment@ValueIteratorBase@Json@@IAEXXZ
?indent@StyledStreamWriter@Json@@AAEXXZ
?indent@StyledWriter@Json@@AAEXXZ
?index@ValueIteratorBase@Json@@QBEIXZ
?initBasic@Value@Json@@AAEXW4ValueType@2@_N@Z
?insert@Value@Json@@QAE_NI$$QAV12@@Z
?insert@Value@Json@@QAE_NIABV12@@Z
?invalidPath@Path@Json@@CAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?isAllocated@Value@Json@@ABE_NXZ
?isArray@Value@Json@@QBE_NXZ
?isBool@Value@Json@@QBE_NXZ
?isConvertibleTo@Value@Json@@QBE_NW4ValueType@2@@Z
?isDouble@Value@Json@@QBE_NXZ
?isEqual@ValueIteratorBase@Json@@IBE_NABV12@@Z
?isInt64@Value@Json@@QBE_NXZ
?isInt@Value@Json@@QBE_NXZ
?isIntegral@Value@Json@@QBE_NXZ
?isMember@Value@Json@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?isMember@Value@Json@@QBE_NPBD0@Z
?isMember@Value@Json@@QBE_NPBD@Z
?isMultilineArray@StyledStreamWriter@Json@@AAE_NABVValue@2@@Z
?isMultilineArray@StyledWriter@Json@@AAE_NABVValue@2@@Z
?isNull@Value@Json@@QBE_NXZ
?isNumeric@Value@Json@@QBE_NXZ
?isObject@Value@Json@@QBE_NXZ
?isString@Value@Json@@QBE_NXZ
?isUInt64@Value@Json@@QBE_NXZ
?isUInt@Value@Json@@QBE_NXZ
?isValidIndex@Value@Json@@QBE_NI@Z
?key@ValueIteratorBase@Json@@QBE?AVValue@2@XZ
?make@Path@Json@@QBEAAVValue@2@AAV32@@Z
?makePath@Path@Json@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$vector@PBVPathArgument@Json@@V?$allocator@PBVPathArgument@Json@@@std@@@4@@Z
?match@Reader@Json@@AAE_NPBDH@Z
?maxInt64@Value@Json@@2_JB
?maxInt@Value@Json@@2HB
?maxLargestInt@Value@Json@@2_JB
?maxLargestUInt@Value@Json@@2_KB
?maxUInt64@Value@Json@@2_KB
?maxUInt64AsDouble@Value@Json@@2NB
?maxUInt@Value@Json@@2IB
?memberName@ValueIteratorBase@Json@@QBEPBDPAPBD@Z
?memberName@ValueIteratorBase@Json@@QBEPBDXZ
?minInt64@Value@Json@@2_JB
?minInt@Value@Json@@2HB
?minLargestInt@Value@Json@@2_JB
?name@ValueIteratorBase@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?newCharReader@CharReaderBuilder@Json@@UBEPAVCharReader@2@XZ
?newStreamWriter@StreamWriterBuilder@Json@@UBEPAVStreamWriter@2@XZ
?normalizeEOL@Reader@Json@@CA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD0@Z
?null@Value@Json@@2ABV12@B
?nullRef@Value@Json@@2ABV12@B
?nullSingleton@Value@Json@@SAABV12@XZ
?omitEndingLineFeed@FastWriter@Json@@QAEXXZ
?parse@Reader@Json@@QAE_NAAV?$basic_istream@DU?$char_traits@D@std@@@std@@AAVValue@2@_N@Z
?parse@Reader@Json@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVValue@2@_N@Z
?parse@Reader@Json@@QAE_NPBD0AAVValue@2@_N@Z
?parseFromStream@Json@@YA_NABVFactory@CharReader@1@AAV?$basic_istream@DU?$char_traits@D@std@@@std@@PAVValue@1@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@5@@Z
?pushError@Reader@Json@@QAE_NABVValue@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?pushError@Reader@Json@@QAE_NABVValue@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?pushValue@StyledStreamWriter@Json@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?pushValue@StyledWriter@Json@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?readArray@Reader@Json@@AAE_NAAVToken@12@@Z
?readCStyleComment@Reader@Json@@AAE_NXZ
?readComment@Reader@Json@@AAE_NXZ
?readCppStyleComment@Reader@Json@@AAE_NXZ
?readNumber@Reader@Json@@AAEXXZ
?readObject@Reader@Json@@AAE_NAAVToken@12@@Z
?readString@Reader@Json@@AAE_NXZ
?readToken@Reader@Json@@AAE_NAAVToken@12@@Z
?readValue@Reader@Json@@AAE_NXZ
?recoverFromError@Reader@Json@@AAE_NW4TokenType@12@@Z
?releasePayload@Value@Json@@AAEXXZ
?removeIndex@Value@Json@@QAE_NIPAV12@@Z
?removeMember@Value@Json@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?removeMember@Value@Json@@QAEXPBD@Z
?removeMember@Value@Json@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV12@@Z
?removeMember@Value@Json@@QAE_NPBD0PAV12@@Z
?removeMember@Value@Json@@QAE_NPBDPAV12@@Z
?resize@Value@Json@@QAEXI@Z
?resolve@Path@Json@@QBE?AVValue@2@ABV32@0@Z
?resolve@Path@Json@@QBEABVValue@2@ABV32@@Z
?resolveReference@Value@Json@@AAEAAV12@PBD0@Z
?resolveReference@Value@Json@@AAEAAV12@PBD@Z
?setComment@Value@Json@@QAEXPBDIW4CommentPlacement@2@@Z
?setComment@Value@Json@@QAEXPBDW4CommentPlacement@2@@Z
?setComment@Value@Json@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4CommentPlacement@2@@Z
?setDefaults@CharReaderBuilder@Json@@SAXPAVValue@2@@Z
?setDefaults@StreamWriterBuilder@Json@@SAXPAVValue@2@@Z
?setIsAllocated@Value@Json@@AAEX_N@Z
?setOffsetLimit@Value@Json@@QAEXH@Z
?setOffsetStart@Value@Json@@QAEXH@Z
?setType@Value@Json@@AAEXW4ValueType@2@@Z
?size@Value@Json@@QBEIXZ
?skipCommentTokens@Reader@Json@@AAEXAAVToken@12@@Z
?skipSpaces@Reader@Json@@AAEXXZ
?strictMode@CharReaderBuilder@Json@@SAXPAVValue@2@@Z
?strictMode@Features@Json@@SA?AV12@XZ
?swap@Value@Json@@QAEXAAV12@@Z
?swapPayload@Value@Json@@QAEXAAV12@@Z
?toStyledString@Value@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?type@Value@Json@@QBE?AW4ValueType@2@XZ
?unindent@StyledStreamWriter@Json@@AAEXXZ
?unindent@StyledWriter@Json@@AAEXXZ
?validate@CharReaderBuilder@Json@@QBE_NPAVValue@2@@Z
?validate@StreamWriterBuilder@Json@@QBE_NPAVValue@2@@Z
?valueToQuotedString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NIW4PrecisionType@1@@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?what@Exception@Json@@UBEPBDXZ
?write@FastWriter@Json@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVValue@2@@Z
?write@StyledStreamWriter@Json@@QAEXAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@ABVValue@2@@Z
?write@StyledWriter@Json@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVValue@2@@Z
?writeArrayValue@StyledStreamWriter@Json@@AAEXABVValue@2@@Z
?writeArrayValue@StyledWriter@Json@@AAEXABVValue@2@@Z
?writeCommentAfterValueOnSameLine@StyledStreamWriter@Json@@AAEXABVValue@2@@Z
?writeCommentAfterValueOnSameLine@StyledWriter@Json@@AAEXABVValue@2@@Z
?writeCommentBeforeValue@StyledStreamWriter@Json@@AAEXABVValue@2@@Z
?writeCommentBeforeValue@StyledWriter@Json@@AAEXABVValue@2@@Z
?writeIndent@StyledStreamWriter@Json@@AAEXXZ
?writeIndent@StyledWriter@Json@@AAEXXZ
?writeString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVFactory@StreamWriter@1@ABVValue@1@@Z
?writeValue@FastWriter@Json@@AAEXABVValue@2@@Z
?writeValue@StyledStreamWriter@Json@@AAEXABVValue@2@@Z
?writeValue@StyledWriter@Json@@AAEXABVValue@2@@Z
?writeWithIndent@StyledStreamWriter@Json@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?writeWithIndent@StyledWriter@Json@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_6bb387039248cc69510781521bf4ced1.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_6c8b54d2b3b82474b154a6901f2502ea.vir
.exe windows:4 windows x86 arch:x86

879e62881b452fa51161345afb04a6de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:83:ef:09:6f:14:d7:bc:f9:f0:69:9c:ea:15:6b:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22-02-2012 00:00

Not After

21-02-2015 23:59

Subject

CN=Beijing Baofeng Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Baofeng Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b6:3c:2e:2b:8a:6e:3d:2d:60:7e:3b:a4:c2:c9:ba:eb:fd:4f:a4:69
Signer

Actual PE Digest

b6:3c:2e:2b:8a:6e:3d:2d:60:7e:3b:a4:c2:c9:ba:eb:fd:4f:a4:69

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

DeregisterEventSource
RegisterEventSourceA
ReportEventA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetBitmapBits
GetDeviceCaps
GetObjectA
SelectObject

kernel32

CloseHandle
CreateEventA
CreateFileA
CreatePipe
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStdHandle
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ResetEvent
SetConsoleCtrlHandler
SetEvent
SetFilePointer
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

_access
_chmod
_getcwd
_getpid
_read
_stat
_strdup
_stricmp
_umask
_unlink
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_beginthread
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_findclose
_findfirst
_findnext
_fullpath
_getch
_iob
_isctype
_mkdir
_onexit
_pctype
_setmode
_stricmp
_strnicmp
_vsnprintf
_wfopen
abort
atexit
atoi
calloc
exit
fclose
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
gmtime
localeconv
localtime
malloc
memchr
memcpy
memmove
memset
perror
qsort
raise
realloc
setvbuf
signal
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strtol
strtoul
time
tolower
vfprintf
wcslen
wcsstr

shell32

SHGetFolderPathA

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

ws2_32

WSACleanup
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
htonl
htons
listen
recv
send
setsockopt
shutdown
socket

adbwinapi

AdbCloseHandle
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetEndpointInformation
AdbGetInterfaceName
AdbGetSerialNumber
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbReadEndpointSync
AdbWriteEndpointSync

Sections

.text
Size: 617KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_6cd3af11e2e7b29a7faed44e76f07902.vir
.exe windows:4 windows x86 arch:x86

ae78984139554755bfdc1132515f5f57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

s7aaapix

AUTGetLongAttribute
AUTRegisterApp
AUTGetName
AUTSetLongAttribute
AUTGetTypeName
AUTGetObjectType
AUTObjectArraySize
AUTTypeArrayGetAt
AUTTypeArraySize
AUTObjectArrayCreate
AUTGetObjectID
AUTTypeArrayCreate
AUTLogError
AUTReleaseTraceEntry
AUTDeleteTraceEntry
AUTGetNumberOfTraceEntries
AUTGetTraceErrorID
AUTGetTraceServiceNumber
AUTGetLastTraceEntry
AUTGetActiveTraceBuffer
AUTGetErrorTitle
AUTOpenObjectSet
AUTGetCurrentObjectSet
AUTSetCurrentObjectSet
AUTOSCloseObjectSet
AUTOSSaveObjectSet
AUTSuppressFlushDelayed
AUTGetStringAttribute
AUTEnterObjectSet
AUTGetObject
AUTGetLastVisibleTraceEntry
AUTActivateOM
AUTGetObjectSetMode
AUTGetObjectsObjectSet
AUTSymbolicNameFromTypeID
AUTObjectArrayRemoveAll
AUTGetLinkedObjects
AUTIsDerived
AUTOSDumpOSet
AUTSetActiveTraceBuffer
AUTGetErrMode
AUTSetErrMode
AUTCreateTraceBuffer
AUTDeleteTraceBuffer
AUTDisplayTraceEntries
AUTGetActWnd
AUTFlushDelayedError
AUTIsTraceMsgDelayed
AUTGetVisibleTraceEntries
AUTResetTraceBuffer
AUTGetTraceServiceID
AUTGetCopiedObject
AUTGetEnvObject
AUTDoTypeVerb
AUTObjectArrayGetAt
AUTGetTypeInfos
AUTGetObjectArray
AUTTypeArrayRemoveAll
AUTTypeArrayDelete
AUTObjectArrayDelete
AUTUnregisterApp
AUTGetPath

s7abstrx

?Empty@CBstr@@QAEXXZ
??1CBstr@@QAE@XZ
?Compare@CBstr@@QBEHPBD@Z
??0CBstr@@QAE@PBD@Z
??BCBstr@@QBEPBDXZ
??4CBstr@@QAEABV0@PBD@Z
?IsEmpty@CBstr@@QBEHXZ
??BCBstr@@QBEPAPAGXZ
??0CBstr@@QAE@XZ
?Format@CBstr@@QAAXPBDZZ

s7aprexx

AUTOpenEnvironment

s7aregsx

_S7RegCreateKeyEx@36
_S7RegEnumValue@32
_S7RegEnumKeyEx@32
_S7RegDeleteKey@8
_S7RegQueryValueEx@24
_S7RegOpenKeyEx@20
_S7RegQueryInfoKey@48
_S7RegCloseKey@4
_S7RegSetValueEx@24

s7adbcsx

?ByteType@@YA?AW4DBCS_ByteType@@PBDI@Z

mfc42

ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord3435
ord5856
ord1564
ord668
ord1567
ord665
ord1979
ord353
ord2818
ord268
ord1980
ord858
ord3185
ord2781
ord800
ord2770
ord924
ord356
ord3790
ord941
ord2614
ord540
ord798
ord1997
ord2808
ord6407
ord532
ord939
ord860
ord5265
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord825
ord641
ord940
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord815
ord2652
ord1669
ord1168
ord2621
ord1205
ord537
ord2763
ord1946
ord3401
ord561
ord3953
ord2725
ord2864
ord4674
ord4083
ord5572
ord2915
ord923
ord699
ord802
ord397
ord542
ord5593
ord3438
ord5601
ord823
ord2765
ord1085
ord912
ord4188
ord4277
ord4129
ord5683
ord5631
ord5303
ord2726
ord4699
ord5715
ord3353
ord565
ord1948
ord817
ord3954
ord324
ord4160
ord2514
ord2302
ord4234
ord6215
ord2642
ord3874
ord6199
ord3092
ord2645
ord6467
ord4710
ord1106
ord6197
ord6380
ord4376
ord3663
ord1193
ord1151
ord1871
ord6571
ord5460
ord341
ord654
ord879
ord882
ord6140
ord5858
ord2801
ord2740
ord5590
ord1576
ord998
ord909
ord696
ord773
ord501
ord394
ord715
ord5450
ord6394
ord2841
ord2107
ord2826
ord1175
ord1884
ord1807
ord1814
ord1913
ord1869
ord1789
ord1835
ord1861
ord1833
ord2917
ord2803
ord958
ord6312
ord4177
ord6385
ord5442
ord3318
ord6010
ord5773
ord2601
ord5186
ord3180
ord3183
ord3176
ord3507
ord354
ord4202
ord5583
ord6153
ord6569
ord415
ord5597
ord5681
ord5605
ord1081
ord795
ord765
ord3721
ord6055
ord1776
ord5290
ord3402
ord3698
ord567
ord5710

msvcrt

_onexit
_setmbcp
strtoul
__CxxFrameHandler
_EH_prolog
_findclose
_findnext
strcmp
_findfirst
_strdup
free
_mbsicmp
strlen
_mbscmp
memset
_ismbcdigit
_mbsicoll
atoi
strtok
strcpy
_rmdir
_close
_open
remove
_errno
_access
toupper
_ismbcspace
iscntrl
_ismbclower
_ismbcalnum
??1type_info@@UAE@XZ
__dllonexit
_except_handler3
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

SetCurrentDirectoryA
WaitForSingleObject
InitializeCriticalSection
ResumeThread
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExA
SetErrorMode
FreeLibrary
GetProcAddress
FormatMessageA
GetLastError
CopyFileA
MoveFileA
CreateDirectoryExA
GetVersionExA
GetStartupInfoA
GetModuleHandleA
LocalAlloc
LocalFree
CreateDirectoryA
GetCurrentDirectoryA
CreateFileA
SetFileTime
CloseHandle

user32

IsWindow
RedrawWindow
SetWindowTextA
SetForegroundWindow
GetDlgItem
PostMessageA
SendMessageA
SetTimer
GetCursor
KillTimer
SetCursor
GetActiveWindow
RegisterWindowMessageA
EnableWindow

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_6cddb24c4056b65eec3b73946f7bc5e0.vir
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_6cfe0528d426e7c1ed6e4241e0c413db.vir
Virussign.2024.06.08/virussign.com_6da33d88d286dc6dae2763aa00462f26.vir
.exe windows:4 windows x86 arch:x86

67e05e2ab750c96987cbf26ae92eefe4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

GetDeviceCaps

kernel32

CloseHandle
CreateFileA
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FreeLibrary
GetACP
GetCommandLineA
GetCurrentDirectoryA
GetEnvironmentVariableA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
OpenFileMappingA
ReadFile
SetFilePointer
SetUnhandledExceptionFilter
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_filbuf
_getch
_getche
_iob
_kbhit
_onexit
_setmode
_winmajor
abort
atexit
calloc
cos
exit
fclose
fflush
fopen
fprintf
free
fscanf
fwrite
log10
memcpy
signal
sin
sprintf
sscanf
strcat
strcpy
strncpy
strrchr
vfprintf
vsprintf

user32

GetDC
GetSysColor
IsWindow
MessageBoxA
ReleaseDC
SendMessageA
WaitForInputIdle

libgcc_s_dw2-1

__deregister_frame_info
__register_frame_info

libgfortran-3

_gfortran_set_args
_gfortran_set_options

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_6f507bc606bbd8d744823770b06f890f.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_701bdf72f5871dae06f0073198d3071c.vir
.vir .xll windows:6 windows x64 arch:x64
Virussign.2024.06.08/virussign.com_706621b294df023349dae65d7a05adcf.vir
.exe windows:4 windows x86 arch:x86

c3d5721358ef6e2b568436df19562c03

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamClose

ws2_32

WSAGetLastError

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmDisableIME
ImmGetContext

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

OpenProcess
GlobalFree
GetTempFileNameW
LockResource
SizeofResource
LoadResource
FindResourceW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetWindowsDirectoryW
GetVersionExW
HeapFree
HeapAlloc
GetProcessHeap
LocalFree
TerminateThread
GetExitCodeThread
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
SetLastError
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
GetDiskFreeSpaceExW
SetEndOfFile
SetFilePointer
WriteFile
TlsFree
TlsAlloc
GetFileAttributesW
GetSystemDefaultLangID
GetUserDefaultLangID
EnumResourceLanguagesW
GetVersion
lstrcatW
FreeResource
GlobalAlloc
LocalAlloc
ExitProcess
SetUnhandledExceptionFilter
SetProcessWorkingSetSize
TerminateProcess
GlobalDeleteAtom
GlobalAddAtomW
CreateSemaphoreW
ReleaseSemaphore
FlushInstructionCache
LoadLibraryW
GetCurrentThreadId
GetModuleHandleW
VirtualQuery
TlsGetValue
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCommandLineW
SetErrorMode
LoadLibraryExW
GetProcAddress
FreeLibrary
lstrcmpW
VirtualProtect
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
GetModuleHandleA
GetCurrentProcessId
GetLongPathNameW
TlsSetValue
GetFileSize
ReadFile
CreateDirectoryW
lstrlenW
FindClose
FindNextFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetShortPathNameW
FindFirstFileW
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
lstrlenA
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
GetTempPathW
GetLocaleInfoW
CloseHandle
WaitForSingleObject
CopyFileW
RemoveDirectoryW
CreateMutexW
ReleaseMutex
GetSystemDirectoryW
IsBadWritePtr
IsBadReadPtr
MoveFileExW
CreateFileW
GlobalUnlock
GetStartupInfoA
GlobalLock
SetFileAttributesW
GetPrivateProfileIntW
lstrcmpiW
ResetEvent
SetEvent
CreateEventW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
GetLastError
SystemTimeToFileTime
GetSystemTime
GetFileTime

user32

CopyIcon
CopyImage
GetForegroundWindow
CloseClipboard
DialogBoxParamW
LoadImageW
SetWindowPos
GetWindowRect
ShowWindow
SetWindowLongW
GetDlgItem
SendMessageW
LoadStringW
SetWindowTextW
GetWindowTextW
PostMessageW
EndDialog
SetFocus
MessageBoxW
IsWindowVisible
SetPropW
ScreenToClient
RemovePropW
GetPropW
EnableWindow
SetClipboardData
CreateWindowExW
IsWindow
InflateRect
CopyRect
EmptyClipboard
OpenClipboard
SetWindowsHookExW
UnhookWindowsHookEx
InsertMenuW
IsWindowEnabled
LoadAcceleratorsW
TranslateAcceleratorW
DestroyAcceleratorTable
CreateAcceleratorTableW
CopyAcceleratorTableW
GetSystemMetrics
GetKeyNameTextW
GetClientRect
EndPaint
GetSysColor
IsDlgButtonChecked
DrawEdge
DrawTextW
FillRect
BeginPaint
DestroyWindow
SetForegroundWindow
GetParent
DefWindowProcW
ReleaseDC
GetDC
OffsetRect
PtInRect
GetCursorPos
GetKeyState
GetAsyncKeyState
SetCursor
LoadCursorW
CharNextW
DrawIcon
LoadIconW
MapWindowPoints
GetDesktopWindow
SetDlgItemTextW
CharLowerW
PostThreadMessageW
GetMessageW
DdeNameService
DdeCreateStringHandleW
SetParent
RegisterClassExW
MoveWindow
IsIconic
SetCursorPos
EnumChildWindows
InvalidateRect
IsChild
SubtractRect
GetClipboardData
IsClipboardFormatAvailable
GetMonitorInfoW
MonitorFromWindow
SetRect
RegisterHotKey
UnregisterHotKey
SystemParametersInfoW
WindowFromPoint
DestroyIcon
SetRectEmpty
InsertMenuItemW
DestroyMenu
GetWindowDC
CallNextHookEx
MenuItemFromPoint
GetMenuState
UpdateWindow
EndMenu
EqualRect
CheckMenuRadioItem
DrawIconEx
GetSystemMenu
TrackMouseEvent
CheckDlgButton
CheckMenuItem
TrackPopupMenuEx
MapVirtualKeyW
keybd_event
GetMenuItemID
GetMenuStringW
IsMenu
GetFocus
PostQuitMessage
GetMenuInfo
GetMenuItemCount
GetMenuItemInfoW
IsZoomed
SetWindowRgn
SetMenuInfo
FindWindowExW
GetSysColorBrush
FindWindowW
GetWindowPlacement
SetWindowPlacement
RegisterWindowMessageW
GetClassNameW
GetWindowThreadProcessId
GetWindowModuleFileNameW
GetWindowLongW
SetMenuItemInfoW
GetMenu
SendMessageTimeoutW
CreatePopupMenu
GetMessagePos
SetCapture
ReleaseCapture
ShowCursor
KillTimer
ClientToScreen
SetTimer
RedrawWindow
CallWindowProcW
DeleteMenu
GetAncestor
LoadMenuW
GetSubMenu
EnableMenuItem
TrackPopupMenu
GetDlgItemTextW
LoadBitmapW
PeekMessageW
TranslateMessage
DispatchMessageW
CharUpperW
DdeGetData
DdeFreeDataHandle
DdeQueryStringW
DdeFreeStringHandle
DdeUninitialize
DdeInitializeW

gdi32

CreateRectRgnIndirect
FillRgn
GetDIBits
CreateDIBSection
MoveToEx
LineTo
CreateRoundRectRgn
CombineRgn
CreateRectRgn
CreateFontIndirectW
SelectClipRgn
GetObjectW
DeleteObject
CreateSolidBrush
SelectObject
SetBkMode
SetTextColor
GetStockObject
EnumFontsW
Rectangle
CreatePatternBrush
DeleteDC
BitBlt
CreateCompatibleBitmap
CreatePen
SetBkColor
CreateCompatibleDC

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW

advapi32

RegOpenKeyExW
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
GetLengthSid
AllocateAndInitializeSid
RegEnumKeyW
RegQueryInfoKeyW
RegSetKeySecurity
CopySid
GetTokenInformation
RegCreateKeyExW
OpenProcessToken
InitializeAcl

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
ExtractIconExW
DoEnvironmentSubstW
SHGetSpecialFolderPathW
SHChangeNotify
SHFreeNameMappings
SHAppBarMessage
DragQueryFileW
SHGetDesktopFolder
SHGetMalloc
SHBrowseForFolderW

ole32

OleCreate
OleDraw
CoCreateGuid
CoGetInterfaceAndReleaseStream
CLSIDFromString
DoDragDrop
StringFromCLSID
CoTaskMemFree
OleInitialize
OleUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoUninitialize
ReleaseStgMedium
CoCreateInstance
RegisterDragDrop
CoGetMalloc
RevokeDragDrop
OleDuplicateData
CreateStreamOnHGlobal
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
OleSetContainedObject

oleaut32

SafeArrayDestroy
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
VariantClear
SysAllocString
SysFreeString
SafeArrayCreateVector

wininet

HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
InternetConnectW
InternetSetStatusCallbackW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
HttpEndRequestW
FtpOpenFileW
InternetGetLastResponseInfoW
FtpCommandW
InternetQueryOptionW
FtpGetFileSize
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
UnlockUrlCacheEntryFileW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindCloseUrlCache
InternetSetOptionA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetCrackUrlW
HttpQueryInfoW
InternetGetConnectedState
InternetSetOptionW

msvcp60

??0logic_error@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0out_of_range@std@@QAE@ABV01@@Z

shlwapi

PathMatchSpecW
UrlIsOpaqueW
PathFindFileNameW
PathCombineW
StrStrIW
PathFindExtensionW
PathGetDriveNumberW
PathIsDirectoryW
PathIsURLW
PathIsRootW
SHAutoComplete
UrlGetPartW
SHSetValueW
SHDeleteKeyW
SHGetValueW
SHDeleteValueW
StrStrIA
PathMatchSpecA
UrlCanonicalizeW
SHEnumKeyExW
SHEnumValueW
PathFileExistsW
PathIsUNCW
UrlIsW
SHQueryInfoKeyW
StrRetToBufW
StrCpyNW

msvcrt

fseek
ftell
fread
_wtol
_ltow
_itow
malloc
free
_wfopen
fwprintf
fclose
iswdigit
swprintf
vswprintf
wcschr
_ftol
_wtoi
_except_handler3
memmove
wcscmp
_wcsicmp
wcsstr
??2@YAPAXI@Z
wcsrchr
wcsncpy
wcscpy
_snwprintf
wcslen
wcspbrk
__CxxFrameHandler
wcscat
time
localtime
_beginthreadex
swscanf
_ui64tow
gmtime
wcsncmp
wcsftime
_wtoi64
_i64tow
_snprintf
fwrite
_wcsnicmp
wcsncat
fputs
strrchr
strncpy
strchr
mktime
wcstod
iswspace
realloc
strpbrk
strstr
iswlower
atoi
fopen
_wstrtime
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_CIpow
fputws
exit
scanf
printf
sprintf
isalnum
toupper
_ui64toa
towlower
towupper
_ismbslead
fprintf
_strnicmp
fgets
rewind
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_stricmp
_controlfp
sscanf
__set_app_type

urlmon

RegisterBindStatusCallback
RevokeBindStatusCallback
CoInternetCombineUrl
ObtainUserAgentString

gdiplus

GdiplusStartup
GdipSaveImageToFile
GdipLoadImageFromStream
GdipAlloc
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipCreateFromHDC
GdipFree
GdipDisposeImage
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageEncoders
GdipGetImageEncodersSize

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Remove
ImageList_Duplicate
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_BeginDrag
ImageList_GetIconSize
InitCommonControlsEx
ImageList_SetBkColor
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_Add
ImageList_Draw
ord16

Sections

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 601KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 315KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_70ba773ee0b9dab2329717789ec8d8ab.vir
.dll windows:4 windows x86 arch:x86

b15f50e3f2711e0feb9b6d0b6f0258b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_70db0a303d56f929e30f546d700fc847.vir
.exe windows:5 windows x86 arch:x86

add6ce76c0171c781219d947a2aacb14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\CUT_A.V2.7.0\dev\binaries\release\CTViewServer.pdb

Imports

ctwinsys

?SYS_CloseHandleMutex@@YG?AW4SysRet_e@@PAX@Z
?SYS_WaitForMutex@@YG?AW4SysRet_e@@PAX@Z
?SYS_GetLastError@@YGJXZ
?SYS_SignalMutex@@YG?AW4SysRet_e@@PAX@Z
?SYS_CreateMutex@@YGPAXPBD@Z
?SYS_CreateThread@@YGPAXP6GKPAX@Z0@Z
?SYS_GetCounterUs@@YG_JXZ
?SYS_GetTime@@YG_JXZ
?SYS_CloseHandleThread@@YG?AW4SysRet_e@@PAX@Z
?SYS_CreateSemaphore@@YGPAXXZ
?SYS_SignalSemaphore@@YG?AW4SysRet_e@@PAX@Z
?SYS_WaitForSemaphore@@YG?AW4SysRet_e@@PAXK@Z
?SYS_CloseHandleSemaphore@@YG?AW4SysRet_e@@PAX@Z
?SYS_GetXMLModuleInfo@@YGPADXZ
?SYS_Free@@YGXPAX@Z

ctwinlog

ord10
ord7
ord3
ord5
ord4
ord1
ord2
ord6

ctwincomm

?COMM_GetXMLModuleInfo@@YGPADXZ
?COMM_Free@@YGXPAX@Z
?COMM_SetModuleInfo@@YG?AW4CommRet_e@@KPADPAJK@Z
?COMM_Init@@YG?AW4CommRet_e@@PAD@Z
?COMM_Register@@YG?AW4CommRet_e@@PAUCOMM_Register_t@@PAJPAKK@Z
?COMM_Close@@YG?AW4CommRet_e@@KK_NPAJK@Z

ctwinalm

?ALM_Open@@YG?AW4AlmRet_e@@PAKPAJK@Z
?ALM_GetXMLModuleInfo@@YGPADXZ
?ALM_WriteMsg_Alarme@@YG?AW4AlmRet_e@@KPAUALM_Alarme_t@@PAJK@Z
?ALM_Close@@YG?AW4AlmRet_e@@KPAJK@Z
?ALM_Free@@YGXPAX@Z
?ALM_Init@@YG?AW4AlmRet_e@@PADPAJ@Z

ctwinuni

?UNI_Lecture@@YG?AW4UniRet_e@@KPAUUNI_ParamLecture_t@@PAKPAJK@Z
?UNI_Free@@YGXPAX@Z
?UNI_Init@@YG?AW4UniRet_e@@PAD@Z
?UNI_Open@@YG?AW4UniRet_e@@PAUUNI_ParamOpen_t@@PAKPAJK@Z
?UNI_Publications@@YG?AW4UniRet_e@@KPAUUNI_ParamPublications_t@@@Z
?UNI_AnnulDemande@@YG?AW4UniRet_e@@KKPAJK@Z
?UNI_Advise@@YG?AW4UniRet_e@@KPAUUNI_ParamAdvise_t@@PAKPAJK@Z
?UNI_Ecriture@@YG?AW4UniRet_e@@KPAUUNI_ParamEcriture_t@@PAJK@Z
?UNI_Close@@YG?AW4UniRet_e@@KK@Z
?UNI_GetXMLModuleInfo@@YGPADXZ

ctwinacqsrv

?ACQSRV_ModifyPublishedVar@@YG?AW4AcqSrvRet_e@@KPAUACQ_UnfixedProp_t@@PAX1@Z
?ACQSRV_StopServeur@@YG?AW4AcqSrvRet_e@@PAJK@Z
?ACQSRV_GetXMLModuleInfo@@YGPADXZ
?ACQSRV_Free@@YGXPAX@Z
?ACQSRV_FermeturePublication@@YG?AW4AcqSrvRet_e@@KPAUACQSRV_Variable@@@Z
?ACQSRV_OuverturePublication@@YG?AW4AcqSrvRet_e@@KPAUACQSRV_Variable@@@Z
?ACQSRV_StartServeur@@YG?AW4AcqSrvRet_e@@PADKPAJK@Z

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

GetCurrentProcessId
GetLongPathNameW
GetCurrentThreadId
GetTickCount
WideCharToMultiByte
SetEndOfFile
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
HeapFree
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetCommandLineA
RtlUnwind
RaiseException
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
CopyFileW
CopyFileA
MoveFileW
LocalAlloc
FindFirstFileW
SetErrorMode
FindFirstFileA
FindClose
SetConsoleCtrlHandler
GetModuleHandleA
LoadLibraryA
GetModuleFileNameW
GetCurrentProcess
FreeLibrary
GetPrivateProfileSectionNamesA
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetProcAddress
LoadLibraryW
GetPrivateProfileIntA
lstrlenA
WritePrivateProfileStringW
GetPrivateProfileStringW
MultiByteToWideChar
Sleep
InterlockedDecrement
InterlockedIncrement
WriteConsoleW
CreateFileW
FlushFileBuffers
FormatMessageA
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetSystemTimeAsFileTime
HeapAlloc
GetConsoleOutputCP
DeleteFileW
GetStringTypeW
GetStringTypeA
HeapReAlloc
VirtualAlloc
HeapSize
LCMapStringW
LCMapStringA
GetConsoleCP
ReadFile
QueryPerformanceCounter
VirtualFree
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteFile
ExitProcess
GetCurrentDirectoryA
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
CloseHandle
GetFullPathNameA
SetFilePointer
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
GetCPInfo
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
GetLastError

user32

DestroyWindow
CreateWindowExA
PeekMessageA
MessageBoxA
CharUpperA
DispatchMessageA
TranslateMessage

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegEnumValueA

ole32

CoCreateInstance
CoCreateInstanceEx
CoInitializeEx
CoInitialize
CoInitializeSecurity

oleaut32

GetErrorInfo
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayRedim
SafeArrayCreate
SafeArrayPutElement
SysStringLen
SysFreeString
SysStringByteLen
VariantChangeType
VariantInit
SysAllocStringByteLen
VariantCopy
VariantClear
SysAllocString

xerces-c_2_2_0

?docPI@AbstractDOMParser@xercesc_2_2@@UAEXQBG0@Z
?endDocument@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?endElement@AbstractDOMParser@xercesc_2_2@@UAEXABVXMLElementDecl@2@I_NQBG@Z
?endEntityReference@AbstractDOMParser@xercesc_2_2@@UAEXABVXMLEntityDecl@2@@Z
?ignorableWhitespace@AbstractDOMParser@xercesc_2_2@@UAEXQBGI_N@Z
?resetDocument@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?startDocument@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?startElement@AbstractDOMParser@xercesc_2_2@@UAEXABVXMLElementDecl@2@IQBGABV?$RefVectorOf@VXMLAttr@xercesc_2_2@@@2@I_N3@Z
?startEntityReference@AbstractDOMParser@xercesc_2_2@@UAEXABVXMLEntityDecl@2@@Z
?XMLDecl@AbstractDOMParser@xercesc_2_2@@UAEXQBG000@Z
?createElementNSNode@AbstractDOMParser@xercesc_2_2@@MAEPAVDOMElement@2@PBG0@Z
?error@XercesDOMParser@xercesc_2_2@@UAEXIQBGW4ErrTypes@XMLErrorReporter@2@000JJ@Z
?resetErrors@XercesDOMParser@xercesc_2_2@@UAEXXZ
?endInputSource@XercesDOMParser@xercesc_2_2@@UAEXABVInputSource@2@@Z
?expandSystemId@XercesDOMParser@xercesc_2_2@@UAE_NQBGAAVXMLBuffer@2@@Z
?resetEntities@XercesDOMParser@xercesc_2_2@@UAEXXZ
?resolveEntity@XercesDOMParser@xercesc_2_2@@UAEPAVInputSource@2@QBG00@Z
?startInputSource@XercesDOMParser@xercesc_2_2@@UAEXABVInputSource@2@@Z
?attDef@AbstractDOMParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@ABVDTDAttDef@2@_N@Z
?doctypeComment@AbstractDOMParser@xercesc_2_2@@UAEXQBG@Z
?doctypeDecl@AbstractDOMParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@QBG1_N2@Z
?doctypePI@AbstractDOMParser@xercesc_2_2@@UAEXQBG0@Z
?doctypeWhitespace@AbstractDOMParser@xercesc_2_2@@UAEXQBGI@Z
?elementDecl@AbstractDOMParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@_N@Z
?endAttList@AbstractDOMParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@@Z
?endIntSubset@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?endExtSubset@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?entityDecl@AbstractDOMParser@xercesc_2_2@@UAEXABVDTDEntityDecl@2@_N1@Z
?resetDocType@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?notationDecl@AbstractDOMParser@xercesc_2_2@@UAEXABVXMLNotationDecl@2@_N@Z
?startAttList@AbstractDOMParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@@Z
?startIntSubset@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?startExtSubset@AbstractDOMParser@xercesc_2_2@@UAEXXZ
?TextDecl@AbstractDOMParser@xercesc_2_2@@UAEXQBG0@Z
?makeStream@LocalFileInputSource@xercesc_2_2@@UBEPAVBinInputStream@2@XZ
?getEncoding@InputSource@xercesc_2_2@@UBEPBGXZ
?getPublicId@InputSource@xercesc_2_2@@UBEPBGXZ
?getSystemId@InputSource@xercesc_2_2@@UBEPBGXZ
?getIssueFatalErrorIfNotFound@InputSource@xercesc_2_2@@UBE?B_NXZ
?setEncoding@InputSource@xercesc_2_2@@UAEXQBG@Z
?setPublicId@InputSource@xercesc_2_2@@UAEXQBG@Z
?setSystemId@InputSource@xercesc_2_2@@UAEXQBG@Z
?setIssueFatalErrorIfNotFound@InputSource@xercesc_2_2@@UAEX_N@Z
?makeStream@MemBufInputSource@xercesc_2_2@@UBEPAVBinInputStream@2@XZ
??1XercesDOMParser@xercesc_2_2@@UAE@XZ
??1MemBufInputSource@xercesc_2_2@@UAE@XZ
??1LocalFileInputSource@xercesc_2_2@@UAE@XZ
?getRawBuffer@MemBufFormatTarget@xercesc_2_2@@QBEPBEXZ
??0MemBufFormatTarget@xercesc_2_2@@QAE@H@Z
?writeChars@MemBufFormatTarget@xercesc_2_2@@UAEXQBEIQAVXMLFormatter@2@@Z
?flush@XMLFormatTarget@xercesc_2_2@@UAEXXZ
??1MemBufFormatTarget@xercesc_2_2@@UAE@XZ
??0LocalFileFormatTarget@xercesc_2_2@@QAE@QBD@Z
?getDOMImplementation@DOMImplementationRegistry@xercesc_2_2@@SAPAVDOMImplementation@2@PBG@Z
?fgDOMWRTFormatPrettyPrint@XMLUni@xercesc_2_2@@2QBGB
?Terminate@XMLPlatformUtils@xercesc_2_2@@SAXXZ
?getSystemId@SAXParseException@xercesc_2_2@@QBEPBGXZ
?getLineNumber@SAXParseException@xercesc_2_2@@QBEJXZ
?getColumnNumber@SAXParseException@xercesc_2_2@@QBEJXZ
??_7ErrorHandler@xercesc_2_2@@6B@
?docComment@AbstractDOMParser@xercesc_2_2@@UAEXQBG@Z
?error@HandlerBase@xercesc_2_2@@UAEXABVSAXParseException@2@@Z
?warning@HandlerBase@xercesc_2_2@@UAEXABVSAXParseException@2@@Z
?setDocumentLocator@HandlerBase@xercesc_2_2@@UAEXQBVLocator@2@@Z
?resetDocument@HandlerBase@xercesc_2_2@@UAEXXZ
?processingInstruction@HandlerBase@xercesc_2_2@@UAEXQBG0@Z
?ignorableWhitespace@HandlerBase@xercesc_2_2@@UAEXQBGI@Z
?resetDocType@HandlerBase@xercesc_2_2@@UAEXXZ
?unparsedEntityDecl@HandlerBase@xercesc_2_2@@UAEXQBG000@Z
?notationDecl@HandlerBase@xercesc_2_2@@UAEXQBG00@Z
?resolveEntity@HandlerBase@xercesc_2_2@@UAEPAVInputSource@2@QBG0@Z
??_7EntityResolver@xercesc_2_2@@6B@
??_7DTDHandler@xercesc_2_2@@6B@
??_7DocumentHandler@xercesc_2_2@@6B@
?fgXercescDefaultLocale@XMLUni@xercesc_2_2@@2QBDB
?Initialize@XMLPlatformUtils@xercesc_2_2@@SAXQBD@Z
??1HandlerBase@xercesc_2_2@@UAE@XZ
?transcode@XMLString@xercesc_2_2@@SAPADQBG@Z
?release@XMLString@xercesc_2_2@@SAXPAPAD@Z
??1SAXParser@xercesc_2_2@@UAE@XZ
?TextDecl@SAXParser@xercesc_2_2@@UAEXQBG0@Z
?startExtSubset@SAXParser@xercesc_2_2@@UAEXXZ
?startIntSubset@SAXParser@xercesc_2_2@@UAEXXZ
?startAttList@SAXParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@@Z
?notationDecl@SAXParser@xercesc_2_2@@UAEXABVXMLNotationDecl@2@_N@Z
?resetDocType@SAXParser@xercesc_2_2@@UAEXXZ
?entityDecl@SAXParser@xercesc_2_2@@UAEXABVDTDEntityDecl@2@_N1@Z
?endExtSubset@SAXParser@xercesc_2_2@@UAEXXZ
?endAttList@SAXParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@@Z
?elementDecl@SAXParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@_N@Z
?doctypeWhitespace@SAXParser@xercesc_2_2@@UAEXQBGI@Z
?doctypePI@SAXParser@xercesc_2_2@@UAEXQBG0@Z
?doctypeDecl@SAXParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@QBG1_N2@Z
?doctypeComment@SAXParser@xercesc_2_2@@UAEXQBG@Z
?attDef@SAXParser@xercesc_2_2@@UAEXABVDTDElementDecl@2@ABVDTDAttDef@2@_N@Z
?startInputSource@SAXParser@xercesc_2_2@@UAEXABVInputSource@2@@Z
?resolveEntity@SAXParser@xercesc_2_2@@UAEPAVInputSource@2@QBG00@Z
?resetEntities@SAXParser@xercesc_2_2@@UAEXXZ
?expandSystemId@SAXParser@xercesc_2_2@@UAE_NQBGAAVXMLBuffer@2@@Z
?endInputSource@SAXParser@xercesc_2_2@@UAEXABVInputSource@2@@Z
?resetErrors@SAXParser@xercesc_2_2@@UAEXXZ
?error@SAXParser@xercesc_2_2@@UAEXIQBGW4ErrTypes@XMLErrorReporter@2@000JJ@Z
?XMLDecl@SAXParser@xercesc_2_2@@UAEXQBG000@Z
?startEntityReference@SAXParser@xercesc_2_2@@UAEXABVXMLEntityDecl@2@@Z
?startElement@SAXParser@xercesc_2_2@@UAEXABVXMLElementDecl@2@IQBGABV?$RefVectorOf@VXMLAttr@xercesc_2_2@@@2@I_N3@Z
?startDocument@SAXParser@xercesc_2_2@@UAEXXZ
?resetDocument@SAXParser@xercesc_2_2@@UAEXXZ
?ignorableWhitespace@SAXParser@xercesc_2_2@@UAEXQBGI_N@Z
?endEntityReference@SAXParser@xercesc_2_2@@UAEXABVXMLEntityDecl@2@@Z
?endElement@SAXParser@xercesc_2_2@@UAEXABVXMLElementDecl@2@I_NQBG@Z
?endDocument@SAXParser@xercesc_2_2@@UAEXXZ
?docPI@SAXParser@xercesc_2_2@@UAEXQBG0@Z
?docComment@SAXParser@xercesc_2_2@@UAEXQBG@Z
?docCharacters@SAXParser@xercesc_2_2@@UAEXQBGI_N@Z
?parse@SAXParser@xercesc_2_2@@UAEXABVInputSource@2@@Z
?parse@SAXParser@xercesc_2_2@@UAEXQBG@Z
?parse@SAXParser@xercesc_2_2@@UAEXQBD@Z
?setErrorHandler@SAXParser@xercesc_2_2@@UAEXQAVErrorHandler@2@@Z
?setDocumentHandler@SAXParser@xercesc_2_2@@UAEXQAVDocumentHandler@2@@Z
?setDTDHandler@SAXParser@xercesc_2_2@@UAEXQAVDTDHandler@2@@Z
?setEntityResolver@SAXParser@xercesc_2_2@@UAEXQAVEntityResolver@2@@Z
??0SAXParser@xercesc_2_2@@QAE@QAVXMLValidator@1@@Z
?setValidationScheme@SAXParser@xercesc_2_2@@QAEXW4ValSchemes@12@@Z
?docCharacters@AbstractDOMParser@xercesc_2_2@@UAEXQBGI_N@Z
??0XercesDOMParser@xercesc_2_2@@QAE@QAVXMLValidator@1@@Z
?setValidationScheme@AbstractDOMParser@xercesc_2_2@@QAEXW4ValSchemes@12@@Z
?setDoNamespaces@AbstractDOMParser@xercesc_2_2@@QAEX_N@Z
?setValidationSchemaFullChecking@AbstractDOMParser@xercesc_2_2@@QAEX_N@Z
?setDoSchema@AbstractDOMParser@xercesc_2_2@@QAEX_N@Z
?setExternalNoNamespaceSchemaLocation@AbstractDOMParser@xercesc_2_2@@QAEXQBG@Z
?setErrorHandler@XercesDOMParser@xercesc_2_2@@QAEXQAVErrorHandler@2@@Z
?resetDocumentPool@XercesDOMParser@xercesc_2_2@@QAEXXZ
??0LocalFileInputSource@xercesc_2_2@@QAE@QBG@Z
??0MemBufInputSource@xercesc_2_2@@QAE@QBEIQBG_N@Z
?parse@AbstractDOMParser@xercesc_2_2@@QAEXABVInputSource@2@@Z
?getDocument@AbstractDOMParser@xercesc_2_2@@QAEPAVDOMDocument@2@XZ
??1LocalFileFormatTarget@xercesc_2_2@@UAE@XZ
?flush@LocalFileFormatTarget@xercesc_2_2@@UAEXXZ
?resetErrors@HandlerBase@xercesc_2_2@@UAEXXZ
?writeChars@LocalFileFormatTarget@xercesc_2_2@@UAEXQBEIQAVXMLFormatter@2@@Z
?endIntSubset@SAXParser@xercesc_2_2@@UAEXXZ

Sections

.text
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CTViewSe
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_715c569af404372846656d9d26599104.vir
Virussign.2024.06.08/virussign.com_71d2959138d9faed59203f160f020da5.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_7233f8dd8c89513112139ea973d0d667.vir
.exe windows:6 windows x64 arch:x64

71056c76ca6e51ed788c01bdc5fd5562

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:46:73:ef:a0:69:7a:cc:25:13:b5:80:43:e5:d1:33
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14-03-2019 00:00

Not After

20-05-2021 12:00

Subject

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:37:67:d3:ce:d5:a5:df:b0:cd:95:df:9f:c8:58:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-03-2019 00:00

Not After

20-05-2021 12:00

Subject

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

69:98:86:11:d9:b2:5a:17:72:0a:04:7b:c8:6e:83:8c:59:fd:55:e8:fd:cb:64:1c:43:1f:f8:cc:5d:ee:c5:79
Signer

Actual PE Digest

69:98:86:11:d9:b2:5a:17:72:0a:04:7b:c8:6e:83:8c:59:fd:55:e8:fd:cb:64:1c:43:1f:f8:cc:5d:ee:c5:79

Digest Algorithm

sha256

PE Digest Matches

true

15:eb:62:01:36:95:96:da:e6:53:e7:c3:0a:16:f1:c1:00:0a:1d:56
Signer

Actual PE Digest

15:eb:62:01:36:95:96:da:e6:53:e7:c3:0a:16:f1:c1:00:0a:1d:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Bamboo\home\xml-data\build-dir\CST-DLIN-SOURCES\bin\x64\ReleaseMT\bdreinit.pdb

Imports

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

dbghelp

MiniDumpWriteDump

shlwapi

PathAddBackslashW
PathFindFileNameW
PathIsRelativeW
PathRemoveFileSpecW
PathRemoveBackslashW
PathFileExistsW

kernel32

LoadLibraryW
DeviceIoControl
GetTickCount64
GetModuleFileNameA
GetLocalTime
CloseHandle
UnmapViewOfFile
MapViewOfFile
LocalFree
CreateFileMappingA
LocalAlloc
SetFileAttributesA
CreateDirectoryA
GetCurrentProcessId
FileTimeToSystemTime
GetCurrentProcess
GetProcessTimes
ExpandEnvironmentStringsA
OutputDebugStringW
GetCurrentThreadId
WaitForSingleObject
OutputDebugStringA
GetModuleHandleA
FindClose
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetFileSize
GetProcAddress
ReadFile
OpenProcess
CreateMutexW
OpenFileMappingW
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
DeleteFileW
SetEvent
Sleep
CreateEventW
ReleaseMutex
GetFileAttributesW
ExpandEnvironmentStringsW
CreateDirectoryW
ProcessIdToSessionId
OpenFileById
GetFileInformationByHandleEx
GetShortPathNameW
SetEndOfFile
FlushFileBuffers
TerminateProcess
CreateProcessW
ReadProcessMemory
LocalReAlloc
SetFileAttributesW
GetTimeZoneInformation
SetStdHandle
FreeLibrary
GetFileInformationByHandle
CreateFileW
WideCharToMultiByte
GetLastError
FormatMessageW
MultiByteToWideChar
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapSize
WriteConsoleW
SetFilePointer
FindFirstFileExW
ReadConsoleW
HeapReAlloc
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapFree
HeapAlloc
WriteFile
GetStdHandle
RtlUnwind
FindNextFileW
GetFileAttributesExW
SetFilePointerEx
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetStringTypeW
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwindEx
RtlPcToFileHeader
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryW
GetModuleHandleExW
ExitProcess

advapi32

CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CreateProcessAsUserW
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountSidW
GetTokenInformation
OpenProcessToken
SetFileSecurityW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoCreateGuid
CoUninitialize
CoInitialize

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 641KB - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_72f9d36fdb9d673972ca3f723e0b7f84.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\projectsVisual\beliano\Belianogames\obj\Release\Lineage II Death.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_73d65a58b7e8751750ee063d1cec4fed.vir
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_74c9fae9550484bb65e4b36b16939d9d.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_74dbcc683ce97e65e52fe0f5fc35f96b.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_756abcb7a8d64d0cfabe5297af8124ae.vir
.dll windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 287KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_7779220505e0ec3228627377a5871fef.vir
.dll windows:4 windows x86 arch:x86

24b3d2952588080766f7fd68e6e8f755

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
RaiseException

Exports

Exports

LookupAccountNameW
LookupAccountSidW
LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
LookupPrivilegeValueW
LsaEnumerateTrustedDomains
LsaManageSidNameMapping

Sections

.text
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_778292b378000bc31c04366232c22083.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_78beb72ec6d602b9624731e330df1fb7.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_793db4eb1b3849174c720fea121dddee.vir
.exe windows:5 windows x86 arch:x86

bc6227cc297eafe8b983449b17c815c6

Code Sign

78:e0:cf:8a:f2:b7:65:b8:4c:97:52:0e:fa:a1:4d:a6
Certificate

Issuer

CN={97F60CF3-7A2A-4CE4-9A5C-E60B15D651BE}

Not Before

07-11-2014 13:03

Not After

07-11-2015 19:03

Subject

CN={97F60CF3-7A2A-4CE4-9A5C-E60B15D651BE}

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:3d:bd:31:5f:05:8b:37:74:29:9e:ae:b9:62:9c:61:3a:39:01:94
Signer

Actual PE Digest

10:3d:bd:31:5f:05:8b:37:74:29:9e:ae:b9:62:9c:61:3a:39:01:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

kernel32

GetNativeSystemInfo
EndUpdateResourceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetEvent
CreateEventW
LoadResource
LockResource
SizeofResource
FindResourceW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
GetTempFileNameW
ReadFile
GetTempPathW
GetCurrentProcess
OpenProcess
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
GetModuleFileNameW
GlobalAlloc
GlobalFree
LocalFree
FormatMessageW
CopyFileW
GetDateFormatW
GetTimeFormatW
CompareStringW
WideCharToMultiByte
GetVersion
GetModuleHandleW
RaiseException
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
Sleep
HeapSetInformation
SetFilePointer
GetDiskFreeSpaceExW
CreateFileW
DeleteCriticalSection
CreateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrlenW
SetEndOfFile
MulDiv
GetTickCount
GetExitCodeProcess
LoadLibraryW
GetSystemInfo
SwitchToThread
FindNextFileW
UpdateResourceA
BeginUpdateResourceA
FindResourceA
lstrlenA
DeleteFileA
CreateFileA
UpdateResourceW
BeginUpdateResourceW
GetEnvironmentVariableA
ReadConsoleW
WriteConsoleW
SetStdHandle
HeapReAlloc
LCMapStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
OutputDebugStringW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
HeapSize
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FindFirstFileW
FindClose
GetProcAddress
FreeLibrary
WaitForSingleObject
GetLastError
CloseHandle
WriteFile
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
LoadLibraryExA
GetCommandLineW
RtlUnwind
GetCPInfo
HeapFree
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType

gdi32

GetStockObject
EnumFontFamiliesExW
DeleteObject
CreateFontIndirectW
GetObjectW
GetTextMetricsW
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
DeleteDC
CreateCompatibleDC

ole32

CoUninitialize
CoInitialize

secur32

GetComputerObjectNameW

shell32

ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteA

user32

SystemParametersInfoW
IsDialogMessageW
LoadImageW
LoadIconW
LoadCursorW
SetClassLongW
ScreenToClient
GetWindowRect
GetClientRect
SetWindowTextW
ShowScrollBar
SetForegroundWindow
EnableWindow
GetFocus
SetFocus
SendDlgItemMessageW
SetDlgItemTextW
GetDlgItem
CreateDialogIndirectParamW
CreateDialogParamW
MoveWindow
ShowWindow
DestroyWindow
SendMessageW
SendMessageA
PeekMessageW
DispatchMessageW
TranslateMessage
ExitWindowsEx
MessageBoxW
ReleaseDC
GetDC
DrawTextW
GetSystemMetrics
GetDialogBaseUnits
MessageBoxA
SetCursor
MsgWaitForMultipleObjects

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

wininet

InternetCrackUrlW
InternetCombineUrlW

msi

ord8
ord78
ord150
ord92

Exports

Exports

_DecodePointerInternal@4
_EncodePointerInternal@4

Sections

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_79c8ab479ee3622baf2f49d034ed0fa4.vir
.exe windows:4 windows x86 arch:x86

1c829295060bee5b39db5f21e20abecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
ExitProcess
GetCurrentProcess
CopyFileW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
GetUserDefaultLangID
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
ReadFile
MultiByteToWideChar
SetFilePointer
WriteFile
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
CreateDialogParamW
DestroyWindow
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_7a6c29203cc195a613a0ea96d393df6b.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Autocompile\Test\pa_dotnet10.10win\practice_analytics\ETLWarehouse\InfoCentral\Programs\PAPingUrl\PAPingUrl\obj\Release\PAPingUrl.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_7a9d51d901659121a8104b013a8c6cb2.vir
Virussign.2024.06.08/virussign.com_7ac4479388cf4325493258ac62658112.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\chono\Documents\e12287\work\peaks\97_光源色SDK\trunk\MISDK\nxBusiness\Kmop.BusinessProxy\obj\Release\Kmop.BusinessProxy.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_7b794663d1ab76a38adc07c4676d0457.vir
.dll windows:5 windows x86 arch:x86

5705b8147d2c339f8b7ab8c493739616

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Project\Windows\winscan_r\Release\LLD_Drv.pdb

Imports

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
StrCmpNIA

ws2_32

WSAStartup
WSAGetLastError
send
closesocket
WSACleanup
getaddrinfo
socket
connect
freeaddrinfo
setsockopt
htons
inet_addr
bind
sendto
recvfrom
htonl
gethostbyname
inet_ntoa
recv

kernel32

SetErrorMode
GetCurrentProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
InterlockedIncrement
CompareStringW
GetVersionExA
lstrcmpW
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
GetModuleHandleA
InterlockedExchange
CompareStringA
LocalReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
GetFileType
GetStdHandle
RtlUnwind
GetCommandLineA
ExitProcess
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
HeapSize
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetCurrentThreadId
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
GetTimeZoneInformation
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
GetProcessHeap
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
lstrlenA
lstrcmpA
InterlockedDecrement
GetModuleHandleW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
TlsFree
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
SetLastError
lstrlenW
GetFileSize
CreateMutexW
OpenMutexW
CreateFileW
CreateMutexA
OpenMutexA
lstrcmpiA
DeviceIoControl
CreateFileA
GetPrivateProfileIntW
GetTempPathA
ReadFile
WriteFile
GetTickCount
SetThreadExecutionState
ResumeThread
SetThreadPriority
CreateThread
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
GetWindowsDirectoryW
FormatMessageW
OutputDebugStringA
GetProcAddress
FreeLibrary
LoadLibraryW
GetPrivateProfileStringW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetTempPathW
GetSystemTime
OutputDebugStringW
DeleteFileW
Sleep
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
GetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW

user32

PostQuitMessage
DestroyMenu
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
wsprintfW
GetSystemMetrics
CharUpperW
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowTextW
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
ValidateRect
PeekMessageW
IsWindowEnabled
EnableWindow
GetKeyState
SendMessageW
DispatchMessageW
CallNextHookEx
SetWindowsHookExW
UnregisterClassW
MessageBoxW
MapWindowPoints

gdi32

SetMapMode
DeleteDC
GetStockObject
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

wininet

InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetOptionA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

iphlpapi

GetIpAddrTable

wsock32

ntohl

oleaut32

VariantInit
VariantClear
VariantChangeType

Exports

Exports

ScanDrv_AbortScan
ScanDrv_BroadcastMFP
ScanDrv_CancelScan
ScanDrv_CheckConnect
ScanDrv_Close
ScanDrv_DetectNetMFP
ScanDrv_GetADFStatus
ScanDrv_GetCurScanLineNum
ScanDrv_GetCurTransferSize
ScanDrv_GetLastError
ScanDrv_GetNextPushStatus
ScanDrv_GetScanParameter
ScanDrv_IsDocumentInFeeder
ScanDrv_LocateMFP
ScanDrv_Open
ScanDrv_Open_C
ScanDrv_Open_K
ScanDrv_Open_L
ScanDrv_ReadScanData
ScanDrv_SetAutofeed
ScanDrv_SetBackRotation
ScanDrv_SetCallBackFun
ScanDrv_SetContinueFlag
ScanDrv_SetExtraParam
ScanDrv_SetHorizontal
ScanDrv_SetResolution1200
ScanDrv_SetScanParameter
ScanDrv_SetScanParameterAdj
ScanDrv_StartScan

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_7c3fff8b862cbc91e45ea9842dcd56d1.vir
.exe windows:4 windows x64 arch:x64

e7d5dacc0da7481a9d9e940b4b83da49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\data\buildbot-pdk-slave\pdk-aswinx64\build\src\PerlApp\src\paperl516.pdb

Imports

comctl32

ord17

kernel32

FreeLibrary
SystemTimeToFileTime
SetFileTime
InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
FindFirstFileA
GetLastError
GetProcAddress
EnterCriticalSection
FindClose
LoadLibraryA
SetEnvironmentVariableA
GetModuleFileNameA
FindNextFileA
GetModuleHandleA
LoadLibraryExA
DeleteCriticalSection
CreateFileA
OutputDebugStringA
GetVersionExA
CloseHandle
GetFileInformationByHandle
GetTempPathA
FindResourceA
LoadResource
LockResource
SetLastError
VirtualProtect
VirtualFree
RtlDeleteFunctionTable
RtlAddFunctionTable
VirtualAlloc
MultiByteToWideChar
ExitThread
RtlLookupFunctionEntry
RtlVirtualUnwind
GetComputerNameA
GetShortPathNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext

user32

MessageBoxA

advapi32

GetUserNameA

msvcrt

strchr
fflush
atoi
_errno
strncpy
fgets
_environ
fread
rand
localtime
srand
isdigit
fwrite
toupper
time
atol
getenv
fclose
memmove
strrchr
memset
strcmp
memcpy
strcpy
strlen
wcscmp
memcmp
_rmdir
_chmod
_fileno
_putenv
_strdup
strstr
_getpid
_strnicmp
_unlink
_dup2
_mkdir
_stricmp
__dllonexit
_onexit
__C_specific_handler
_XcptFilter
_c_exit
_exit
_cexit
exit
__initenv
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
vsprintf
perror
sprintf
fputc
abort
_iob
fprintf
malloc
free
_stat
fputs
fopen
calloc
_setjmp

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_7c53fe3466640c1cb13f6c6d259bf0bd.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_7c87ffbd520b3c3a1045c66a2c6f3c88.vir
.dll windows:6 windows x64 arch:x64

f6ad4974040c15a050117c62e1838d34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

sdl2

SDL_PushEvent
SDL_WasInit
SDL_InitSubSystem
SDL_strlen
SDL_QuitSubSystem
SDL_setenv
SDL_GetError
SDL_strncasecmp
SDL_getenv

sdl2_mixer

Mix_Playing
Mix_PlayChannelTimed
Mix_GroupCount
Mix_HaltGroup
Mix_HaltChannel
Mix_FreeChunk
Mix_Resume
Mix_GroupOldest
Mix_HaltMusic
Mix_LoadWAV_RW
Mix_GroupAvailable
Mix_FreeMusic
Mix_VolumeMusic
Mix_QuickLoad_RAW
Mix_FadeOutGroup
Mix_CloseAudio
Mix_AllocateChannels
Mix_Pause
Mix_SetPanning
Mix_QuerySpec
Mix_VolumeChunk
Mix_ReserveChannels
Mix_FadeOutChannel
Mix_Volume
Mix_Linked_Version
Mix_OpenAudioDevice
Mix_FadeInChannelTimed
Mix_GroupChannel
Mix_ChannelFinished

python37

PyExc_SystemError
PyDict_Keys
PyBuffer_Release
PyEval_RestoreThread
_PyArg_ParseTuple_SizeT
PyModule_AddObject
PyCapsule_GetPointer
PyObject_Free
PyErr_Format
_PyArg_ParseTupleAndKeywords_SizeT
PyExc_ValueError
PyErr_SetString
PyExc_IndexError
PyDict_Size
PyDict_SetItemString
_Py_NoneStruct
PyGILState_Release
PyLong_FromUnsignedLongLong
PyLong_FromLong
PyExc_RuntimeError
PyEval_SaveThread
PyErr_Occurred
PyImport_ImportModule
PyType_GenericNew
_Py_BuildValue_SizeT
PyBool_FromLong
PyMem_Malloc
PyCapsule_Type
PyExc_TypeError
_PyObject_New
PyGILState_Ensure
PyBytes_FromStringAndSize
PyDict_GetItemString
PyErr_NoMemory
PyMem_Free
PyDict_New
PyCapsule_New
PyErr_Clear
PyObject_GetAttrString
PyType_Ready
PyModule_Create2
PyFloat_FromDouble
PyObject_GetBuffer
PyObject_ClearWeakRefs

kernel32

RtlCaptureContext
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent

vcruntime140

memset
__std_type_info_destroy_list
__C_specific_handler
memcpy

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_narrow_environment

Exports

Exports

PyInit_mixer

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_7c8fa3f16cebab2d36bb0ec016b916a8.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:30:30:3e:28:0c:ec:3c:4d:01:00:00:00:00:01:30
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-09-2019 20:40

Not After

04-12-2020 20:40

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:a9:71:aa:3f:24:98:c6:88:11:c7:57:d7:0e:36:70:4a:38:7f:3e
Signer

Actual PE Digest

9a:a9:71:aa:3f:24:98:c6:88:11:c7:57:d7:0e:36:70:4a:38:7f:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\2284\s\artifacts\NuGet.Versioning\15.0\obj\release\net472\NuGet.Versioning.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_7c9a2c2089e924360c91fae8aff38b8c.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:04:64:88:d9:39:7c:f3:96:c7:00:00:00:00:01:04
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2018 20:20

Not After

23-11-2019 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:8D41-4BF7-B3B7,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:52:21:9b:aa:e8:59:40:f6:94:8d:84:74:3e:0b:1f:63:85:46:42
Signer

Actual PE Digest

1c:52:21:9b:aa:e8:59:40:f6:94:8d:84:74:3e:0b:1f:63:85:46:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.Collections.Specialized\4.0.3.0\System.Collections.Specialized.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_7d956bb68d5702e275ca47fed190338f.vir
Virussign.2024.06.08/virussign.com_7e0c358dd58d5baaaac39e3e4de74dd5.vir
.exe windows:5 windows x86 arch:x86

d23314c5bd8326712a667023f475bd80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

conime.pdb

Imports

kernel32

GetModuleHandleA
RegisterConsoleIME
UnregisterConsoleIME
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
lstrlenW
lstrcpyW
lstrcatW
lstrcpynW
WideCharToMultiByte
GetSystemDirectoryW
SetCurrentDirectoryW
OpenEventW
SetEvent
CloseHandle
LocalAlloc
LocalFree
GetStartupInfoA
GetCurrentThreadId

user32

IsWindowEnabled
ActivateKeyboardLayout
PostMessageW
GetKeyboardLayoutList
SendMessageTimeoutW
PostQuitMessage
SetForegroundWindow
DefWindowProcW
EnableWindow
DestroyWindow
GetKeyState
GetKeyboardLayoutNameW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
LoadIconW
LoadCursorW
RegisterClassW
GetSystemMetrics
CreateWindowExW
UnregisterClassW
AttachThreadInput

ntdll

RtlLeaveCriticalSection
NtOpenProcessToken
RtlUnicodeToMultiByteSize
NtQueryInformationToken
NtClose
RtlInitializeCriticalSection
NtQueryVirtualMemory
RtlUnwind
RtlCopyLuid
RtlEnterCriticalSection

imm32

ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmGetGuideLineW
ImmSetConversionStatus
ImmSimulateHotKey
ImmGetIMEFileNameW
ImmEscapeW
ImmDisableTextFrameService
ImmGetOpenStatus
ImmNotifyIME
ImmGetCandidateListW
ImmGetCompositionStringW
ImmSetActiveContextConsoleIME
ImmTranslateMessage
ImmCallImeConsoleIME
ImmGetProperty
ImmCreateContext
ImmAssociateContext
ImmSetOpenStatus
ImmDestroyContext
ImmIsIME

gdi32

GetStockObject

msvcrt

_controlfp
__set_app_type
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_7edf00e6eebab3d1fb2589dd94d0eab4.vir
.exe windows:4 windows x86 arch:x86

b55f776e57c6a6e791d3ddbe3178ef57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

LoadLibraryA
FreeLibrary
lstrcatA
lstrlenA
ExitProcess
VirtualAlloc
GetProcAddress

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 1024B - Virtual size: 530B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 398B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_7f8b090394b1edded7fbd46ceb5e07cc.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_7fa977bc953258395c3b65251e2ea48c.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_802d4576ea387df74bdc734012b44ad6.vir
.exe windows:4 windows x86 arch:x86

7dbc50c83053e6a48098c9dda944b0a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823
ord2107
ord941
ord939
ord819
ord700
ord801
ord6145
ord6143
ord568
ord398
ord541
ord5863
ord6883
ord913
ord1168
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord6383
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord561
ord1575
ord4204
ord859
ord5710
ord5683
ord6283
ord4129
ord5856
ord532
ord353
ord4160
ord2784
ord1247
ord5440
ord2841
ord6394
ord5450
ord825
ord3663
ord540
ord537
ord940
ord858
ord800
ord2818
ord860
ord5714
ord535

msvcrt

_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_gcvt
_mbscmp
atof
_onexit
sprintf
strlen
_getcwd
_CxxThrowException
malloc
pow
abs
free
strcmp
strncmp
atoi
printf
fopen
_ftol
fabs
__CxxFrameHandler
fread
memset
memcpy
fclose
__dllonexit
strcpy
_itoa
_control87
floor
fgetc

kernel32

FormatMessageA
GlobalAlloc
GlobalLock
GlobalUnlock
GetSystemTime
SetCurrentDirectoryA
GetCommandLineA
GetModuleHandleA

user32

wsprintfA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

wsock32

WSAStartup
ntohs
ioctlsocket
htons
socket
gethostname
connect
select
send
WSAGetLastError
recv
closesocket
WSACleanup
gethostbyname
inet_ntoa
getservbyname

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

msvcirt

??6ostream@@QAEAAV0@PBD@Z
?cout@@3Vostream_withassign@@A
?endl@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@H@Z
??6ostream@@QAEAAV0@I@Z
??6ostream@@QAEAAV0@N@Z
??6ostream@@QAEAAV0@PBE@Z
??6ostream@@QAEAAV0@M@Z
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_80a565f4b3930d18b5135879c941a1c5.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_814ce1bab7f7c6da26b24b7622ebd41f.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_82d75d9eea43314d2ff9a73426cd7b21.vir
.dll windows:6 windows x86 arch:x86

6e5e69b454e7b25264187f727bfed70b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\source\repos\Dll1\Release\Dll1.pdb

Imports

kernel32

VirtualAlloc
CreateThread
CloseHandle
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
GetLastError
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
ReadFile
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
GetFileSizeEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
CreateFileW
HeapSize
SetEndOfFile
WriteConsoleW

Exports

Exports

Hdfes_bind_double
Hdfes_bind_int
Hdfes_bind_int64
Hdfes_bind_null
Hdfes_bind_parameter_count
Hdfes_bind_parameter_index
Hdfes_bind_parameter_name
Hdfes_bind_text
Hdfes_bind_text16
Hdfes_bind_value
Hdfes_bind_zeroblob
Hdfes_blob_bytes
Hdfes_blob_close
Hdfes_blob_open
Hdfes_blob_read
Hdfes_blob_reopen
Hdfes_blob_write
Hdfes_busy_handler
Hdfes_busy_timeout
Hdfes_changes
Hdfes_clear_bindings
Hdfes_close
Hdfes_collation_needed
Hdfes_collation_needed16
Hdfes_column_blob
Hdfes_column_bytes
Hdfes_column_bytes16
Hdfes_column_count
Hdfes_column_database_name
Hdfes_column_database_name16
Hdfes_column_decltype
Hdfes_column_decltype16
Hdfes_column_double
Hdfes_column_int
Hdfes_column_int64
Hdfes_column_name
Hdfes_column_name16
Hdfes_column_origin_name
Hdfes_column_origin_name16
Hdfes_column_table_name
Hdfes_column_table_name16
Hdfes_column_text
Hdfes_column_text16
Hdfes_column_type
Hdfes_column_value
Hdfes_commit_hook
Hdfes_compileoption_get
Hdfes_compileoption_used
Hdfes_complete
Hdfes_complete16
Hdfes_config
Hdfes_context_db_handle
Hdfes_create_collation
Hdfes_create_collation16
Hdfes_create_collation_v2
Hdfes_create_function
Hdfes_create_function16
Hdfes_create_function_v2
Hdfes_create_module
Hdfes_create_module_v2
Hdfes_data_count
Hdfes_db_config
Hdfes_db_filename
Hdfes_db_handle
Hdfes_db_mutex
Hdfes_db_readonly
Hdfes_db_release_memory
Hdfes_db_status
Hdfes_declare_vtab
Hdfes_enable_load_extension
Hdfes_enable_shared_cache
Hdfes_errcode
Hdfes_errmsg
Hdfes_errmsg16
Hdfes_exec
Hdfes_expired
Hdfes_extended_errcode
Hdfes_extended_result_codes
Hdfes_file_control
Hdfes_finalize
Hdfes_free
Hdfes_free_table
Hdfes_get_autocommit
Hdfes_get_auxdata
Hdfes_get_table
Hdfes_global_recover
Hdfes_initialize
Hdfes_interrupt
Hdfes_last_insert_rowid
Hdfes_libversion
png_access_version_number
png_build_grayscale_palette
png_check_cHRM_fixed
png_check_sig
png_chunk_error
png_chunk_warning
png_convert_from_struct_tm
png_convert_from_time_t
png_convert_to_rfc1123
png_create_info_struct
png_create_read_struct
png_create_read_struct_2
png_create_write_struct
png_create_write_struct_2
png_data_freer
png_destroy_info_struct
png_destroy_read_struct
png_destroy_struct
png_destroy_struct_2
png_destroy_write_struct
png_error
png_free
png_free_data
png_free_default
png_get_IHDR
png_get_PLTE
png_get_asm_flagmask
png_get_asm_flags
png_get_bKGD
png_get_bit_depth
png_get_cHRM
png_get_cHRM_fixed
png_get_channels
png_get_color_type
png_get_compression_buffer_size
png_get_compression_type
png_get_copyright
png_get_error_ptr
png_get_filter_type
png_get_gAMA
png_get_gAMA_fixed
png_get_hIST
png_get_header_ver
png_get_header_version
png_get_iCCP
png_get_image_height
png_get_image_width
png_get_int_32
png_get_interlace_type
png_get_io_ptr
png_get_oFFs
png_get_pCAL
png_get_pHYs
png_get_pixel_aspect_ratio
png_get_pixels_per_meter
png_get_progressive_ptr
png_get_rgb_to_gray_status
png_get_rowbytes
png_get_rows
png_get_sBIT
png_get_sCAL
png_get_sPLT
png_get_sRGB
png_get_signature
png_get_tIME
png_get_tRNS
png_get_text
png_get_uint_16
png_get_uint_31
png_get_uint_32
png_get_unknown_chunks
png_get_user_chunk_ptr
png_get_user_height_max
png_get_user_transform_ptr
png_get_user_width_max
png_get_valid
png_get_x_offset_microns
png_get_x_offset_pixels
png_get_x_pixels_per_meter
png_get_y_offset_microns
png_get_y_offset_pixels
png_get_y_pixels_per_meter
png_handle_as_unknown
png_info_init_3
png_init_io
png_malloc
png_malloc_default
png_malloc_warn
png_memcpy_check
png_memset_check
png_mmx_support
png_permit_empty_plte
png_permit_mng_features
png_process_data
png_progressive_combine_row
png_read_end
png_read_image
png_read_info
png_read_init
png_read_init_2
png_read_init_3
png_read_png
png_read_row
png_read_rows
png_read_update_info
png_reset_zstream
png_save_int_32
png_save_uint_16
png_save_uint_32
png_set_IHDR
png_set_PLTE
png_set_add_alpha
png_set_asm_flags
png_set_bKGD
png_set_background
png_set_bgr
png_set_cHRM
png_set_cHRM_fixed
png_set_compression_buffer_size
png_set_compression_level
png_set_compression_mem_level
png_set_compression_method
png_set_compression_strategy
png_set_compression_window_bits
png_set_crc_action
png_set_dither
png_set_error_fn
png_set_expand
png_set_expand_gray_1_2_4_to_8
png_set_filler
png_set_filter
png_set_filter_heuristics
png_set_flush
png_set_gAMA
png_set_gAMA_fixed
png_set_gamma
png_set_gray_1_2_4_to_8
png_set_gray_to_rgb
png_set_hIST
png_set_iCCP
png_set_interlace_handling
png_set_invalid
png_set_invert_alpha
png_set_invert_mono
png_set_keep_unknown_chunks
png_set_oFFs
png_set_pCAL
png_set_pHYs
png_set_packing
png_set_packswap
png_set_palette_to_rgb
png_set_progressive_read_fn
png_set_read_fn
png_set_read_status_fn
png_set_read_user_chunk_fn
png_set_read_user_transform_fn
png_set_rgb_to_gray
png_set_rgb_to_gray_fixed
png_set_rows
png_set_sBIT
png_set_sCAL
png_set_sPLT
png_set_sRGB
png_set_sRGB_gAMA_and_cHRM
png_set_shift
png_set_sig_bytes
png_set_strip_16
png_set_strip_alpha
png_set_strip_error_numbers
png_set_swap
png_set_swap_alpha
png_set_tIME
png_set_tRNS
png_set_tRNS_to_alpha
png_set_text
png_set_unknown_chunk_location
png_set_unknown_chunks
png_set_user_limits
png_set_user_transform_info
png_set_write_fn
png_set_write_status_fn
png_set_write_user_transform_fn
png_sig_cmp
png_start_read_image
png_warning
png_write_chunk
png_write_chunk_data
png_write_chunk_end
png_write_chunk_start
png_write_end
png_write_flush
png_write_image
png_write_info
png_write_info_before_PLTE
png_write_init
png_write_init_2
png_write_init_3
png_write_png
png_write_row
png_write_rows
png_write_sig

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_8366e4fd72e1133351a17fbfa62bdbf8.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_836b81a72227d1ca339e237b7d42a7ca.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_8389c27524622e1e1b4e9ef74d72530b.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_842742384f62ec39f3d153a96f30e154.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_84a3661c5c1b982814b344e0137b7113.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_84c108fec8ff1f7248713a584919a29f.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4.1MB - Virtual size: 14.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 46KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 932KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 20.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_860dbe6d63a455d884c30ccb156a68b3.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.mvid
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_86e0f5e754ba501b4fbbde72e5dacb95.vir
.exe windows:4 windows x86 arch:x86

2f6e709b14e644a6cb2db38a7e0a1a23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ccdiagnosis

ord1

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

mfc42

ord922
ord537
ord539
ord6467
ord858
ord861
ord941
ord4129
ord2763
ord860
ord1158
ord4160
ord535
ord924
ord2614
ord1168
ord2817
ord2915
ord1147
ord5572
ord4202
ord1979
ord6385
ord665
ord4204
ord2764
ord540
ord2818
ord1601
ord800
ord823
ord825
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord2393
ord6883
ord541
ord801
ord859
ord2919
ord940
ord5710
ord3318
ord5442
ord5683
ord3663
ord3613
ord3126
ord350
ord3616
ord3127
ord5651
ord354
ord5186
ord1577
ord1116
ord1176
ord1575
ord939

msvcrt

_mbsicoll
_mbscmp
remove
wcsncpy
wcscpy
wcscmp
memset
_mbsicmp
wcslen
__CxxFrameHandler
_splitpath
memcpy
memcmp
wcschr
_vsnprintf
_snwprintf
_mbsnbcpy
_purecall
_beginthreadex
_snprintf
swscanf
sprintf
isprint
_except_handler3
free
malloc
?terminate@@YAXXZ
__dllonexit
_onexit
_controlfp
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_CxxThrowException

kernel32

RaiseException
InterlockedExchange
GetStartupInfoA
SearchPathA
GetTempPathA
GetTempFileNameA
CopyFileA
ReadFile
SetEndOfFile
LocalAlloc
GetDateFormatA
GetTimeFormatA
WriteFile
CreateFileA
SetFilePointer
FlushFileBuffers
SetLastError
GetFileSize
DeleteFileA
GetVersionExA
GetDiskFreeSpaceExA
FormatMessageA
LocalFree
GetLocalTime
GetTickCount
ResetEvent
GetCurrentProcessId
lstrcatA
lstrcpyA
GetModuleHandleA
GetShortPathNameA
lstrcpynA
GetCommandLineA
lstrcmpiA
DuplicateHandle
CreateEventW
OpenEventW
CreateEventA
CreateThread
GetModuleFileNameA
GetCurrentProcess
FlushInstructionCache
lstrlenA
MultiByteToWideChar
GetLastError
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
SetEvent
OpenEventA
WaitForSingleObject
CloseHandle
GetComputerNameA
GetProcAddress
Sleep
FindFirstFileA
FindClose
GetLocaleInfoA
OutputDebugStringA
lstrlenW
FreeLibrary
LoadLibraryA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection

user32

GetActiveWindow
DialogBoxParamA
SetWindowLongA
CharNextA
GetMessageA
LoadStringA
MessageBoxA
wvsprintfA
SetTimer
PeekMessageA
TranslateMessage
GetWindowRect
DispatchMessageA
GetParent
EnableWindow
SetFocus
GetWindowLongA
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
SetParent
EndDialog
WinHelpA
SetWindowTextA
FindWindowA
KillTimer
GetWindowTextLengthA
GetWindowTextA
wsprintfA
PostThreadMessageA
DefWindowProcA
CallWindowProcA
GetWindow
GetDlgCtrlID

advapi32

RegConnectRegistryA
RegOpenKeyExA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegisterServiceCtrlHandlerA
GetTokenInformation
GetLengthSid
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegNotifyChangeKeyValue
RegFlushKey
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
SetTokenInformation
RegEnumKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
StartServiceCtrlDispatcherA
ControlService
DeleteService
CreateServiceA
RegOpenKeyExW
RegQueryValueExW
SetServiceStatus

ole32

CoCreateInstance
WriteClassStm
OleSaveToStream
OleLoadFromStream
CLSIDFromProgID
CLSIDFromString
OleRun
CoUninitialize
CoSuspendClassObjects
CoInitialize
CoDisconnectObject
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoGetMalloc
StringFromIID
ProgIDFromCLSID
CoInitializeSecurity
StringFromCLSID
CoTaskMemFree
CreateBindCtx
MkParseDisplayName

oleaut32

LoadRegTypeLi
SetErrorInfo
GetErrorInfo
SafeArrayGetElement
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
VariantCopy
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SysFreeString
SafeArrayCreate
SafeArrayAccessData
SysAllocString
SafeArrayUnaccessData
VariantClear
VariantChangeType
VariantInit

msvcp60

??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1_Lockit@std@@QAE@XZ

shlwapi

PathIsRelativeA
StrNCatA
PathFileExistsA
PathAddBackslashA
SHDeleteKeyA
PathFindFileNameA
PathFindExtensionA

imagehlp

MakeSureDirectoryPathExists

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_8713e641991056be5a6545793c29b0c4.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_883be5b85c9fc43dcedd67a1b3be3b13.vir
.exe windows:6 windows x86 arch:x86

d5e72b70ffb3622cbfea3da517756419

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\andre_000\Documents\Visual Studio 2015\Code\TestMFCDocView\Debug\TestMFCDocView.pdb

Imports

mfc140ud

ord12113
ord12114
ord12112
ord17378
ord3313
ord12081
ord3899
ord3902
ord16164
ord7549
ord3763
ord5992
ord5993
ord7426
ord14518
ord7224
ord16090
ord16100
ord7229
ord16098
ord7228
ord3088
ord5392
ord13333
ord10618
ord11166
ord1266
ord9875
ord11021
ord13716
ord6486
ord4483
ord5499
ord11046
ord14041
ord13398
ord12231
ord8686
ord604
ord3780
ord9232
ord2965
ord5083
ord14067
ord10128
ord4595
ord14144
ord2046
ord13718
ord7252
ord13723
ord4473
ord9025
ord4596
ord2045
ord5268
ord4685
ord7251
ord11115
ord8689
ord607
ord3873
ord9371
ord2966
ord5084
ord14069
ord10129
ord11167
ord14146
ord13725
ord11024
ord13719
ord4485
ord5994
ord16101
ord16099
ord4474
ord11048
ord5266
ord1060
ord15974
ord1579
ord1078
ord10216
ord1592
ord9006
ord11970
ord11973
ord11977
ord9164
ord1176
ord11017
ord12076
ord6994
ord14085
ord7225
ord16093
ord17154
ord16776
ord3089
ord5393
ord4477
ord14049
ord9876
ord3752
ord3751
ord4017
ord4016
ord4759
ord12304
ord13299
ord12901
ord10840
ord1223
ord2928
ord5037
ord11018
ord3312
ord16160
ord7547
ord14092
ord14183
ord14233
ord9885
ord14215
ord7198
ord4493
ord391
ord1183
ord8268
ord1095
ord10202
ord16367
ord15450
ord7728
ord6832
ord7729
ord17262
ord7727
ord17260
ord9592
ord14599
ord17050
ord2136
ord13920
ord13921
ord2379
ord13968
ord14222
ord9533
ord15117
ord4757
ord4819
ord11212
ord17188
ord9511
ord17182
ord14609
ord14610
ord2887
ord6470
ord10024
ord12111
ord9589
ord5501
ord15030
ord15098
ord12265
ord14223
ord10108
ord1606
ord3024
ord5153
ord10210
ord868
ord2686
ord2693
ord2708
ord2564
ord1225
ord7941
ord493
ord14137
ord11044
ord9012
ord1645
ord2520
ord4490
ord10008
ord8632
ord512
ord16570
ord16260
ord3426
ord9928
ord16119
ord6776
ord7520
ord10884
ord4504
ord12860
ord12910
ord13168
ord11005
ord14944
ord6741
ord14715
ord13153
ord10123
ord9168
ord3410
ord15618
ord3092
ord14475
ord14808
ord5624
ord11301
ord3257
ord15134
ord14054
ord5044
ord2935
ord1240
ord4805
ord4755
ord17099
ord6495
ord6485
ord12263
ord12077
ord12564
ord13028
ord13029
ord11177
ord13664
ord11797
ord11020
ord6996
ord11975
ord11976
ord9160
ord9896
ord11065
ord14184
ord8943
ord1090
ord4797
ord10000
ord13177
ord13180
ord11326
ord11341
ord11331
ord11804
ord11809
ord11343
ord13008
ord12341
ord10721
ord10711
ord13667
ord13036
ord11868
ord1601
ord5152
ord3023
ord3219
ord8289
ord11034
ord14084
ord14048
ord13644
ord13645
ord10945
ord13868
ord17181
ord10763
ord4739
ord8456
ord12887
ord3857
ord16316
ord14245
ord14241
ord1978
ord2000
ord2026
ord2012
ord2033
ord5894
ord5961
ord5906
ord5924
ord5918
ord5912
ord5971
ord5955
ord5900
ord5977
ord5932
ord5870
ord5885
ord5946
ord5405
ord7021
ord11511
ord5391
ord3635
ord17183
ord9512
ord17189
ord8290
ord13636
ord3220
ord3976
ord3977
ord3856
ord14132
ord6303
ord6711
ord6991
ord11164
ord6679
ord6306
ord5352
ord12115
ord6537
ord6282
ord9264
ord9265
ord9254
ord6535
ord9889
ord15341
ord1662
ord1652
ord1660
ord9022
ord17261
ord2616
ord1653
ord2804

kernel32

HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
OutputDebugStringA
DecodePointer
SetLastError
GetProcessHeap
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
FreeLibrary
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
LoadLibraryW
GetProcAddress
GetLastError

user32

PostQuitMessage
PeekMessageW
UnregisterClassW

gdi32

DeleteDC

comctl32

InitCommonControlsEx

oleaut32

SysFreeString

gdiplus

GdiplusShutdown

vcruntime140d

memset
_purecall
__CxxFrameHandler3
__telemetry_main_return_trigger
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW
memmove
__telemetry_main_invoke_trigger

ucrtbased

__stdio_common_vswprintf_s
__stdio_common_vsnwprintf_s
free
malloc
_CrtDbgReportW
_CrtDbgReport
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_set_fmode
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
terminate
_controlfp_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
_invalid_parameter_noinfo
_errno
_recalloc
wcslen
wcscpy_s
__stdio_common_vswprintf

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 329B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_88e5f3b9f1b1e0318073f11ac0991c58.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_88f70d2f3563d7bf4bf4338b69f69347.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 810KB - Virtual size: 810KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_890e40a811cf1c98c1773b4dac280e42.vir
.exe windows:6 windows x64 arch:x64

89fda89638a89bfd6117558272c4e4a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\usr3\hicad\2101.2\dev\Install\pdb64_Release\HeliosInterfaceTest.pdb

Imports

helmodul

??0CHelTransString@@QEAA@XZ
??1CHelTransString@@QEAA@XZ
?GetBautUeberBautSuche@CHeliosInterface@@QEAAHAEAVCHelTransString@@AEAJ0JPEAVCHelAttribut@@@Z
?Get@CHelTransString@@QEBAPEB_WXZ
?CreatePartDerivation@CHeliosInterface@@QEAAPEAVCPartDerivation@@PEB_WJ@Z
??BCHelTransString@@QEBAPEB_WXZ
?CanExecute@CPartDerivation@@QEAAHXZ
?GetLastError@CPartDerivation@@QEAA?AVCHelTransString@@XZ
?GetKraOrig@CPartDerivation@@QEAAXAEAVCHelTransString@@AEAJ@Z
?GetSzaOrig@CPartDerivation@@QEAAXAEAVCHelTransString@@AEAJ@Z
?Execute@CPartDerivation@@QEAAHXZ
?GetPart@CPartDerivation@@QEAAXAEAVCHelTransString@@@Z
?GetKra@CPartDerivation@@QEAAXAEAVCHelTransString@@@Z
?GetSza@CPartDerivation@@QEAAXAEAVCHelTransString@@@Z
??1CPartDerivation@@QEAA@XZ
?CreateBautInfoEx@CHeliosInterface@@QEAAPEAVCBautInfoEx@@PEB_WJ@Z
?GetInfo@CBautInfoEx@@QEAAHPEB_WAEAVCHelTransString@@@Z
??0CHelTransStringArray@@QEAA@XZ
??1CHelTransStringArray@@QEAA@XZ
??0CHelLongArray@@QEAA@XZ
?HeliosInterfaceBeenden@@YAXAEAPEAVCHeliosInterface@@@Z
?DokumenteSuchen@CHeliosInterface@@QEAAHAEAVCHelTransStringArray@@AEAVCHelLongArray@@J@Z
?GetCount@CHelTransStringArray@@QEBAHXZ
??0CHelTransString@@QEAA@PEB_W@Z
?GetAt@CHelTransStringArray@@QEBAPEB_WH@Z
?GetAt@CHelLongArray@@QEBA?BJK@Z
?CreateDokuInfoEx@CHeliosInterface@@QEAAPEAVCDokuInfoEx@@PEB_WJ@Z
?GetInfo@CDokuInfoEx@@QEAAHPEB_WAEAVCHelTransString@@@Z
?CreateDokuNeu@CHeliosInterface@@QEAAPEAVCDokuNeu@@_WPEB_W@Z
?SetAttrWert@CDokuNeu@@QEAAHPEB_W0@Z
?GetLastError@CDokuNeu@@QEAAPEB_WXZ
?SetExtension@CDokuNeu@@QEAAHPEB_W@Z
?InsertDokuWithCheckIn@CDokuNeu@@QEAAHAEAVCHelTransString@@AEAJPEB_W0@Z
??1CDokuNeu@@QEAA@XZ
?CreateTeilNeu@CHeliosInterface@@QEAAPEAVCBautNeu@@PEB_W@Z
?SetAttrWert@CBautNeu@@QEAAHPEB_W0@Z
?GetLastError@CBautNeu@@QEAAPEB_WXZ
?InsertBaut@CBautNeu@@QEAAHAEAVCHelTransString@@AEAJ@Z
?CommitBaut@CBautNeu@@QEAAHXZ
?RollbackBaut@CBautNeu@@QEAAHXZ
??1CBautNeu@@QEAA@XZ
??1CHelLongArray@@QEAA@XZ
?HeliosInterfaceStarten@@YAHPEAVCWnd@@AEAPEAVCHeliosInterface@@AEAJ2@Z

mfc110u

ord14036
ord7498
ord14030
ord12056
ord12055
ord2385
ord5059
ord7868
ord12376
ord7928
ord8011
ord449
ord1082
ord2217
ord4595
ord1027
ord296
ord3698
ord6190
ord6120
ord1084
ord7087
ord2136
ord2160
ord10008
ord4664
ord8005
ord3655
ord872
ord1360
ord10572
ord14110
ord8582
ord1494
ord6157
ord8751
ord9791
ord5456
ord11688
ord3117
ord3223
ord3224
ord3753
ord11644
ord2575
ord5594
ord13175
ord11244
ord6493
ord14037
ord7499
ord14031
ord2912
ord4291
ord9232
ord4299
ord4726
ord4693
ord4687
ord4723
ord4745
ord4702
ord4731
ord4741
ord4710
ord4714
ord4718
ord4706
ord4735
ord4698
ord1707
ord1698
ord1702
ord8939
ord14108
ord11777
ord11779
ord13334
ord3118
ord8776
ord10536
ord6591
ord11693
ord8507
ord14029
ord11463
ord3660
ord11609
ord8681
ord11253
ord11252
ord5327
ord9824
ord9820
ord9822
ord9823
ord9821
ord2643
ord7758
ord3154
ord3157
ord13218
ord5871
ord3016
ord3252
ord3253
ord10922
ord10549
ord11651
ord5993
ord14109
ord5992
ord3673
ord5577
ord11759
ord11767
ord4384
ord7765
ord9969
ord11771
ord11739
ord12438
ord4959
ord5239
ord5427
ord8891
ord5215
ord5430
ord4962
ord5105
ord4943
ord7310
ord7311
ord7301
ord5103
ord7767
ord9786
ord8750
ord6477
ord3892
ord13366
ord6910
ord12930
ord934
ord1480
ord2127
ord7563
ord1441
ord977
ord7245
ord3952
ord3890
ord12457
ord7516
ord1962
ord11502
ord11503
ord13909
ord12045
ord1694
ord7566
ord9915
ord1482
ord1685
ord5991
ord2316
ord8959

msvcr110

?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtCapturePreviousContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
__CxxFrameHandler3

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer

user32

DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
PostMessageW
SendMessageW
AppendMenuW
GetSystemMenu
LoadIconW
EnableWindow

comctl32

InitCommonControlsEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_89d477dea90f3e1ae9ebe32a13f2eda3.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_8ab069a1a73201c2cddfc9c46328d0d5.vir
.exe windows:4 windows x86 arch:x86

a03bdeee8d38d74acb57a3cec52cc09f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:75:60:f5:9a:a0:ea:7c:1e:57:2b:49:4c:b5:c0:bd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01-09-2023 00:00

Not After

31-08-2024 00:00

Subject

SERIALNUMBER=110111-1138985,CN=AhnLab\, Inc.,O=AhnLab\, Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR,2.5.4.15=#131450726976617465206f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130b53656f6e676e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:84:32:80:6e:5d:b0:8c:42:50:e8:66:03:10:d9:92:05:f9:da:ea:ad:4c:71:52:c6:b4:48:24:e1:93:9c:ae
Signer

Actual PE Digest

51:84:32:80:6e:5d:b0:8c:42:50:e8:66:03:10:d9:92:05:f9:da:ea:ad:4c:71:52:c6:b4:48:24:e1:93:9c:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
OutputDebugStringA
GetCurrentProcessId
CopyFileA
ReleaseMutex
GetTickCount
LocalAlloc
Sleep
GetModuleFileNameA
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
SetLastError
CreateDirectoryA
ReadFile
SetFilePointer
CreateFileA
GetPrivateProfileStringA
RemoveDirectoryA
FindClose
DeleteFileA
FindNextFileA
SetFileAttributesA
FindFirstFileA
SetFileTime
lstrcpyA
SetEvent
OpenEventA
SetUnhandledExceptionFilter
GetFileSize
SetEndOfFile
WriteFile
VirtualQuery
FreeLibrary
GetCurrentProcess
GetCurrentThreadId
GetProcAddress
LoadLibraryA
GetTempPathA
GetSystemDirectoryA
GetFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetWindowsDirectoryA
GetModuleHandleA
CompareStringW
CompareStringA
GetLocaleInfoW
SetConsoleCtrlHandler
GetUserDefaultLCID
EnumSystemLocalesA
lstrcatA
CreateMutexA
GetLastError
CloseHandle
lstrcmpiA
lstrcmpA
FormatMessageA
lstrlenA
LocalFree
lstrcpynA
CreateProcessA
RtlUnwind
HeapAlloc
HeapFree
GetLocalTime
FileTimeToLocalFileTime
GetDriveTypeA
GetFileAttributesA
RaiseException
MoveFileA
HeapReAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
GetFileType
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
HeapSize
InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetTimeZoneInformation
IsValidLocale
IsValidCodePage
GetLocaleInfoA
SetEnvironmentVariableA

user32

CharNextA
CharLowerA
wsprintfA
LoadStringA
IsCharAlphaA

advapi32

OpenSCManagerA
ChangeServiceConfigA
CloseServiceHandle
OpenServiceA
QueryServiceConfigA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_8c30e68acfca483e78829988a6abe3a8.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_8ca65808be8b9c5e8e4473e6cc0ce2e2.vir
.exe windows:5 windows x86 arch:x86

6138bdb74abc795b0a998eb00778d570

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_except_handler3
_c_exit

advapi32

ControlService
OpenServiceW
OpenSCManagerW
NotifyBootConfigStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetServiceStatus

kernel32

SetEvent
ExitThread
WaitForSingleObject
ExitProcess
CreateEventA
GetLastError
GetModuleHandleA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_8d7e797c9d0411fdd977fe37c21f6da6.vir
.exe windows:4 windows x86 arch:x86

4d577e3d21a4b253f23a6687837c39a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
InterlockedIncrement

user32

OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
GetClipboardData
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
CloseClipboard
wsprintfA
EqualRect
GetWindowRect
SetForegroundWindow
WaitForInputIdle
IsWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetSystemMenu
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
UnregisterClassA
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture

gdi32

SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
GetObjectA
CreatePen
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
CreateRectRgnIndirect
SetBkColor
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

OleUninitialize
CLSIDFromString
OleInitialize

oleaut32

RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi

comctl32

ImageList_Destroy
ord17

ws2_32

recv
getpeername
accept
ioctlsocket
recvfrom
WSAAsyncSelect
closesocket
WSACleanup
inet_ntoa

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

Sections

.text
Size: 904KB - Virtual size: 901KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_8ee73eb0e4518da37ce7099f6945576f.vir
.dll windows:5 windows x86 arch:x86

be83204714ec0ad9031e87fe2b09eefe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rtl190.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@RegisterModule$qqrp17System@TLibModule
@System@@UStrEqual$qqrv
@System@@UStrCmp$qqrv
@System@@UStrAsg$qqrr20System@UnicodeStringx20System@UnicodeString
@System@@UStrArrayClr$qqrpvi
@System@@UStrClr$qqrpv
@System@@RunError$qqruc
@System@@Halt0$qqrv
@System@@StartLib$qqrv
@System@@HandleFinally$qqrv
@System@@TRUNC$qqrv
@System@Internal@Excutils@initialization$qqrv
@System@Internal@Excutils@Finalization$qqrv
@System@Sysutils@initialization$qqrv
@System@Sysutils@Finalization$qqrv
@System@Sysutils@TOSVersion@$bcctr$qqrv
@System@Sysutils@TEncoding@$bcdtr$qqrv
@System@Sysutils@TLanguages@$bcdtr$qqrv
@System@Sysutils@Exception@$bcdtr$qqrv
@System@Sysutils@Exception@$bcctr$qqrv
@System@Sysutils@FloatToStr$qqrg
@System@Sysutils@StrToIntDef$qqrx20System@UnicodeStringi
@System@Sysutils@IntToStr$qqri
@System@Sysutils@Trim$qqrx20System@UnicodeString
@System@Sysutils@TOSVersion@$bcdtr$qqrv
@System@Sysutils@TEncoding@$bcctr$qqrv
@System@Sysutils@TLanguages@$bcctr$qqrv
@System@Varutils@initialization$qqrv
@System@Varutils@Finalization$qqrv
@System@Variants@initialization$qqrv
@System@Variants@Finalization$qqrv
@System@Ansistrings@initialization$qqrv
@System@Ansistrings@Finalization$qqrv
@System@Math@initialization$qqrv
@System@Math@Finalization$qqrv
@System@Timespan@TTimeSpan@$bcctr$qqrv
@System@Timespan@TTimeSpan@$bcdtr$qqrv
@System@Syncobjs@initialization$qqrv
@System@Syncobjs@Finalization$qqrv
@System@Generics@Defaults@TIStringComparer@$bcdtr$qqrv
@System@Generics@Defaults@TStringComparer@$bcdtr$qqrv
@System@Generics@Defaults@TIStringComparer@$bcctr$qqrv
@System@Generics@Defaults@TStringComparer@$bcctr$qqrv
@System@Rtti@initialization$qqrv
@System@Rtti@Finalization$qqrv
@System@Typinfo@initialization$qqrv
@System@Typinfo@Finalization$qqrv
@System@Classes@initialization$qqrv
@System@Classes@Finalization$qqrv
@System@Classes@TObserverMapping@$bcdtr$qqrv
@System@Classes@TLoginCredentialService@$bcdtr$qqrv
@System@Classes@TLoginCredentialService@$bcctr$qqrv
@System@Classes@TBinaryWriter@$bcdtr$qqrv
@System@Classes@TComponent@$bcctr$qqrv
@System@Classes@TThread@$bcdtr$qqrv
@System@Classes@TThread@$bcctr$qqrv
@System@Classes@TBinaryWriter@$bcctr$qqrv
@System@Classes@TComponent@$bcdtr$qqrv
@System@Classes@TObserverMapping@$bcctr$qqrv
@System@Dateutils@TTimeZone@$bcdtr$qqrv
@System@Dateutils@TTimeZone@$bcctr$qqrv
@System@Ioutils@initialization$qqrv
@System@Ioutils@Finalization$qqrv
@System@Ioutils@TPath@$bcctr$qqrv
@System@Ioutils@TPath@$bcdtr$qqrv
@System@Win@Registry@TRegistry@$bcctr$qqrv
@System@Win@Registry@TRegistry@$bcdtr$qqrv
@System@Win@Comobj@initialization$qqrv
@System@Win@Comobj@Finalization$qqrv
@System@Win@Comobj@TComServerObject@$bcctr$qqrv
@System@Win@Comobj@TComServerObject@$bcdtr$qqrv
@System@Actions@initialization$qqrv
@System@Actions@Finalization$qqrv
@Winapi@Uxtheme@initialization$qqrv
@Winapi@Uxtheme@Finalization$qqrv
@System@Helpintfs@initialization$qqrv
@System@Helpintfs@Finalization$qqrv
@Winapi@Flatsb@initialization$qqrv
@Winapi@Flatsb@Finalization$qqrv

kernel32

GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
GetVersionExW
FreeLibrary

l5calc.bpl

@Taxconst@initialization$qqrv
@Taxconst@Finalization$qqrv
@Ldetail@initialization$qqrv
@Ldetail@Finalization$qqrv
@Numlist@TTextList@GetValues$qqri
@Statedef@initialization$qqrv
@Statedef@Finalization$qqrv
@Pclfonts@initialization$qqrv
@Pclfonts@Finalization$qqrv
@Procmisc@StrToFloatDef$qqrx20System@UnicodeStringd
@Lindata@initialization$qqrv
@Lindata@Finalization$qqrv
@Lindata@TIndataSet@GetDDesc$qqriiii
@Lindata@TIndataSet@IDCode$qqriiii
@Ltbase@initialization$qqrv
@Ltbase@Finalization$qqrv
@Libstate@initialization$qqrv
@Libstate@Finalization$qqrv
@Bnxtclc@initialization$qqrv
@Bnxtclc@Finalization$qqrv
@Ldate@initialization$qqrv
@Ldate@Finalization$qqrv
@Fldconst@initialization$qqrv
@Fldconst@Finalization$qqrv
@Diagconst@initialization$qqrv
@Diagconst@Finalization$qqrv
@Coestreamobject@initialization$qqrv
@Coestreamobject@Finalization$qqrv

vcl190.bpl

@Vcl@Graphics@initialization$qqrv
@Vcl@Graphics@Finalization$qqrv
@Vcl@Actnlist@initialization$qqrv
@Vcl@Actnlist@Finalization$qqrv
@Vcl@Graphutil@initialization$qqrv
@Vcl@Graphutil@Finalization$qqrv
@Vcl@Controls@initialization$qqrv
@Vcl@Controls@Finalization$qqrv
@Vcl@Stdctrls@TStaticText@$bcdtr$qqrv
@Vcl@Stdctrls@TStaticText@$bcctr$qqrv
@Vcl@Stdctrls@TListBox@$bcdtr$qqrv
@Vcl@Stdctrls@TListBox@$bcctr$qqrv
@Vcl@Stdctrls@TCheckBox@$bcdtr$qqrv
@Vcl@Stdctrls@TCheckBox@$bcctr$qqrv
@Vcl@Stdctrls@TButton@$bcdtr$qqrv
@Vcl@Stdctrls@TButton@$bcctr$qqrv
@Vcl@Stdctrls@TComboBox@$bcdtr$qqrv
@Vcl@Stdctrls@TComboBox@$bcctr$qqrv
@Vcl@Stdctrls@TMemo@$bcdtr$qqrv
@Vcl@Stdctrls@TMemo@$bcctr$qqrv
@Vcl@Stdctrls@TEdit@$bcdtr$qqrv
@Vcl@Stdctrls@TEdit@$bcctr$qqrv
@Vcl@Stdctrls@TGroupBox@$bcdtr$qqrv
@Vcl@Stdctrls@TGroupBox@$bcctr$qqrv
@Vcl@Stdctrls@TCustomStaticText@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomStaticText@$bcctr$qqrv
@Vcl@Stdctrls@TScrollBar@$bcdtr$qqrv
@Vcl@Stdctrls@TScrollBar@$bcctr$qqrv
@Vcl@Stdctrls@TCustomListBox@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomListBox@$bcctr$qqrv
@Vcl@Stdctrls@TRadioButton@$bcdtr$qqrv
@Vcl@Stdctrls@TRadioButton@$bcctr$qqrv
@Vcl@Stdctrls@TCustomCheckBox@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomCheckBox@$bcctr$qqrv
@Vcl@Stdctrls@TCustomButton@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomButton@$bcctr$qqrv
@Vcl@Stdctrls@TCustomComboBox@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomComboBox@$bcctr$qqrv
@Vcl@Stdctrls@TCustomMemo@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomMemo@$bcctr$qqrv
@Vcl@Stdctrls@TCustomEdit@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomEdit@$bcctr$qqrv
@Vcl@Stdctrls@TCustomGroupBox@$bcdtr$qqrv
@Vcl@Stdctrls@TCustomGroupBox@$bcctr$qqrv
@Vcl@Printers@initialization$qqrv
@Vcl@Printers@Finalization$qqrv
@Vcl@Clipbrd@initialization$qqrv
@Vcl@Clipbrd@Finalization$qqrv
@Vcl@Comctrls@initialization$qqrv
@Vcl@Comctrls@Finalization$qqrv
@Vcl@Comctrls@THeaderControl@$bcdtr$qqrv
@Vcl@Comctrls@THeaderControl@$bcctr$qqrv
@Vcl@Comctrls@TStatusBar@$bcdtr$qqrv
@Vcl@Comctrls@TStatusBar@$bcctr$qqrv
@Vcl@Comctrls@TComboBoxEx@$bcdtr$qqrv
@Vcl@Comctrls@TComboBoxEx@$bcctr$qqrv
@Vcl@Comctrls@TCustomComboBoxEx@$bcdtr$qqrv
@Vcl@Comctrls@TCustomComboBoxEx@$bcctr$qqrv
@Vcl@Comctrls@TPageScroller@$bcdtr$qqrv
@Vcl@Comctrls@TPageScroller@$bcctr$qqrv
@Vcl@Comctrls@TDateTimePicker@$bcdtr$qqrv
@Vcl@Comctrls@TDateTimePicker@$bcctr$qqrv
@Vcl@Comctrls@TCoolBar@$bcdtr$qqrv
@Vcl@Comctrls@TCoolBar@$bcctr$qqrv
@Vcl@Comctrls@TToolBar@$bcdtr$qqrv
@Vcl@Comctrls@TToolBar@$bcctr$qqrv
@Vcl@Comctrls@TListView@$bcdtr$qqrv
@Vcl@Comctrls@TListView@$bcctr$qqrv
@Vcl@Comctrls@TCustomListView@$bcdtr$qqrv
@Vcl@Comctrls@TCustomListView@$bcctr$qqrv
@Vcl@Comctrls@THotKey@$bcdtr$qqrv
@Vcl@Comctrls@THotKey@$bcctr$qqrv
@Vcl@Comctrls@TCustomHotKey@$bcdtr$qqrv
@Vcl@Comctrls@TCustomHotKey@$bcctr$qqrv
@Vcl@Comctrls@TUpDown@$bcdtr$qqrv
@Vcl@Comctrls@TUpDown@$bcctr$qqrv
@Vcl@Comctrls@TCustomUpDown@$bcdtr$qqrv
@Vcl@Comctrls@TCustomUpDown@$bcctr$qqrv
@Vcl@Comctrls@TRichEdit@$bcdtr$qqrv
@Vcl@Comctrls@TRichEdit@$bcctr$qqrv
@Vcl@Comctrls@TCustomRichEdit@$bcdtr$qqrv
@Vcl@Comctrls@TCustomRichEdit@$bcctr$qqrv
@Vcl@Comctrls@TProgressBar@$bcdtr$qqrv
@Vcl@Comctrls@TProgressBar@$bcctr$qqrv
@Vcl@Comctrls@TTrackBar@$bcdtr$qqrv
@Vcl@Comctrls@TTrackBar@$bcctr$qqrv
@Vcl@Comctrls@TTreeView@$bcdtr$qqrv
@Vcl@Comctrls@TTreeView@$bcctr$qqrv
@Vcl@Comctrls@TCustomTreeView@$bcdtr$qqrv
@Vcl@Comctrls@TCustomTreeView@$bcctr$qqrv
@Vcl@Comctrls@TCustomHeaderControl@$bcdtr$qqrv
@Vcl@Comctrls@TCustomHeaderControl@$bcctr$qqrv
@Vcl@Comctrls@TCustomStatusBar@$bcdtr$qqrv
@Vcl@Comctrls@TCustomStatusBar@$bcctr$qqrv
@Vcl@Comctrls@TTabControl@$bcdtr$qqrv
@Vcl@Comctrls@TTabControl@$bcctr$qqrv
@Vcl@Comctrls@TCustomTabControl@$bcdtr$qqrv
@Vcl@Comctrls@TCustomTabControl@$bcctr$qqrv
@Vcl@Dialogs@initialization$qqrv
@Vcl@Dialogs@Finalization$qqrv
@Vcl@Extctrls@initialization$qqrv
@Vcl@Extctrls@Finalization$qqrv
@Vcl@Extctrls@TLinkLabel@$bcdtr$qqrv
@Vcl@Extctrls@TLinkLabel@$bcctr$qqrv
@Vcl@Extctrls@TCustomLinkLabel@$bcdtr$qqrv
@Vcl@Extctrls@TCustomLinkLabel@$bcctr$qqrv
@Vcl@Extctrls@TCategoryPanelGroup@$bcdtr$qqrv
@Vcl@Extctrls@TCategoryPanelGroup@$bcctr$qqrv
@Vcl@Extctrls@TCustomCategoryPanelGroup@$bcdtr$qqrv
@Vcl@Extctrls@TCustomCategoryPanelGroup@$bcctr$qqrv
@Vcl@Themes@TCustomStyleEngine@$bcdtr$qqrv
@Vcl@Themes@TCustomStyleEngine@$bcctr$qqrv
@Vcl@Menus@initialization$qqrv
@Vcl@Menus@Finalization$qqrv
@Vcl@Forms@initialization$qqrv
@Vcl@Forms@Finalization$qqrv
@Vcl@Forms@TForm@$bcdtr$qqrv
@Vcl@Forms@TForm@$bcctr$qqrv
@Vcl@Forms@TCustomForm@$bcdtr$qqrv
@Vcl@Forms@TCustomForm@$bcctr$qqrv
@Vcl@Forms@TScrollBox@$bcdtr$qqrv
@Vcl@Forms@TScrollBox@$bcctr$qqrv

l5engine.bpl

@Abconst@initialization$qqrv
@Abconst@Finalization$qqrv
@Abarctyp@initialization$qqrv
@Abarctyp@Finalization$qqrv
@Ablzma@initialization$qqrv
@Ablzma@Finalization$qqrv
@Abdfhufd@initialization$qqrv
@Abdfhufd@Finalization$qqrv
@Abdfxlat@initialization$qqrv
@Abdfxlat@Finalization$qqrv
@Lfrmload@initialization$qqrv
@Lfrmload@Finalization$qqrv
@Formrefcount@initialization$qqrv
@Formrefcount@Finalization$qqrv
@Halconst@initialization$qqrv
@Halconst@Finalization$qqrv
@Lpage@initialization$qqrv
@Lpage@Finalization$qqrv
@Exprreg@initialization$qqrv
@Exprreg@Finalization$qqrv
@Exprreg@RegisterExpression$qqrusuiuipv
@Modreg@initialization$qqrv
@Modreg@Finalization$qqrv
@Twodbarcode@initialization$qqrv
@Twodbarcode@Finalization$qqrv
@Engglobals@initialization$qqrv
@Engglobals@Finalization$qqrv
@Printvars@TPrintVariables@GetEFRequested$qqr25Haltypes@TEFRequestedType
@Printvars@TPrintVariables@IsValidIndataIndex$qqri
@Printvars@TPrintVariables@GetStateAbbreviation$qqr20System@UnicodeString
@Printvars@TPrintVariables@GetContainerInfo$qqrusui30Haltypes@TContainerInformation
@Printvars@TPrintVariables@GetClientNotesData$qqr18Haltypes@TNoteMode18Haltypes@TNoteTypei20System@UnicodeString
@Printvars@TPrintVariables@GetCtrlTData$qqr20System@UnicodeStringt1
@Printvars@TPrintVariables@IsStateRequested$qqr20System@UnicodeString
@Printvars@TPrintVariables@GetPageCaption$qqrui20System@UnicodeStringi24Haltypes@TPageNumberMode28Haltypes@TStartNumberingMode
@Printvars@TPrintVariables@GetGridLineCount$qqr23Haltypes@TLineCountModeuiuiui
@Printvars@TPrintVariables@GetTaxFieldData$qqruiiio
@Printvars@TPrintVariables@GetFedSubclientData$qqrii
@Printvars@TPrintVariables@GetClientInformation$qqr16Haltypes@TDBTypei
@Printvars@TPrintVariables@GetDetailDesc$qqriiii
@Printvars@TPrintVariables@GetDetailAmount$qqriiii
@Printvars@TPrintVariables@GetMultiTotal$qqrpxixi
@Printvars@TPrintVariables@GetOptionData$qqrio
@Printvars@TPrintVariables@GetConfigData$qqr20Haltypes@TConfigType
@Printvars@TPrintVariables@StrToBool$qqr20System@UnicodeString
@Printvars@TPrintVariables@HighestSuffix$qqriipxixi
@Printvars@TPrintVariables@OutDataExists$qqriii
@Printvars@TPrintVariables@HighSearchIndex$qqriipxixi
@Printvars@TPrintVariables@PropExists$qqrii
@Printvars@TPrintVariables@OutHighProp$qqrii
@Printvars@TPrintVariables@HighProp$qqri
@Printvars@TPrintVariables@GetOutDetailDesc$qqriiiii
@Printvars@TPrintVariables@GetOutDetailAmt$qqriiiii
@Printvars@TPrintVariables@GetOutStrings$qqriiii
@Printvars@TPrintVariables@GetODValue$qqriiii
@Printvars@TPrintVariables@GetOValue$qqriiii
@Printvars@TPrintVariables@GetOutDataInfoExists$qqriiiii
@Printvars@TPrintVariables@GetOutDataInfoCount$qqriiii

xmlrtl190.bpl

@Xml@Win@Msxmldom@initialization$qqrv
@Xml@Win@Msxmldom@Finalization$qqrv
@Xml@Win@Msxmldom@TMSXMLDOMDocumentFactory@$bcctr$qqrv
@Xml@Win@Msxmldom@TMSXMLDOMDocumentFactory@$bcdtr$qqrv
@Xml@Xmldom@initialization$qqrv
@Xml@Xmldom@Finalization$qqrv
@Xml@Xmlschema@initialization$qqrv
@Xml@Xmlschema@Finalization$qqrv

Exports

Exports

Dummy

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_8f7a639e48a069bacdbd5582fe10a85b.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_8fc29e857e59ad1d361a5611401a13aa.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

01:1d:8a:c7:69:0a:53:79:7b:31:fc:13:27:59:1f:df
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-10-2020 00:00

Not After

04-01-2023 23:59

Subject

SERIALNUMBER=C2286585,CN=MobiSystems\, Inc.,O=MobiSystems\, Inc.,L=San Diego,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:9a:3a:9b:85:a3:34:00:68:6e:3a:c8:df:3b:bb:01:3c:dd:40:11:dd:c6:38:40:db:85:b4:a5:d7:ae:85:04
Signer

Actual PE Digest

6e:9a:3a:9b:85:a3:34:00:68:6e:3a:c8:df:3b:bb:01:3c:dd:40:11:dd:c6:38:40:db:85:b4:a5:d7:ae:85:04

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Development\CefSharp\CefSharp.WinForms\obj\Release\net452\CefSharp.WinForms.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_8fdb10c3364753486dc9107d36e0a428.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_903077655fb98b6a8ecb75710d341a75.vir
.exe windows:5 windows x86 arch:x86

42d651751c1d75ed4fa8fe71751854ff

Code Sign

04:d8:b9:40:0b:d8:01:31:da:22:86:2e:2c:0f:23:b0
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13-01-2020 00:00

Not After

28-01-2023 23:59

Subject

SERIALNUMBER=B184956,CN=Viber Media S.à r.l.,O=Viber Media S.à r.l.,L=luxembourg,C=LU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130a6c7578656d626f757267,1.3.6.1.4.1.311.60.2.1.3=#13024c55

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04-03-2014 00:00

Not After

03-03-2024 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:3d:88:7b:43:30:9b:33:23:c7:da:8d:91:34:93:af:a8:93:10:fd:17:bf:93:1c:5e:96:35:9e:bf:1d:82:d0
Signer

Actual PE Digest

e1:3d:88:7b:43:30:9b:33:23:c7:da:8d:91:34:93:af:a8:93:10:fd:17:bf:93:1c:5e:96:35:9e:bf:1d:82:d0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\66\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
CloseEventLog
OpenEventLogW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

PeekMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
GetMessageW
TranslateMessage
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

gdi32

DeleteDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CLSIDFromProgID
CoInitializeSecurity

kernel32

GetCPInfo
GetOEMCP
IsValidCodePage
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineA
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetCommandLineW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
LoadLibraryExW
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
GetComputerNameW
SetCurrentDirectoryW
GetFileType
GetACP
ExitProcess
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_905638ddde4bbb8f8d5adc6c39658be1.vir
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 150KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_913a4c58b40b2bc20531398a5134e6af.vir
.exe windows:4 windows x86 arch:x86

fc5bc055b5965d5e0d54d299e19aa66c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord800
ord2514
ord2621
ord1134
ord5265
ord4376
ord4486
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord860
ord540
ord2370
ord4160
ord2863
ord2379
ord755
ord470
ord6334
ord2818
ord6375
ord4274
ord4853
ord4673
ord1576

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_onexit
__dllonexit
__CxxFrameHandler
_XcptFilter
_setmbcp

kernel32

GetLastError
GetStartupInfoA
GetModuleHandleA

user32

AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
SendMessageA
IsIconic
KillTimer
GetCursorPos
EnableWindow
GetSystemMetrics
SetTimer
SetWindowPos
LoadIconA

shell32

ShellExecuteA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_91c5cfb96e38d2d2314c799e397dbb28.vir
.exe windows:6 windows x86 arch:x86

0eef5de7d700071a60933deba8b2a06f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\prapurna.j\Documents\Visual Studio 2015\Projects\ConsoleApplication2\Release\ConsoleApplication2.pdb

Imports

libegl

eglSwapBuffers
eglTerminate
eglDestroySurface
eglChooseConfig
eglDestroyContext
eglMakeCurrent
eglCreateContext
eglBindAPI
eglCreateWindowSurface
eglInitialize
eglGetDisplay
eglGetError

libglesv2

glGetUniformLocation
glUniform1f
glEnableVertexAttribArray
glUniformMatrix4fv
glUseProgram
glVertexAttribPointer
glDrawArrays
glDisable
glEnable
glDisableVertexAttribArray
glDeleteShader
glClear
glUniform1i
glActiveTexture
glGenTextures
glBindTexture
glTexImage2D
glGenerateMipmap
glTexParameteri
glDeleteProgram
glCreateShader
glCreateProgram
glShaderSource
glClearColor
glViewport
glCompileShader
glAttachShader
glLinkProgram
glBindFramebuffer

libpng12

png_set_IHDR
png_read_end
png_set_expand_gray_1_2_4_to_8
png_set_palette_to_rgb
png_set_tRNS_to_alpha
png_set_gray_to_rgb
png_read_update_info
png_get_tRNS
png_get_PLTE
png_get_valid
png_get_IHDR
png_create_info_struct
png_read_info
png_set_add_alpha
png_set_interlace_handling
png_set_strip_16
png_get_io_ptr
png_get_error_ptr
png_destroy_read_struct
png_create_read_struct
png_set_read_fn
png_read_row

kernel32

UnhandledExceptionFilter
GetModuleHandleA
SetUnhandledExceptionFilter
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess

user32

DispatchMessageA
TranslateMessage
PeekMessageA
DefWindowProcA
PostQuitMessage
DestroyWindow
ReleaseDC
GetDC
SetFocus
SetForegroundWindow
ShowWindow
CreateWindowExA
AdjustWindowRectEx
LoadIconA
LoadCursorA
RegisterClassA

msvcp140

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_BADOFF@std@@3_JB
?_Xout_of_range@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Xbad_alloc@std@@YAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?exceptions@ios_base@std@@QAEXH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z

vcruntime140

_except_handler4_common
memset
_CxxThrowException
memcpy
__telemetry_main_return_trigger
__telemetry_main_invoke_trigger
__CxxFrameHandler3
longjmp
memmove
__std_exception_destroy
__std_exception_copy
_setjmp3
__std_terminate

api-ms-win-crt-stdio-l1-1-0

_fseeki64
__stdio_common_vfprintf
_set_fmode
__acrt_iob_func
fgetpos
fgetc
fputc
ungetc
fflush
setvbuf
__p__commode
fclose
_get_stream_buffer_pointers
fwrite
fsetpos

api-ms-win-crt-runtime-l1-1-0

__p___argv
_set_app_type
_configure_narrow_argv
strerror
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_invalid_parameter_noinfo_noreturn
_errno
_invalid_parameter_noinfo
_initterm_e
exit
_exit
__p___argc
_cexit
terminate
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-math-l1-1-0

_libm_sse2_tan_precise
_libm_sse2_sqrt_precise
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_91f40e4e3b33ffa422482a586f1229e5.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 6.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 379KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tst
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_92164f56752fd170ec67b211d74e86b4.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_9258f9642b7a1550c20d79f4e5ebe032.vir
.exe windows:4 windows x86 arch:x86

894e8da85c0974d14df256b2348be462

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
ResumeThread
LocalReAlloc
FreeLibrary
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
ResetEvent
InitializeCriticalSection
CreateEventA
CloseHandle
WaitForMultipleObjects
LocalAlloc
WaitForSingleObject
DeleteCriticalSection
FormatMessageA
lstrlenA
LocalFree
SetEvent
SetConsoleCtrlHandler
Sleep
GetModuleFileNameA
GetCurrentProcess
SetPriorityClass
LocalSize
GetLastError

advapi32

OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegisterEventSourceA
DeregisterEventSource
ReportEventA

msvcrt

_exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
mbstowcs
_XcptFilter
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
_controlfp
_wcslwr
towupper
wcslen
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
strncat
__CxxFrameHandler
??3@YAXPAX@Z
_endthreadex
??2@YAPAXI@Z
_stricmp
_beginthreadex
exit
_vsnprintf
printf
__p__commode
__p__fmode
sprintf

msvcp60

?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??_7bad_alloc@std@@6B@
??1bad_alloc@std@@UAE@XZ
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0bad_alloc@std@@QAE@ABV01@@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_92ea48b1d8f9de17953a0b73ee857203.vir
.exe windows:4 windows x86 arch:x86

e9ed98a0054d636e6753188b510cf6a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FindResourceA
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetProfileStringA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetThreadLocale
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MulDiv
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpyA
lstrcpynA
lstrlenA

winspool.drv

ClosePrinter
DocumentPropertiesA
EnumPrintersA
OpenPrinterA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write
ImageList_DrawEx

comdlg32

GetOpenFileNameA
GetSaveFileNameA
PrintDlgA

gdi32

BitBlt
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateFontIndirectA
CreateHalftonePalette
CreateICA
CreatePalette
CreatePenIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
EndDoc
EndPage
ExcludeClipRect
ExtTextOutA
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectA
GetPaletteEntries
GetPixel
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
Polygon
RealizePalette
RectVisible
Rectangle
RestoreDC
SaveDC
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
UnrealizeObject

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginDeferWindowPos
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CheckMenuItem
ClientToScreen
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeferWindowPos
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawEdge
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndPaint
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetCapture
GetClassInfoA
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSystemMetrics
GetTopWindow
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
IsChild
IsDialogMessageA
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapWindowPoints
MessageBoxA
OemToCharA
OffsetRect
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RegisterClassA
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
SendMessageA
SetActiveWindow
SetCapture
SetClassLongA
SetCursor
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowsHookExA
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
WaitMessage
WinHelpA
WindowFromPoint
wsprintfA
GetSystemMenu

ole32

IsEqualGUID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeTypeEx
VariantClear
VariantCopyInd

polob

ord3

Exports

Exports

@@Calcbox@Finalize
@@Calcbox@Initialize
@@Datareport3@Finalize
@@Datareport3@Initialize
@@Datareport@Finalize
@@Datareport@Initialize
@@Displayres@Finalize
@@Displayres@Initialize
@@Displaysumm@Finalize
@@Displaysumm@Initialize
@@Glob@Finalize
@@Glob@Initialize
@@Main@Finalize
@@Main@Initialize
@@Opendata@Finalize
@@Opendata@Initialize
@@Option@Finalize
@@Option@Initialize
@@Plot@Finalize
@@Plot@Initialize
@@See@Finalize
@@See@Initialize
_CalcBoxForm
_DataReport3Form
_DataReportForm
_DisplayResForm
_DisplaySummForm
_GlobForm
_MainForm
_OpenDataForm
_OptionForm
_PlotForm
_SeeForm
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 523KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_93a6e8c469475e78a47b9e08b9686d52.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_93abbf0224e7372c214e0cf9298a598c.vir
.exe windows:6 windows x86 arch:x86

a353fec125c1b102f65a9233e531e2cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\CS\Documents\Visual Studio 2012\Projects\기컴네\Debug\기컴네.pdb

Imports

msvcr110d

_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_fmode
_calloc_dbg
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
wcscpy_s
_wmakepath_s
_wsplitpath_s
__initenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
_CrtSetCheckCount
_CrtDbgReportW
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_CRT_RTC_INITW
strlen
strcmp
_time64
printf
fread
fopen
fclose
_unlock
__iob_func

kernel32

GetModuleFileNameW
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
DecodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
lstrlenA
LoadLibraryExW
GetProcAddress
GetLastError
RaiseException
IsDebuggerPresent
EncodePointer
GetModuleHandleW

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_94872036202dce54aedd6bf74e20a486.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_949a4b5b20d11d02e743319fe03d41a3.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\user\Documents\Visual Studio 2010\Projects\TaskManagementReminder\obj\STANDARD_VERSION\MyNewService.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_94a2cc0d63b6a54329bb58fd1d1e45dc.vir
.exe windows:5 windows x86 arch:x86

f12ce87907890dde1c15e1e2b0111d5c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:d2:bb:a6:92:2f:3c:7a:02:42:b5:4c:04:0f:8b:11
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03-06-2015 00:00

Not After

02-07-2017 23:59

Subject

CN=Conexant Systems\, Inc.,O=Conexant Systems\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:e7:21:1e:2b:a1:4b:37:bf:4c:5d:19:bc:cb:e3:fa:93:a7:e7:7d
Signer

Actual PE Digest

11:e7:21:1e:2b:a1:4b:37:bf:4c:5d:19:bc:cb:e3:fa:93:a7:e7:7d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

kernel32

GetConsoleCP
GetConsoleMode
WriteConsoleW
SetEnvironmentVariableA
SizeofResource
LockResource
GetTimeZoneInformation
IsProcessorFeaturePresent
LoadResource
FindResourceW
GetProcAddress
GetModuleHandleW
GetSystemDefaultUILanguage
GetUserDefaultLangID
GetUserDefaultUILanguage
GetCurrentProcess
MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStringTypeW
CloseHandle
WaitForSingleObject
ResetEvent
OpenEventW
GetVersionExW
FindClose
FindFirstFileW
CreateProcessW
CreateFileW
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
Sleep
GetTickCount
CreateEventW
GetVersion
SetLastError
MulDiv
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapQueryInformation
HeapSize
ExitProcess
CreateThread
ExitThread
HeapReAlloc
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
HeapAlloc
HeapFree
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GlobalSize
CopyFileW
GlobalFree
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
SetErrorMode
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
GetCurrentDirectoryW
lstrcpyW
GetSystemDirectoryW
GlobalFlags
FileTimeToSystemTime
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
ConvertDefaultLocale
GetLocaleInfoW
InterlockedExchange
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryW
lstrcmpW
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
ActivateActCtx
DeactivateActCtx
SuspendThread
SetEvent
GetCurrentThreadId
ResumeThread
SetThreadPriority
lstrlenA
lstrcmpA
WideCharToMultiByte

user32

FrameRect
IsClipboardFormatAvailable
CreateMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
CreateDialogIndirectParamW
EndDialog
GetNextDlgGroupItem
GetIconInfo
GetNextDlgTabItem
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
GetSystemMenu
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
CreatePopupMenu
DestroyAcceleratorTable
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
IntersectRect
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
CharUpperW
IsIconic
InvalidateRect
DeleteMenu
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
RealChildWindowFromPoint
ClientToScreen
UnregisterClassW
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
GetSystemMetrics
DestroyMenu
GetUpdateRect
InflateRect
ShowOwnedPopups
SetCursor
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
PostThreadMessageW
PostQuitMessage
PeekMessageW
SetForegroundWindow
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
MapDialogRect
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
CopyRect
PtInRect
GetWindow
UnhookWindowsHookEx
GetWindowThreadProcessId
DrawIcon
DestroyCursor
GetWindowRgn
GetMenuItemInfoW
ShowWindow
GetLastActivePopup
FindWindowW
KillTimer
GetDesktopWindow
LoadIconW
EnableWindow
CharNextW
SetTimer
SystemParametersInfoW
GetMenuItemID
GetSubMenu
ModifyMenuW
LoadMenuW
PostMessageW
GetWindowRect
RedrawWindow
SetActiveWindow
SetParent
DestroyIcon
LoadImageW
IsWindow
SetMenuDefaultItem
TrackPopupMenu
GetCursorPos
GetClassNameW
RegisterWindowMessageW
RemoveMenu
GetMenuItemCount
InsertMenuW
AppendMenuW
GetMenuStringW
GetMenuState
ValidateRect
GetKeyState
SendMessageW
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
MessageBoxW
IsWindowEnabled
GetWindowLongW
GetParent
IsMenu

gdi32

SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateDIBitmap
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetObjectW
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
DeleteObject
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateCompatibleDC
CreateFontIndirectW
SetBkColor
SetTextColor
CreateDCW
CopyMetaFileW
GetDeviceCaps
CreateBitmap

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegEnumKeyW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
GetUserNameW
CloseServiceHandle
RegEnumValueW
RegQueryValueW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceStatus

shell32

ShellExecuteW
Shell_NotifyIconW
SHAppBarMessage
SHGetFileInfoW
SHGetDesktopFolder
SHBrowseForFolderW
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindExtensionW

ole32

DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoUninitialize
CoCreateGuid
OleDuplicateData
ReleaseStgMedium
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoCreateInstance

oleaut32

VarUI4FromStr
DispCallFunc
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
SysAllocString
VariantClear
VarBstrFromDate
SysFreeString
VariantInit
GetErrorInfo

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_94f214e7b5d9eec331158b419050d28c.vir
.dll windows:4 windows x86 arch:x86

4bf26c27999e86e57060423d771554c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFileAttributesA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetClipboardData

gdi32

GetDIBits

winmm

midiStreamOut

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

CLSIDFromString

oleaut32

LoadTypeLi

comctl32

ord17

ws2_32

inet_ntoa

comdlg32

GetSaveFileNameA

Exports

Exports

b��Î8��YJĪZ�\�o��I�4XF��x-�I1�&�>��b$�S��2|�c�I�f�s��S,��u�v�Ck��l�R�Oo�|!j�nk�u5��2�6 ~�b�a,t��c�:rE��U��\V0?��w��ci�e�PKl��6��#V�D�Ц�ժ)�b��.�E��d尃�#�E�?S��$</��r�B��rMX�>7!�v �<�31)F~}�m{��>�y�� ALv?J��l. ��4�u9l��P��ktC��(�� dh>��Ks�)��=k�ށ��0�$jw�E��@O�� w�:t��2u�* �v��4�i�|��ķ�`=�!h��y5)��ހC��"i��z�uВ��A:�_B�]��]�� /��F��T�)@XZ�c?�Oog��p/��w�>�-�p��,@f��vD�1a�h�pH��;�{A@�7X�ڞGFq�23кD��t�g3z��P�_`�y��+.>��D��/ck�%�%렴43��&ՙ��K�xL ��^�-A�i�7V��>_��>r�G?�"�X�Ï��B֩Z�kJ�&��gR�ߤ�k�]uz�t|��x�1>B��:%��ᤓ��d��Ǳ�ui��{�8!�Y7A�`I��`�;�S$�0ȡ��~��]�z�ɽ_�'�,�A��ǎ�L��}��|I.��ÕS��ԩ\�?[�x5�ɍ�P�~nܓ�+�>��\"��g!�x�-U�VW��{'Ovw�k[��nEU59`��V��85�g�88W��b��?�K'"��y��|��6}��&�Z��Ȟu�N1 vi��J�_��%��\��v7�wv�K]�=7��# ��]��5�W�Y8�x��7.�8�!��._Y��=��H��>ɳ0hL��M4�uh��4�� X��%҂a-F�O��@��H:i�Bܣ��s �/��xuN�>��W�^#F4�� h=�-3��{m�%�难��K�4�K ��N�K7�^��k,.f��9U��ʹ$�U�{q%�o�v��`�}��S�I�Aӽ�4� uA��b�Mf��8��V:2G$V�/��F�� <��kEv�O��hͧn)��^7&�ɳ��g8:Wuht� =��G��x�e��Ȥ�;�/�{��w�fQƷ��k|�hT�Stڒ�k��/�WHO]A��޶��Mi-� �?�跽JkHE }A��䅆�;�a�\�k�,��S��{Y��8<�w��,��]A�&��{�y��eT�N�~�� QUk9��O��8�ЂѶ��e��\��i2�APdWQڣ�� _W� ��_�.��*e�㨵l��Ô~�/�.�̈J("�b��x��n�d�A��m�%xs�/)�q��U��>�,aU�0K� ��A�ĺ��&��<� �hۋ�;G��-�U��x��QvN+q��v��?��>I��?�8��)c��WAT��Ƨ��$�b�Z�{�/j�IoD��P碒0��pe��e`�j�B��dՙ��D��#��9��*v!��s��\N�k��v�ꎣt��k�SM�K8�kS�F7�R�� ;4�H��^D��,�ё�o<��W��6��e`r�8A��(��[�4�B/A�aDk J݊�]̔��U�X+O��DI-��8�5��,}:8|��7@ p (`dI�Q �-�� $E( �^`Ua ��}��S��k<P��9��Ps �N.WN�=05� ��@c?��f�U��n��rv�h-,Ge�-O�X(��ym��f� ��\�#!��e[�CM.gM�<Ʒ��B�}� �3N��3}��v�g�偹�e2I�P��C/�4�}��-="�eX�ⶰ�<WOZ/A(gɶ��uƭC'�*�c�8�d��%��*+��=��e�t�`��+zd�y�d��ko�;��5M��`�Yb"�5��W��b2؈�;B {��x��!�ƠTzG��+��O,�Q��Px� �� uǈ�1�+��we�}R��6Gb�8�-�(�^k�?_��a��V�?50��n��iZq��I��Z��\��Bs��5D��r�J�3a�7��C�2��:��xB��O�:�8$=��b��q� ��839�>��hv)��TȰ�s�{R��=5��B��v؆lLR��A�8㛷��_Z��z�d �<��Vԙ��]�,q��}#��wh�s^i�&�(��p��Lk�J��_��5�6Pw��f��t�&��sc1>F�^�!�"4vH?��h��Hv��łS�sH��S � �Z��<��o��l�!%S9��k�l��Q�a��yQ��`�Ӱ:�.�L��M:�]��m��7t!u�h�q��}��*N��C~��K�?��-d91�|��jy��'��r�@"�/�jb��>��z9P d�B�9ק�B:�v"2i�g�ȝ#f�sz�&�8g��ZH�$��rv�x\��M�H�̍�'R�Bl�1�/��UM- ��&�Y8��B��kRd`��mе��^�m�]�7��]�B�%@ 0(u��.��r�:��N�NqG��jx�=��}��n��蹭��u�9|`��z��>�z�z�dƾ(n�j�8� s�X�=��uY�.�Կ�Q��b,@9Ԯ��CEf��fb��ځޞ��K*��%��?��;�^��l��`��=��ݓ��ϻ��27i�U��N��S�olqb)��?��bl#nϛsa#G=�ʭ�[�%�w1&��SI.`O��.�n'�xB�
sss

Sections

.text
Size: - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 976KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_97a8dacbe3b7ce2b7fac82f2e39665c4.vir
.exe windows:6 windows x86 arch:x86

ffff45487d1e51fa972c8409931457df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\apphost\standalone\apphost.pdb

Imports

kernel32

FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetFullPathNameW
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
FindFirstFileExW
OutputDebugStringW
LoadLibraryA
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_seh_filter_exe
terminate
_set_app_type
_controlfp_s
_invalid_parameter_noinfo_noreturn
_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
exit
__p___argc
__p___wargv
_errno
_c_exit
_cexit
abort
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__p__commode
__acrt_iob_func
fputwc
fputws
__stdio_common_vsprintf_s
fflush
__stdio_common_vfwprintf
__stdio_common_vswprintf
_wfopen
setvbuf
_set_fmode

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc
calloc

api-ms-win-crt-string-l1-1-0

strcpy_s
strcspn
wcsncmp
toupper
wcsnlen
_wcsdup

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstoul

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_lock_locales
___lc_locale_name_func
___mb_cur_max_func
___lc_codepage_func
__pctype_func
setlocale
_unlock_locales
localeconv

api-ms-win-crt-math-l1-1-0

frexp
__setusermatherr

api-ms-win-crt-time-l1-1-0

_gmtime64_s
wcsftime
_time64

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_98b3f5e31bafff1650b0ec9fecd59b81.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 832B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_99c08de699c6c8d868e4be591607d20f.vir
.exe windows:4 windows x86 arch:x86

37b127e3c86e30efca8fa6eb66cdba54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaExitProc
__vbaVarForInit
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord520
__vbaBoolVarNull
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
__vbaCastObjVar
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaPrintFile
ord712
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaLateMemCall
__vbaVarDup
__vbaVarLateMemCallLd
ord617
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_99ca17788c3581e3d73e8bc7da77a2a9.vir
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_9a01671e1c500ba4eeef992cc463d06e.vir
.exe windows:4 windows x86 arch:x86

00fbc5bd7add72f96929f86a8765434d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?symContextInit
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?symRefItemConst
?domAssign
?getRFPC
?momSOff
SET
?retStackValue
DBSELECTAREA
DBUSEAREA
DBSETINDEX
EOF
?domNot
VAL
AT
DBSEEK
?domAdd
STR
DTOC
?getRFCC
ALLTRIM
?andShortCut
?domEql
?domAnd
?floadTos
DBSKIP
TRANSFORM
QOUT
?retNil
?conNRelease
?conNReleaseL
?frameExit
?ehUnwind
?passParameter
STRTRAN
?retStackItem
CHR
__vft19ConNumericIntObject10AtomObject
__vft14ConLogicObject10AtomObject
__vft20ConStringConstObject10AtomObject
__vft14ConStringShort10AtomObject
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_90_0
___xpprt1Version
APPTYPE
APPDESKTOP
?conSendItem
ACREATE
?conAssignRefWMember
APPNAME
?conNewString
SETAPPWINDOW
?domXEql
?orShortCut
?domOr
ROOTCRT
__vft21ConNumericFloatObject10AtomObject
BREAK
?pushDynamicCodeBlock
ERRORBLOCK
WORKSPACELIST
LEN
?setSWArea
DBCOMMIT
?restWArea
DBCLOSEAREA
?ehUnsetContext
?ehGetBreakContainer
?conRelease
DBRROLLBACK
?domGetElem
DBELOAD
ALERT
DBEBUILD
?conMemberToItem
DBSESSION
ISFUNCTION
?executeMacro
AADD
EMPTY
LTRIM
DOSERRORMESSAGE
ROW
COL
SETPOS
?domValXEql
_BREAK
ERRORLEVEL
_QUIT
ISMETHOD
?domInc
PROCNAME
?domAddEqu
TRIM
PROCLINE
CONFIRMBOX
?domValGCmp
VALTYPE
PADL
TONE
OUTERR
MSGBOX
REPLICATE
DATE
TIME
VERSION
OS
SPACE
VAR2CHAR
QQOUT
AEVAL
MLCOUNT
MEMOLINE
RTRIM
LEFT
DLLLOAD
DLLCALL
DLLUNLOAD
?nomClassLock
?nomClassUnlock
?retObject
?conNewNil
XBPBASEDIALOG
?conGetClass
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?conNewExtObject
?nomCallInitClass
?conGetSelfClass
XBPBASECRT
XBPBASECOMBOBOX
XBPBASELISTBOX
XBPBASEPUSHBUTTON
XBPBASESPINBUTTON
XBPBASEMENUBAR
XBPBASEMENU
XBPBASESLE
XBPBASEMLE
XBPBASETREEVIEW
XBPBASETREEVIEWITEM
XBPBASE3STATE
XBPBASETABPAGE
XBPBASESCROLLBAR
XBPBASECHECKBOX
XBPBASERADIOBUTTON
XBPBASESTATIC
XBPBASEPRESSPACE
SETMOUSE
?domRefElem
ACLONE
INT
?domSub
?domNEql
BAND
UPPER
ASCAN
RIGHT
SHELLLINKRESOLVE
FOPEN
FSIZE
FREADSTR
FCLOSE
SUBSTR
PCOUNT
?domLCmp
?domValNEql
GRAQUERYTEXTBOX
?conOpNewInt
L2BIN
?domMul
CONVTOANSICP
?domGCmp
SETAPPFOCUS
APPEVENT
SETAPPEVENT
EVAL
BIN2L
?domValEql
LOADRESOURCE
THREADID
DOSERROR
ARRAY
ERROR

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xpp
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_9a667c5d71327a31a67d0c80b4665b19.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:06:2f:03:6b:ee:bf:4e:7e:60:00:00:00:00:01:06
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2018 20:20

Not After

23-11-2019 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:179E-4BB0-8246,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:49:31:b8:36:f1:ea:75:46:cd:61:d4:61:9b:95:41:0c:db:6d:cf
Signer

Actual PE Digest

38:49:31:b8:36:f1:ea:75:46:cd:61:d4:61:9b:95:41:0c:db:6d:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Contracts\4.0.1.0\System.Diagnostics.Contracts.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_9b37b620092db9d5537abcf2a5eb0139.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_9b4612faa36c90f1430194351d78b63a.vir
.exe windows:5 windows x64 arch:x64

0b5552dccd9d0a834cea55c0c8fc05be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetOEMCP
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetEndOfFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_9b4d18b06c4ac5cc65aba946cf96891f.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_9c04dcb36c561568305bd703eabeb7fa.vir
.dll windows:6 windows x64 arch:x64

8e0583bbdbbc33fcad54ab5b6d40d98c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\chono\Documents\doc\work\peaks\trunk\MISDK\MISDKIntegration\bin\Release\calccolor\x64\CalculateYxy.pdb

Imports

kernel32

GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetModuleFileNameW
LoadLibraryExW
HeapAlloc
HeapReAlloc
GetStringTypeW
OutputDebugStringW
HeapSize
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW

Exports

Exports

CalcFrame_Absolute
CalcFrame_Difference
CalcFrame_Equation
CalcFrame_GetCapability
CalcFrame_GetItem
CalcFrame_GetParameterDef
CalcFrame_GetStringResult
CalcFrame_Invert

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_9c0ba927f894a26eb273aac753bfaa2b.vir
.exe windows:4 windows x86 arch:x86

aa57b777f1f5db5b76b1f277b48315b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
InterlockedIncrement
GlobalUnlock
ResetEvent
CreateThread
lstrlenA
LockResource
GetCurrentThreadId
LoadResource
GlobalLock
GetProcAddress
MultiByteToWideChar
CreateEventW
GlobalAlloc
OpenEventW
GetVersionExW
GetEnvironmentVariableW
GetPrivateProfileIntW
Sleep
lstrcmpiW
GetModuleHandleW
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
FreeLibrary
CreateFileA
IsValidCodePage
GetOEMCP
GetCPInfo
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
ExitProcess
RtlUnwind
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
GetSystemTimeAsFileTime
SetEvent
LoadLibraryExW
FindResourceW
GetLastError
WritePrivateProfileStringW
WideCharToMultiByte
DeleteCriticalSection
GetCurrentProcess
CloseHandle
EnterCriticalSection
GetModuleFileNameW
FindResourceExW
GlobalFree
SizeofResource
MulDiv
WaitForSingleObject
RaiseException
lstrlenW
GlobalSize
LeaveCriticalSection
lstrcmpW
FlushInstructionCache
InitializeCriticalSection
InterlockedDecrement
SetStdHandle
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA

user32

IsWindow
UnregisterClassA
PostMessageW
DefWindowProcW
ReleaseCapture
GetWindowTextLengthW
PtInRect
SetWindowLongW
GetWindowLongW
CallWindowProcW
SetTimer
GetWindow
BeginPaint
TrackMouseEvent
GetParent
SetCapture
InvalidateRect
SetFocus
LoadCursorW
GetDC
ShowWindow
SendMessageW
SystemParametersInfoW
CreateAcceleratorTableW
DispatchMessageW
IsWindowVisible
SetForegroundWindow
TranslateMessage
GetMessageW
FindWindowW
UnregisterClassW
GetClassInfoExW
MapWindowPoints
FillRect
PostQuitMessage
CharNextW
SetWindowRgn
DestroyWindow
GetSysColor
KillTimer
SetWindowTextW
SetWindowPos
CreateWindowExW
DestroyIcon
LoadImageW
GetDesktopWindow
MoveWindow
GetClassNameW
RedrawWindow
DestroyAcceleratorTable
ReleaseDC
EndPaint
ScreenToClient
RegisterWindowMessageW
GetWindowRect
IsChild
RegisterClassExW
GetWindowTextW
GetFocus
GetDlgItem
ClientToScreen
GetClientRect
InvalidateRgn

gdi32

DeleteObject
CombineRgn
CreateSolidBrush
DeleteDC
CreateCompatibleDC
GetPixel
GetStockObject
GetObjectW
GetDeviceCaps
StretchBlt
CreateRectRgn
BitBlt
SelectObject
CreateCompatibleBitmap

advapi32

RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyW

ole32

CoInitialize
StringFromGUID2
CLSIDFromString
CoTaskMemRealloc
StringFromCLSID
CoCreateInstance
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CoUninitialize
CreateStreamOnHGlobal
OleInitialize
CoTaskMemAlloc
OleUninitialize
CoTaskMemFree

oleaut32

SysAllocString
LoadRegTypeLi
SysAllocStringLen
VariantClear
SysStringLen
VariantInit
SysStringByteLen
OleCreateFontIndirect
VarUI4FromStr
LoadTypeLi
SysFreeString

msimg32

TransparentBlt

ws2_32

recv
closesocket
WSAGetLastError
socket
gethostbyname
setsockopt
send
connect
WSACleanup
WSAStartup
htons

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_9d8094ebc696903ce02d9b85bffbf8ed.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_9eea82d2d1ff7bec33f85ee4d753b8c4.vir
.exe windows:4 windows x86 arch:x86

4ec0a34c80367d602aa53af1682d395a

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0b:67:08:f9:94:fa:d5:d2:3f:54:72:25:53:b9:0b
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-09-2015 00:00

Not After

20-09-2018 12:00

Subject

CN=Nicholas Forystek,O=Nicholas Forystek,L=Mound,ST=Minnesota,C=US,1.2.840.113549.1.9.1=#0c13737570706f7274406e656f746578742e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:b8:c9:a1:d2:4b:23:f8:06:71:88:56:e3:73:b8:6d:fa:a6:a2:ab
Signer

Actual PE Digest

30:b8:c9:a1:d2:4b:23:f8:06:71:88:56:e3:73:b8:6d:fa:a6:a2:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dx8vb

ord49
ord114
ord115
ord117
ord52
ord55
ord56
ord57
ord58
ord59
ord23
ord29
ord131
ord70

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFpCDblR4
__vbaFreeVar
__vbaLineInputStr
ord588
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
__vbaPut3
_adj_fdiv_m64
__vbaPut4
__vbaFpCDblR8
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord518
__vbaVarSetVarAddref
__vbaCopyBytes
__vbaForEachCollAd
__vbaStrCat
__vbaWriteFile
__vbaLsetFixstr
__vbaBoolErrVar
__vbaSetSystemError
ord661
__vbaRecDestruct
ord662
__vbaHresultCheckObj
ord557
ord558
__vbaLenVar
__vbaVargVarCopy
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord592
ord593
__vbaForEachCollObj
__vbaExitProc
__vbaBoolStr
ord300
ord594
ord301
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord306
__vbaForEachCollVar
__vbaBoolVar
ord520
ord307
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord709
__vbaErase
__vbaVargVarMove
__vbaVarCmpGt
__vbaNextEachCollObj
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
ord529
__vbaStrCmp
__vbaGet4
__vbaAryConstruct2
__vbaVarTstEq
__vbaR4Str
__vbaNextEachCollVar
__vbaObjVar
ord561
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
ord670
__vbaCastObjVar
__vbaStrR4
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
ord568
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
ord712
__vbaR4ErrVar
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFailedFriend
ord607
ord714
ord608
ord531
ord716
__vbaVarCmpLe
__vbaFPException
__vbaInStrVar
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaR4ForNextCheck
__vbaVarCat
ord535
__vbaLsetFixstrFree
__vbaI2Var
__vbaFileSeek
ord644
_CIlog
__vbaFileOpen
ord648
ord570
__vbaR8Str
__vbaInStr
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaI4Str
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord578
ord685
ord100
ord579
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaFpI2
__vbaUnkVar
__vbaVarLateMemCallLd
__vbaFpI4
__vbaRecDestructAnsi
__vbaVarSetObjAddref
__vbaLateMemCallLd
ord617
_CIatan
__vbaAryCopy
__vbaCastObj
__vbaStrMove
__vbaUI1Str
__vbaStrVarCopy
ord619
__vbaVarNeg
ord650
ord543
_allmul
__vbaLateIdSt
_CItan
__vbaNextEachCollAd
ord546
__vbaUI1Var
__vbaAryUnlock
__vbaFpCSngR8
_CIexp
__vbaFreeStr
__vbaFreeObj
__vbaRecAssign
ord581

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_a07a560cb817c7a58b7bc94a04c3cb25.vir
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_a0e862bed358f07b658d09140d848e4e.vir
.exe windows:4 windows x86 arch:x86

b131185a01877ba1b407976e08770a84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
SetErrorMode
SetConsoleCtrlHandler
SetLastError
GetCommandLineA
RaiseException
GetFileType
GetLastError
GetStdHandle
CloseHandle
FormatMessageA
DebugBreak
FreeLibrary
GetCurrentThread
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetModuleFileNameA
VirtualQuery
MapViewOfFile
CreateFileMappingA
CreateFileA
GetModuleHandleA
ReadFile
SetEndOfFile
SetFilePointer
GetTempFileNameA
GetTempPathA
GetFullPathNameA
GetFileInformationByHandle
Sleep
WriteFile
DeleteFileA
WaitForSingleObject
GetVersionExA
SetThreadPriority
CreateProcessA
GetVersion
ExitProcess
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetCPInfo
GetOEMCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
SetStdHandle

Sections

.text
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 4KB - Virtual size: 390B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_a189c08c5f8d12869fc5647745af0d39.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_a35512a9f32638b946315b98fbb2bae8.vir
.exe windows:5 windows x86 arch:x86

5efd74892a893f15c566623cc8a8cc76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
LocalFree
OutputDebugStringW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
GetClassInfoW
ScreenToClient
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
CreateWindowExW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_a4347b4c55e538ec856f9c1ad27e1026.vir
.dll windows:6 windows x64 arch:x64

0c0c66d3eb13a84da3370eb5b6385e92

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:d0:2d:8a:6b:fe:8c:3e:27:4f:07:04:f9:89:6b:49
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13-03-2024 00:00

Not After

12-03-2026 23:59

Subject

SERIALNUMBER=5073497,CN=Anaconda\, Inc.,O=Anaconda\, Inc.,L=Austin,ST=Texas,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:e3:69:31:df:7d:82:2a:a8:dd:b0:30:ad:93:e5:18:be:4b:46:4d:d4:15:dc:8b:1b:c6:2b:41:16:50:11:e1
Signer

Actual PE Digest

78:e3:69:31:df:7d:82:2a:a8:dd:b0:30:ad:93:e5:18:be:4b:46:4d:d4:15:dc:8b:1b:c6:2b:41:16:50:11:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\b\abs_6340of3bbb\croot\python-split_1715024547615\work\PCbuild\amd64\_queue.pdb

Imports

python310

PyObject_IsTrue
PyType_GetModule
PyType_FromModuleAndSpec
_PyArg_NoPositional
PyExc_TypeError
PyModuleDef_Init
PyThread_free_lock
PyErr_NewExceptionWithDoc
PyList_Append
PyList_New
_PyTime_GetMonotonicClock
PyObject_ClearWeakRefs
PyModule_AddObjectRef
PyThread_release_lock
_Py_Dealloc
PyExc_OverflowError
PyModule_AddType
PyExc_ValueError
_PyArg_UnpackKeywords
PyErr_SetString
PyEval_RestoreThread
_Py_NoneStruct
PyThread_allocate_lock
PyExc_MemoryError
PyErr_SetNone
PyObject_GC_UnTrack
PyList_SetSlice
PyEval_SaveThread
PyLong_FromSsize_t
PyErr_Occurred
_PyArg_NoKeywords
PyBool_FromLong
_PyTime_FromSecondsObject
Py_MakePendingCalls
_PyTime_AsMicroseconds
Py_GenericAlias
PyThread_acquire_lock_timed
_PyType_GetModuleByDef

vcruntime140

__C_specific_handler
memset
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_cexit
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_initterm
_initialize_onexit_table
_seh_filter_dll

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Exports

Exports

PyInit__queue

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_a4544e075509d165f502c5ef4c5b2eb7.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 1.3MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 35KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1.9MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 112B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 139KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 147KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.winlice
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 533KB - Virtual size: 540KB

IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_a477755577724e1c1ef4939f9daac25e.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_a487322e9c6fc71e90d62713976763c6.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FAT32Reader.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_a4ef696fa04fb5ce1575bfe0ce592e78.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_a695e1dec492276265364ad3405e59af.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_a6988adb5408f6a0986428be5a009023.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_a69e0945a384c89608b9161b5c70b0ea.vir
.dll windows:4 windows x86 arch:x86

b0d60a1b7ad0f9e992d5107b756500bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

icudt34

icudt34_dat

kernel32

GetThreadLocale
GetACP
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedIncrement
GetTimeZoneInformation
DeleteCriticalSection
MapViewOfFile
CloseHandle
CreateFileMappingA
CreateFileA
UnmapViewOfFile
GetSystemTimeAsFileTime
GetCurrentThreadId
InterlockedDecrement
GetCurrentProcessId
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetTickCount

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

msvcr80

memset
memmove
floor
ceil
fabs
modf
fmod
pow
log
memcmp
_tzset
__timezone
__CxxFrameHandler3
getenv
sprintf
strtoul
atol
strncpy
strncmp
_stricmp
strstr
realloc
strrchr
strncat
isalnum
??3@YAXPAX@Z
??_V@YAXPAX@Z
wcslen
?terminate@@YAXXZ
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_purecall
memcpy
free
strcmp
setlocale
strchr
strlen
malloc
strcpy
strcat
__tzname

Exports

Exports

??0CharString@icu_3_4@@QAE@ABVUnicodeString@1@@Z
??0Hashtable@icu_3_4@@QAE@AAW4UErrorCode@@@Z
??0Hashtable@icu_3_4@@QAE@CAAW4UErrorCode@@@Z
??0Hashtable@icu_3_4@@QAE@XZ
??0Mutex@icu_3_4@@QAE@PAPAX@Z
??0ParsePosition@icu_3_4@@QAE@ABV01@@Z
??0ParsePosition@icu_3_4@@QAE@H@Z
??0ParsePosition@icu_3_4@@QAE@XZ
??0Replaceable@icu_3_4@@IAE@XZ
??0Replaceable@icu_3_4@@QAE@ABV01@@Z
??0RuleCharacterIterator@icu_3_4@@QAE@ABVUnicodeString@1@PBVSymbolTable@1@AAVParsePosition@1@@Z
??0StringEnumeration@icu_3_4@@IAE@XZ
??0StringEnumeration@icu_3_4@@QAE@ABV01@@Z
??0SymbolTable@icu_3_4@@QAE@ABV01@@Z
??0SymbolTable@icu_3_4@@QAE@XZ
??0UObject@icu_3_4@@QAE@ABV01@@Z
??0UObject@icu_3_4@@QAE@XZ
??0UStack@icu_3_4@@QAE@AAW4UErrorCode@@@Z
??0UStack@icu_3_4@@QAE@HAAW4UErrorCode@@@Z
??0UStack@icu_3_4@@QAE@P6AXPAX@ZP6ACTUHashTok@@2@ZAAW4UErrorCode@@@Z
??0UStack@icu_3_4@@QAE@P6AXPAX@ZP6ACTUHashTok@@2@ZHAAW4UErrorCode@@@Z
??0UStringEnumeration@icu_3_4@@QAE@ABV01@@Z
??0UStringEnumeration@icu_3_4@@QAE@PAUUEnumeration@@@Z
??0UVector@icu_3_4@@QAE@AAW4UErrorCode@@@Z
??0UVector@icu_3_4@@QAE@HAAW4UErrorCode@@@Z
??0UVector@icu_3_4@@QAE@P6AXPAX@ZP6ACTUHashTok@@2@ZAAW4UErrorCode@@@Z
??0UVector@icu_3_4@@QAE@P6AXPAX@ZP6ACTUHashTok@@2@ZHAAW4UErrorCode@@@Z
??0UnicodeFilter@icu_3_4@@QAE@ABV01@@Z
??0UnicodeFilter@icu_3_4@@QAE@XZ
??0UnicodeFunctor@icu_3_4@@QAE@ABV01@@Z
??0UnicodeFunctor@icu_3_4@@QAE@XZ
??0UnicodeMatcher@icu_3_4@@QAE@ABV01@@Z
??0UnicodeMatcher@icu_3_4@@QAE@XZ
??0UnicodeSet@icu_3_4@@QAE@ABV01@@Z
??0UnicodeSet@icu_3_4@@QAE@HH@Z
??0UnicodeSet@icu_3_4@@QAE@XZ
??0UnicodeString@icu_3_4@@QAE@ABV01@@Z
??0UnicodeString@icu_3_4@@QAE@ABV01@H@Z
??0UnicodeString@icu_3_4@@QAE@ABV01@HH@Z
??0UnicodeString@icu_3_4@@QAE@CPB_WH@Z
??0UnicodeString@icu_3_4@@QAE@H@Z
??0UnicodeString@icu_3_4@@QAE@HHH@Z
??0UnicodeString@icu_3_4@@QAE@PA_WHH@Z
??0UnicodeString@icu_3_4@@QAE@PBD0@Z
??0UnicodeString@icu_3_4@@QAE@PBDH0@Z
??0UnicodeString@icu_3_4@@QAE@PBDHPAUUConverter@@AAW4UErrorCode@@@Z
??0UnicodeString@icu_3_4@@QAE@PBDHW4EInvariant@01@@Z
??0UnicodeString@icu_3_4@@QAE@PB_W@Z
??0UnicodeString@icu_3_4@@QAE@PB_WH@Z
??0UnicodeString@icu_3_4@@QAE@XZ
??0UnicodeString@icu_3_4@@QAE@_W@Z
??1CharString@icu_3_4@@QAE@XZ
??1Hashtable@icu_3_4@@QAE@XZ
??1Mutex@icu_3_4@@QAE@XZ
??1ParsePosition@icu_3_4@@UAE@XZ
??1Replaceable@icu_3_4@@UAE@XZ
??1StringEnumeration@icu_3_4@@UAE@XZ
??1SymbolTable@icu_3_4@@UAE@XZ
??1UObject@icu_3_4@@UAE@XZ
??1UStack@icu_3_4@@UAE@XZ
??1UStringEnumeration@icu_3_4@@UAE@XZ
??1UVector@icu_3_4@@UAE@XZ
??1UnicodeFilter@icu_3_4@@UAE@XZ
??1UnicodeFunctor@icu_3_4@@UAE@XZ
??1UnicodeMatcher@icu_3_4@@UAE@XZ
??1UnicodeSet@icu_3_4@@UAE@XZ
??1UnicodeString@icu_3_4@@UAE@XZ
??2UMemory@icu_3_4@@SAPAXI@Z
??2UMemory@icu_3_4@@SAPAXIPAX@Z
??2UMemory@icu_3_4@@SAPAXIPBDH@Z
??3UMemory@icu_3_4@@SAXPAX0@Z
??3UMemory@icu_3_4@@SAXPAX@Z
??3UMemory@icu_3_4@@SAXPAXPBDH@Z
??4ICU_Utility@icu_3_4@@QAEAAV01@ABV01@@Z
??4ParsePosition@icu_3_4@@QAEAAV01@ABV01@@Z
??4Replaceable@icu_3_4@@QAEAAV01@ABV01@@Z
??4StringEnumeration@icu_3_4@@QAEAAV01@ABV01@@Z
??4SymbolTable@icu_3_4@@QAEAAV01@ABV01@@Z
??4UMemory@icu_3_4@@QAEAAV01@ABV01@@Z
??4UObject@icu_3_4@@QAEAAV01@ABV01@@Z
??4UStringEnumeration@icu_3_4@@QAEAAV01@ABV01@@Z
??4UnicodeFilter@icu_3_4@@QAEAAV01@ABV01@@Z
??4UnicodeFunctor@icu_3_4@@QAEAAV01@ABV01@@Z
??4UnicodeMatcher@icu_3_4@@QAEAAV01@ABV01@@Z
??4UnicodeSet@icu_3_4@@QAEAAV01@ABV01@@Z
??4UnicodeString@icu_3_4@@QAEAAV01@ABV01@@Z
??4UnicodeString@icu_3_4@@QAEAAV01@H@Z
??4UnicodeString@icu_3_4@@QAEAAV01@_W@Z
??8ParsePosition@icu_3_4@@QBECABV01@@Z
??8UVector@icu_3_4@@QAECABV01@@Z
??8UnicodeSet@icu_3_4@@UBECABV01@@Z
??8UnicodeString@icu_3_4@@QBECABV01@@Z
??9ParsePosition@icu_3_4@@QBECABV01@@Z
??9UVector@icu_3_4@@QAECABV01@@Z
??9UnicodeSet@icu_3_4@@QBECABV01@@Z
??9UnicodeString@icu_3_4@@QBECABV01@@Z
??AUVector@icu_3_4@@QBEPAXH@Z
??AUnicodeString@icu_3_4@@QBE_WH@Z
??BCharString@icu_3_4@@QBEPBDXZ
??Hicu_3_4@@YA?AVUnicodeString@0@ABV10@0@Z
??MUnicodeString@icu_3_4@@QBECABV01@@Z
??NUnicodeString@icu_3_4@@QBECABV01@@Z
??OUnicodeString@icu_3_4@@QBECABV01@@Z
??PUnicodeString@icu_3_4@@QBECABV01@@Z
??YUnicodeString@icu_3_4@@QAEAAV01@ABV01@@Z
??YUnicodeString@icu_3_4@@QAEAAV01@H@Z
??YUnicodeString@icu_3_4@@QAEAAV01@_W@Z
??_7ParsePosition@icu_3_4@@6B@
??_7Replaceable@icu_3_4@@6B@
??_7StringEnumeration@icu_3_4@@6B@
??_7SymbolTable@icu_3_4@@6B@
??_7UObject@icu_3_4@@6B@
??_7UStack@icu_3_4@@6B@
??_7UStringEnumeration@icu_3_4@@6B@
??_7UVector@icu_3_4@@6B@
??_7UnicodeFilter@icu_3_4@@6BUnicodeFunctor@1@@
??_7UnicodeFilter@icu_3_4@@6BUnicodeMatcher@1@@
??_7UnicodeFunctor@icu_3_4@@6B@
??_7UnicodeMatcher@icu_3_4@@6B@
??_7UnicodeSet@icu_3_4@@6BUnicodeFunctor@1@@
??_7UnicodeSet@icu_3_4@@6BUnicodeMatcher@1@@
??_7UnicodeString@icu_3_4@@6B@
??_FMutex@icu_3_4@@QAEXXZ
??_UUMemory@icu_3_4@@SAPAXI@Z
??_VUMemory@icu_3_4@@SAXPAX@Z
?_add@UnicodeSet@icu_3_4@@AAEXABVUnicodeString@2@@Z
?_advance@RuleCharacterIterator@icu_3_4@@AAEXH@Z
?_appendToPat@UnicodeSet@icu_3_4@@CAXAAVUnicodeString@2@ABV32@C@Z
?_appendToPat@UnicodeSet@icu_3_4@@CAXAAVUnicodeString@2@HC@Z
?_current@RuleCharacterIterator@icu_3_4@@ABEHXZ
?_generatePattern@UnicodeSet@icu_3_4@@ABEAAVUnicodeString@2@AAV32@C@Z
?_init@UVector@icu_3_4@@AAEXHAAW4UErrorCode@@@Z
?_toPattern@UnicodeSet@icu_3_4@@ABEAAVUnicodeString@2@AAV32@C@Z
?add@UnicodeSet@icu_3_4@@AAEXPBHHC@Z
?add@UnicodeSet@icu_3_4@@QAEAAV12@ABVUnicodeString@2@@Z
?add@UnicodeSet@icu_3_4@@QAEAAV12@H@Z
?add@UnicodeSet@icu_3_4@@UAEAAV12@HH@Z
?addAll@UnicodeSet@icu_3_4@@QAEAAV12@ABVUnicodeString@2@@Z
?addAll@UnicodeSet@icu_3_4@@UAEAAV12@ABV12@@Z
?addElement@UVector@icu_3_4@@QAEXHAAW4UErrorCode@@@Z
?addElement@UVector@icu_3_4@@QAEXPAXAAW4UErrorCode@@@Z
?addMatchSetTo@UnicodeSet@icu_3_4@@UBEXAAV12@@Z
?addRef@UnicodeString@icu_3_4@@AAEXXZ
?allocate@UnicodeString@icu_3_4@@AAECH@Z
?allocateStrings@UnicodeSet@icu_3_4@@AAECXZ
?append@UnicodeString@icu_3_4@@QAEAAV12@ABV12@@Z
?append@UnicodeString@icu_3_4@@QAEAAV12@ABV12@HH@Z
?append@UnicodeString@icu_3_4@@QAEAAV12@H@Z
?append@UnicodeString@icu_3_4@@QAEAAV12@PB_WH@Z
?append@UnicodeString@icu_3_4@@QAEAAV12@PB_WHH@Z
?append@UnicodeString@icu_3_4@@QAEAAV12@_W@Z
?appendNumber@ICU_Utility@icu_3_4@@SAAAVUnicodeString@2@AAV32@HHH@Z
?appendToRule@ICU_Utility@icu_3_4@@SAXAAVUnicodeString@2@ABV32@CC0@Z
?appendToRule@ICU_Utility@icu_3_4@@SAXAAVUnicodeString@2@HCC0@Z
?appendToRule@ICU_Utility@icu_3_4@@SAXAAVUnicodeString@2@PBVUnicodeMatcher@2@C0@Z
?assign@UVector@icu_3_4@@QAEXABV12@P6AXPATUHashTok@@1@ZAAW4UErrorCode@@@Z
?atEnd@RuleCharacterIterator@icu_3_4@@QBECXZ
?char32At@Replaceable@icu_3_4@@QBEHH@Z
?char32At@UnicodeString@icu_3_4@@QBEHH@Z
?charAt@Replaceable@icu_3_4@@QBE_WH@Z
?charAt@UnicodeSet@icu_3_4@@QBEHH@Z
?charAt@UnicodeString@icu_3_4@@QBE_WH@Z
?clear@UnicodeSet@icu_3_4@@UAEAAV12@XZ
?clone@ParsePosition@icu_3_4@@QBEPAV12@XZ
?clone@Replaceable@icu_3_4@@UBEPAV12@XZ
?clone@StringEnumeration@icu_3_4@@UBEPAV12@XZ
?clone@UnicodeSet@icu_3_4@@UBEPAVUnicodeFunctor@2@XZ
?clone@UnicodeString@icu_3_4@@UBEPAVReplaceable@2@XZ
?cloneArrayIfNeeded@UnicodeString@icu_3_4@@AAECHHCPAPAHC@Z
?compact@UnicodeSet@icu_3_4@@UAEAAV12@XZ
?compare@UnicodeString@icu_3_4@@QBECABV12@@Z
?compare@UnicodeString@icu_3_4@@QBECHHABV12@@Z
?compare@UnicodeString@icu_3_4@@QBECHHABV12@HH@Z
?compare@UnicodeString@icu_3_4@@QBECHHPB_W@Z
?compare@UnicodeString@icu_3_4@@QBECHHPB_WHH@Z
?compare@UnicodeString@icu_3_4@@QBECPB_WH@Z
?compareBetween@UnicodeString@icu_3_4@@QBECHHABV12@HH@Z
?compareCodePointOrder@UnicodeString@icu_3_4@@QBECABV12@@Z
?compareCodePointOrder@UnicodeString@icu_3_4@@QBECHHABV12@@Z
?compareCodePointOrder@UnicodeString@icu_3_4@@QBECHHABV12@HH@Z
?compareCodePointOrder@UnicodeString@icu_3_4@@QBECHHPB_W@Z
?compareCodePointOrder@UnicodeString@icu_3_4@@QBECHHPB_WHH@Z
?compareCodePointOrder@UnicodeString@icu_3_4@@QBECPB_WH@Z
?compareCodePointOrderBetween@UnicodeString@icu_3_4@@QBECHHABV12@HH@Z
?complement@UnicodeSet@icu_3_4@@QAEAAV12@ABVUnicodeString@2@@Z
?complement@UnicodeSet@icu_3_4@@QAEAAV12@H@Z
?complement@UnicodeSet@icu_3_4@@UAEAAV12@HH@Z
?complement@UnicodeSet@icu_3_4@@UAEAAV12@XZ
?complementAll@UnicodeSet@icu_3_4@@QAEAAV12@ABVUnicodeString@2@@Z
?complementAll@UnicodeSet@icu_3_4@@UAEAAV12@ABV12@@Z
?contains@UVector@icu_3_4@@QBECH@Z
?contains@UVector@icu_3_4@@QBECPAX@Z
?contains@UnicodeSet@icu_3_4@@QBECABVUnicodeString@2@@Z
?contains@UnicodeSet@icu_3_4@@UBECH@Z
?contains@UnicodeSet@icu_3_4@@UBECHH@Z
?containsAll@UVector@icu_3_4@@QBECABV12@@Z
?containsAll@UnicodeSet@icu_3_4@@QBECABVUnicodeString@2@@Z
?containsAll@UnicodeSet@icu_3_4@@UBECABV12@@Z
?containsNone@UVector@icu_3_4@@QBECABV12@@Z
?containsNone@UnicodeSet@icu_3_4@@QBECABV12@@Z
?containsNone@UnicodeSet@icu_3_4@@QBECABVUnicodeString@2@@Z
?containsNone@UnicodeSet@icu_3_4@@QBECHH@Z
?containsSome@UnicodeSet@icu_3_4@@QBECABV12@@Z
?containsSome@UnicodeSet@icu_3_4@@QBECABVUnicodeString@2@@Z
?containsSome@UnicodeSet@icu_3_4@@QBECHH@Z
?copy@UnicodeString@icu_3_4@@UAEXHHH@Z
?copyFrom@UnicodeString@icu_3_4@@AAEAAV12@ABV12@C@Z
?count@Hashtable@icu_3_4@@QBEHXZ
?count@UStringEnumeration@icu_3_4@@UBEHAAW4UErrorCode@@@Z
?countChar32@UnicodeString@icu_3_4@@QBEHHH@Z
?createFrom@UnicodeSet@icu_3_4@@SAPAV12@ABVUnicodeString@2@@Z
?createFromAll@UnicodeSet@icu_3_4@@SAPAV12@ABVUnicodeString@2@@Z
?doCharAt@UnicodeString@icu_3_4@@ABE_WH@Z
?doCodepageCreate@UnicodeString@icu_3_4@@AAEXPBDH0@Z
?doCodepageCreate@UnicodeString@icu_3_4@@AAEXPBDHPAUUConverter@@AAW4UErrorCode@@@Z
?doCompare@UnicodeString@icu_3_4@@ABECHHABV12@HH@Z
?doCompare@UnicodeString@icu_3_4@@ABECHHPB_WHH@Z
?doCompareCodePointOrder@UnicodeString@icu_3_4@@ABECHHABV12@HH@Z
?doCompareCodePointOrder@UnicodeString@icu_3_4@@ABECHHPB_WHH@Z
?doExtract@UnicodeString@icu_3_4@@ABEHHHPADHPAUUConverter@@AAW4UErrorCode@@@Z
?doExtract@UnicodeString@icu_3_4@@ABEXHHAAV12@@Z
?doExtract@UnicodeString@icu_3_4@@ABEXHHPA_WH@Z
?doHashCode@UnicodeString@icu_3_4@@ABEHXZ
?doIndexOf@UnicodeString@icu_3_4@@ABEHHHH@Z
?doIndexOf@UnicodeString@icu_3_4@@ABEH_WHH@Z
?doLastIndexOf@UnicodeString@icu_3_4@@ABEHHHH@Z
?doLastIndexOf@UnicodeString@icu_3_4@@ABEH_WHH@Z
?doReplace@UnicodeString@icu_3_4@@AAEAAV12@HHABV12@HH@Z
?doReplace@UnicodeString@icu_3_4@@AAEAAV12@HHPB_WHH@Z
?doReverse@UnicodeString@icu_3_4@@AAEAAV12@HH@Z
?elementAt@UVector@icu_3_4@@QBEPAXH@Z
?elementAti@UVector@icu_3_4@@QBEHH@Z
?empty@UStack@icu_3_4@@QBECXZ
?endsWith@UnicodeString@icu_3_4@@QBECABV12@@Z
?endsWith@UnicodeString@icu_3_4@@QBECABV12@HH@Z
?endsWith@UnicodeString@icu_3_4@@QBECPB_WH@Z
?endsWith@UnicodeString@icu_3_4@@QBECPB_WHH@Z
?ensureBufferCapacity@UnicodeSet@icu_3_4@@AAEXH@Z
?ensureCapacity@UVector@icu_3_4@@QAECHAAW4UErrorCode@@@Z
?ensureCapacity@UnicodeSet@icu_3_4@@AAEXH@Z
?ensureCharsCapacity@StringEnumeration@icu_3_4@@IAEXHAAW4UErrorCode@@@Z
?equals@UVector@icu_3_4@@QBECABV12@@Z
?escapeUnprintable@ICU_Utility@icu_3_4@@SACAAVUnicodeString@2@H@Z
?exclusiveOr@UnicodeSet@icu_3_4@@AAEXPBHHC@Z
?extract@UnicodeString@icu_3_4@@QBEHHHPADHW4EInvariant@12@@Z
?extract@UnicodeString@icu_3_4@@QBEHHHPADIPBD@Z
?extract@UnicodeString@icu_3_4@@QBEHHHPADPBD@Z
?extract@UnicodeString@icu_3_4@@QBEHPADHPAUUConverter@@AAW4UErrorCode@@@Z
?extract@UnicodeString@icu_3_4@@QBEHPA_WHAAW4UErrorCode@@@Z
?extract@UnicodeString@icu_3_4@@QBEXHHAAV12@@Z
?extract@UnicodeString@icu_3_4@@QBEXHHPA_WH@Z
?extractBetween@UnicodeString@icu_3_4@@QBEXHHPA_WH@Z
?extractBetween@UnicodeString@icu_3_4@@UBEXHHAAV12@@Z
?fastCopyFrom@UnicodeString@icu_3_4@@QAEAAV12@ABV12@@Z
?find@Hashtable@icu_3_4@@QBEPBUUHashElement@@ABVUnicodeString@2@@Z
?findAndReplace@UnicodeString@icu_3_4@@QAEAAV12@ABV12@0@Z
?findAndReplace@UnicodeString@icu_3_4@@QAEAAV12@HHABV12@0@Z
?findAndReplace@UnicodeString@icu_3_4@@QAEAAV12@HHABV12@HH0HH@Z
?findCodePoint@UnicodeSet@icu_3_4@@ABEHH@Z
?firstElement@UVector@icu_3_4@@QBEPAXXZ
?get@Hashtable@icu_3_4@@QBEPAXABVUnicodeString@2@@Z
?getArrayStart@UnicodeString@icu_3_4@@AAEPA_WXZ
?getArrayStart@UnicodeString@icu_3_4@@ABEPB_WXZ
?getBuffer@UnicodeString@icu_3_4@@QAEPA_WH@Z
?getBuffer@UnicodeString@icu_3_4@@QBEPB_WXZ
?getCapacity@UnicodeString@icu_3_4@@QBEHXZ
?getChar32At@UnicodeString@icu_3_4@@MBEHH@Z
?getChar32Limit@UnicodeString@icu_3_4@@QBEHH@Z
?getChar32Start@UnicodeString@icu_3_4@@QBEHH@Z
?getCharAt@UnicodeString@icu_3_4@@MBE_WH@Z
?getDynamicClassID@ParsePosition@icu_3_4@@UBEPAXXZ
?getDynamicClassID@UStack@icu_3_4@@UBEPAXXZ
?getDynamicClassID@UStringEnumeration@icu_3_4@@UBEPAXXZ
?getDynamicClassID@UVector@icu_3_4@@UBEPAXXZ
?getDynamicClassID@UnicodeSet@icu_3_4@@UBEPAXXZ
?getDynamicClassID@UnicodeString@icu_3_4@@UBEPAXXZ
?getErrorIndex@ParsePosition@icu_3_4@@QBEHXZ
?getIndex@ParsePosition@icu_3_4@@QBEHXZ
?getLength@UnicodeString@icu_3_4@@MBEHXZ
?getPos@RuleCharacterIterator@icu_3_4@@QBEXAAUPos@12@@Z
?getRangeCount@UnicodeSet@icu_3_4@@UBEHXZ
?getRangeEnd@UnicodeSet@icu_3_4@@UBEHH@Z
?getRangeStart@UnicodeSet@icu_3_4@@UBEHH@Z
?getSingleCP@UnicodeSet@icu_3_4@@CAHABVUnicodeString@2@@Z
?getStaticClassID@ParsePosition@icu_3_4@@SAPAXXZ
?getStaticClassID@UStack@icu_3_4@@SAPAXXZ
?getStaticClassID@UStringEnumeration@icu_3_4@@SAPAXXZ
?getStaticClassID@UVector@icu_3_4@@SAPAXXZ
?getStaticClassID@UnicodeFilter@icu_3_4@@SAPAXXZ
?getStaticClassID@UnicodeFunctor@icu_3_4@@SAPAXXZ
?getStaticClassID@UnicodeSet@icu_3_4@@SAPAXXZ
?getStaticClassID@UnicodeString@icu_3_4@@SAPAXXZ
?getString@UnicodeSet@icu_3_4@@ABEPBVUnicodeString@2@H@Z
?getStringCount@UnicodeSet@icu_3_4@@ABEHXZ
?getTerminatedBuffer@UnicodeString@icu_3_4@@QAEPB_WXZ
?geti@Hashtable@icu_3_4@@QBEHABVUnicodeString@2@@Z
?handleReplaceBetween@UnicodeString@icu_3_4@@UAEXHHABV12@@Z
?hasMetaData@Replaceable@icu_3_4@@UBECXZ
?hasMetaData@UnicodeString@icu_3_4@@UBECXZ
?hasMoreChar32Than@UnicodeString@icu_3_4@@QBECHHH@Z
?hashCode@UnicodeSet@icu_3_4@@UBEHXZ
?hashCode@UnicodeString@icu_3_4@@QBEHXZ
?inVariable@RuleCharacterIterator@icu_3_4@@QBECXZ
?indexOf@UVector@icu_3_4@@ABEHTUHashTok@@HC@Z
?indexOf@UVector@icu_3_4@@QBEHHH@Z
?indexOf@UVector@icu_3_4@@QBEHPAXH@Z
?indexOf@UnicodeSet@icu_3_4@@QBEHH@Z
?indexOf@UnicodeString@icu_3_4@@QBEHABV12@@Z
?indexOf@UnicodeString@icu_3_4@@QBEHABV12@H@Z
?indexOf@UnicodeString@icu_3_4@@QBEHABV12@HH@Z
?indexOf@UnicodeString@icu_3_4@@QBEHABV12@HHHH@Z
?indexOf@UnicodeString@icu_3_4@@QBEHH@Z
?indexOf@UnicodeString@icu_3_4@@QBEHHH@Z
?indexOf@UnicodeString@icu_3_4@@QBEHHHH@Z
?indexOf@UnicodeString@icu_3_4@@QBEHPB_WHH@Z
?indexOf@UnicodeString@icu_3_4@@QBEHPB_WHHH@Z
?indexOf@UnicodeString@icu_3_4@@QBEHPB_WHHHH@Z
?indexOf@UnicodeString@icu_3_4@@QBEH_W@Z
?indexOf@UnicodeString@icu_3_4@@QBEH_WH@Z
?indexOf@UnicodeString@icu_3_4@@QBEH_WHH@Z
?init@Hashtable@icu_3_4@@AAEXP6AHTUHashTok@@@ZP6AC00@ZAAW4UErrorCode@@@Z
?insert@UnicodeString@icu_3_4@@QAEAAV12@HABV12@@Z
?insert@UnicodeString@icu_3_4@@QAEAAV12@HABV12@HH@Z
?insert@UnicodeString@icu_3_4@@QAEAAV12@HH@Z
?insert@UnicodeString@icu_3_4@@QAEAAV12@HPB_WH@Z
?insert@UnicodeString@icu_3_4@@QAEAAV12@HPB_WHH@Z
?insert@UnicodeString@icu_3_4@@QAEAAV12@H_W@Z
?insertElementAt@UVector@icu_3_4@@QAEXHHAAW4UErrorCode@@@Z
?insertElementAt@UVector@icu_3_4@@QAEXPAXHAAW4UErrorCode@@@Z
?isBogus@UnicodeString@icu_3_4@@QBECXZ
?isEmpty@UVector@icu_3_4@@QBECXZ
?isEmpty@UnicodeSet@icu_3_4@@UBECXZ
?isEmpty@UnicodeString@icu_3_4@@QBECXZ
?isUnprintable@ICU_Utility@icu_3_4@@SACH@Z
?jumpahead@RuleCharacterIterator@icu_3_4@@QAEXH@Z
?lastElement@UVector@icu_3_4@@QBEPAXXZ
?lastElementi@UVector@icu_3_4@@QBEHXZ
?lastIndexOf@UnicodeString@icu_3_4@@QBEHABV12@@Z
?lastIndexOf@UnicodeString@icu_3_4@@QBEHABV12@H@Z
?lastIndexOf@UnicodeString@icu_3_4@@QBEHABV12@HH@Z
?lastIndexOf@UnicodeString@icu_3_4@@QBEHABV12@HHHH@Z
?lastIndexOf@UnicodeString@icu_3_4@@QBEHH@Z
?lastIndexOf@UnicodeString@icu_3_4@@QBEHHH@Z
?lastIndexOf@UnicodeString@icu_3_4@@QBEHHHH@Z
?lastIndexOf@UnicodeString@icu_3_4@@QBEHPB_WHH@Z
?lastIndexOf@UnicodeString@icu_3_4@@QBEHPB_WHHH@Z
?lastIndexOf@UnicodeString@icu_3_4@@QBEHPB_WHHHH@Z
?lastIndexOf@UnicodeString@icu_3_4@@QBEH_W@Z
?lastIndexOf@UnicodeString@icu_3_4@@QBEH_WH@Z
?lastIndexOf@UnicodeString@icu_3_4@@QBEH_WHH@Z
?length@Replaceable@icu_3_4@@QBEHXZ
?length@UnicodeString@icu_3_4@@QBEHXZ
?lookahead@RuleCharacterIterator@icu_3_4@@QBEAAVUnicodeString@2@AAV32@@Z
?matchRest@UnicodeSet@icu_3_4@@CAHABVReplaceable@2@HHABVUnicodeString@2@@Z
?matches@UnicodeFilter@icu_3_4@@UAE?AW4UMatchDegree@2@ABVReplaceable@2@AAHHC@Z
?matches@UnicodeSet@icu_3_4@@UAE?AW4UMatchDegree@2@ABVReplaceable@2@AAHHC@Z
?matchesIndexValue@UnicodeSet@icu_3_4@@EBECE@Z
?moveIndex32@UnicodeString@icu_3_4@@QBEHHH@Z
?next@RuleCharacterIterator@icu_3_4@@QAEHHAACAAW4UErrorCode@@@Z
?next@StringEnumeration@icu_3_4@@UAEPBDPAHAAW4UErrorCode@@@Z
?nextElement@Hashtable@icu_3_4@@QBEPBUUHashElement@@AAH@Z
?orphanElementAt@UVector@icu_3_4@@QAEPAXH@Z
?padLeading@UnicodeString@icu_3_4@@QAECH_W@Z
?padTrailing@UnicodeString@icu_3_4@@QAECH_W@Z
?parseChar@ICU_Utility@icu_3_4@@SACABVUnicodeString@2@AAH_W@Z
?parseNumber@ICU_Utility@icu_3_4@@SAHABVUnicodeString@2@AAHC@Z
?parsePattern@ICU_Utility@icu_3_4@@SAHABVUnicodeString@2@ABVReplaceable@2@HH@Z
?parseUnicodeIdentifier@ICU_Utility@icu_3_4@@SA?AVUnicodeString@2@ABV32@AAH@Z
?peek@UStack@icu_3_4@@QBEPAXXZ
?peeki@UStack@icu_3_4@@QBEHXZ
?pinIndex@UnicodeString@icu_3_4@@ABEXAAH@Z
?pinIndices@UnicodeString@icu_3_4@@ABEXAAH0@Z
?pop@UStack@icu_3_4@@QAEPAXXZ
?popi@UStack@icu_3_4@@QAEHXZ
?push@UStack@icu_3_4@@QAEHHAAW4UErrorCode@@@Z
?push@UStack@icu_3_4@@QAEPAXPAXAAW4UErrorCode@@@Z
?put@Hashtable@icu_3_4@@QAEPAXABVUnicodeString@2@PAXAAW4UErrorCode@@@Z
?puti@Hashtable@icu_3_4@@QAEHABVUnicodeString@2@HAAW4UErrorCode@@@Z
?refCount@UnicodeString@icu_3_4@@ABEHXZ
?releaseArray@UnicodeString@icu_3_4@@AAEXXZ
?releaseBuffer@UnicodeString@icu_3_4@@QAEXH@Z
?remove@Hashtable@icu_3_4@@QAEPAXABVUnicodeString@2@@Z
?remove@UnicodeSet@icu_3_4@@QAEAAV12@ABVUnicodeString@2@@Z
?remove@UnicodeSet@icu_3_4@@QAEAAV12@H@Z
?remove@UnicodeSet@icu_3_4@@UAEAAV12@HH@Z
?remove@UnicodeString@icu_3_4@@QAEAAV12@HH@Z
?remove@UnicodeString@icu_3_4@@QAEAAV12@XZ
?removeAll@Hashtable@icu_3_4@@QAEXXZ
?removeAll@UVector@icu_3_4@@QAECABV12@@Z
?removeAll@UnicodeSet@icu_3_4@@QAEAAV12@ABVUnicodeString@2@@Z
?removeAll@UnicodeSet@icu_3_4@@UAEAAV12@ABV12@@Z
?removeAllElements@UVector@icu_3_4@@QAEXXZ
?removeBetween@UnicodeString@icu_3_4@@QAEAAV12@HH@Z
?removeElement@UVector@icu_3_4@@QAECPAX@Z
?removeElementAt@UVector@icu_3_4@@QAEXH@Z
?removeRef@UnicodeString@icu_3_4@@AAEHXZ
?removei@Hashtable@icu_3_4@@QAEHABVUnicodeString@2@@Z
?replace@UnicodeString@icu_3_4@@QAEAAV12@HHABV12@@Z
?replace@UnicodeString@icu_3_4@@QAEAAV12@HHABV12@HH@Z
?replace@UnicodeString@icu_3_4@@QAEAAV12@HHH@Z
?replace@UnicodeString@icu_3_4@@QAEAAV12@HHPB_WH@Z
?replace@UnicodeString@icu_3_4@@QAEAAV12@HHPB_WHH@Z
?replace@UnicodeString@icu_3_4@@QAEAAV12@HH_W@Z
?replaceBetween@UnicodeString@icu_3_4@@QAEAAV12@HHABV12@@Z
?replaceBetween@UnicodeString@icu_3_4@@QAEAAV12@HHABV12@HH@Z
?reset@UStringEnumeration@icu_3_4@@UAEXAAW4UErrorCode@@@Z
?retain@UnicodeSet@icu_3_4@@AAEXPBHHC@Z
?retain@UnicodeSet@icu_3_4@@QAEAAV12@H@Z
?retain@UnicodeSet@icu_3_4@@UAEAAV12@HH@Z
?retainAll@UVector@icu_3_4@@QAECABV12@@Z
?retainAll@UnicodeSet@icu_3_4@@QAEAAV12@ABVUnicodeString@2@@Z
?retainAll@UnicodeSet@icu_3_4@@UAEAAV12@ABV12@@Z
?reverse@UnicodeString@icu_3_4@@QAEAAV12@HH@Z
?reverse@UnicodeString@icu_3_4@@QAEAAV12@XZ
?search@UStack@icu_3_4@@QBEHPAX@Z
?serialize@UnicodeSet@icu_3_4@@QBEHPAGHAAW4UErrorCode@@@Z
?set@UnicodeSet@icu_3_4@@QAEAAV12@HH@Z
?setCharAt@UnicodeString@icu_3_4@@QAEAAV12@H_W@Z
?setChars@StringEnumeration@icu_3_4@@IAEPAVUnicodeString@2@PBDHAAW4UErrorCode@@@Z
?setComparer@UVector@icu_3_4@@QAEP6ACTUHashTok@@0@ZP6AC00@Z@Z
?setData@UnicodeFilter@icu_3_4@@UAEXPBVTransliterationRuleData@2@@Z
?setDeleter@UVector@icu_3_4@@QAEP6AXPAX@ZP6AX0@Z@Z
?setElementAt@UVector@icu_3_4@@QAEXHH@Z
?setElementAt@UVector@icu_3_4@@QAEXPAXH@Z
?setErrorIndex@ParsePosition@icu_3_4@@QAEXH@Z
?setIndex@ParsePosition@icu_3_4@@QAEXH@Z
?setPos@RuleCharacterIterator@icu_3_4@@QAEXABUPos@12@@Z
?setSize@UVector@icu_3_4@@QAEXH@Z
?setTo@UnicodeString@icu_3_4@@QAEAAV12@ABV12@@Z
?setTo@UnicodeString@icu_3_4@@QAEAAV12@ABV12@H@Z
?setTo@UnicodeString@icu_3_4@@QAEAAV12@ABV12@HH@Z
?setTo@UnicodeString@icu_3_4@@QAEAAV12@CPB_WH@Z
?setTo@UnicodeString@icu_3_4@@QAEAAV12@H@Z
?setTo@UnicodeString@icu_3_4@@QAEAAV12@PA_WHH@Z
?setTo@UnicodeString@icu_3_4@@QAEAAV12@PB_WH@Z
?setTo@UnicodeString@icu_3_4@@QAEAAV12@_W@Z
?setToBogus@UnicodeString@icu_3_4@@QAEXXZ
?setValueDeleter@Hashtable@icu_3_4@@QAEP6AXPAX@ZP6AX0@Z@Z
?size@UVector@icu_3_4@@QBEHXZ
?size@UnicodeSet@icu_3_4@@UBEHXZ
?skipIgnored@RuleCharacterIterator@icu_3_4@@QAEXH@Z
?skipWhitespace@ICU_Utility@icu_3_4@@SAHABVUnicodeString@2@AAHC@Z
?snext@UStringEnumeration@icu_3_4@@UAEPBVUnicodeString@2@AAW4UErrorCode@@@Z
?sortedInsert@UVector@icu_3_4@@AAEXTUHashTok@@P6AC00@ZAAW4UErrorCode@@@Z
?sortedInsert@UVector@icu_3_4@@QAEXHP6ACTUHashTok@@0@ZAAW4UErrorCode@@@Z
?sortedInsert@UVector@icu_3_4@@QAEXPAXP6ACTUHashTok@@1@ZAAW4UErrorCode@@@Z
?startsWith@UnicodeString@icu_3_4@@QBECABV12@@Z
?startsWith@UnicodeString@icu_3_4@@QBECABV12@HH@Z
?startsWith@UnicodeString@icu_3_4@@QBECPB_WH@Z
?startsWith@UnicodeString@icu_3_4@@QBECPB_WHH@Z
?swapBuffers@UnicodeSet@icu_3_4@@AAEXXZ
?toArray@UVector@icu_3_4@@QBEPAPAXPAPAX@Z
?toMatcher@UnicodeFilter@icu_3_4@@UBEPAVUnicodeMatcher@2@XZ
?toMatcher@UnicodeFunctor@icu_3_4@@UBEPAVUnicodeMatcher@2@XZ
?toPattern@UnicodeSet@icu_3_4@@UBEAAVUnicodeString@2@AAV32@C@Z
?toReplacer@UnicodeFunctor@icu_3_4@@UBEPAVUnicodeReplacer@2@XZ
?trim@UnicodeString@icu_3_4@@QAEAAV12@XZ
?truncate@UnicodeString@icu_3_4@@QAECH@Z
?unBogus@UnicodeString@icu_3_4@@AAEXXZ
?unescape@UnicodeString@icu_3_4@@QBE?AV12@XZ
?unescapeAt@UnicodeString@icu_3_4@@QBEHAAH@Z
?unext@StringEnumeration@icu_3_4@@UAEPB_WPAHAAW4UErrorCode@@@Z
T_CString_int64ToString_3_4
T_CString_integerToString_3_4
T_CString_stricmp_3_4
T_CString_stringToInteger_3_4
T_CString_strnicmp_3_4
T_CString_toLowerCase_3_4
T_CString_toUpperCase_3_4
UCNV_FROM_U_CALLBACK_ESCAPE_3_4
UCNV_FROM_U_CALLBACK_SKIP_3_4
UCNV_FROM_U_CALLBACK_STOP_3_4
UCNV_FROM_U_CALLBACK_SUBSTITUTE_3_4
UCNV_TO_U_CALLBACK_ESCAPE_3_4
UCNV_TO_U_CALLBACK_SKIP_3_4
UCNV_TO_U_CALLBACK_STOP_3_4
UCNV_TO_U_CALLBACK_SUBSTITUTE_3_4
u_UCharsToChars_3_4
u_austrcpy_3_4
u_austrncpy_3_4
u_charAge_3_4
u_charDigitValue_3_4
u_charFromName_3_4
u_charName_3_4
u_charType_3_4
u_charsToUChars_3_4
u_cleanup_3_4
u_countChar32_3_4
u_digit_3_4
u_enumCharNames_3_4
u_enumCharTypes_3_4
u_errorName_3_4
u_forDigit_3_4
u_getDataDirectory_3_4
u_getDefaultConverter_3_4
u_getISOComment_3_4
u_getNumericValue_3_4
u_getPropertyEnum_3_4
u_getPropertyName_3_4
u_getPropertyValueEnum_3_4

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_a6c21f79deaa6483ba4803641d99a21f.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

.\Library\Bee\artifacts\1900b0aE.dag\Unity.VSCode.Editor.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_a6e5a8b529ef8c59af1976a0bcaea668.vir
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Utente\Desktop\KMS Auto v2 - ROBKEST\KMS Auto v2 - ROBKEST\obj\x64\Release\KMS Auto v2 - ROBKEST.pdb

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_a7392b65b028117c9401a0c6199ac4fb.vir
.exe windows:4 windows x86 arch:x86

5d016bda6c524ebb09becda43ec4c085

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\ob\bora-18278582\vos3\thinstall\modules\boot_loader.pdb

Imports

kernel32

WaitForSingleObject
Sleep
CloseHandle
DuplicateHandle
CreateProcessW
GetStartupInfoW
GetEnvironmentVariableW
GetCurrentProcess
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileW
MoveFileExW
SetEnvironmentVariableW
GetCommandLineW
GetModuleHandleW
GetModuleFileNameW
GetLastError
ExpandEnvironmentStringsW
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
LoadLibraryExW
WriteFile
LeaveCriticalSection
EnterCriticalSection
HeapSize
VirtualQuery
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapFree
DeleteCriticalSection
GetFileType
GetStdHandle
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
DecodePointer
EncodePointer
RaiseException
RtlUnwind
GetCommandLineA
LoadLibraryW
GetProcAddress
GetCurrentThreadId
ExitProcess
FormatMessageW
SetLastError
LocalFree

user32

wsprintfW
MessageBoxW

ntdll

NtWriteVirtualMemory
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlFreeSid
RtlAddAccessAllowedAce
RtlLengthSid
RtlCreateSecurityDescriptor
RtlAllocateAndInitializeSid
NtReadVirtualMemory
NtSetInformationProcess
NtRaiseHardError
NtTerminateProcess
RtlFreeHeap
RtlAllocateHeap
RtlRaiseException
NtReleaseMutant
NtCreateMutant
NtSetEvent
NtOpenEvent
NtQueryVirtualMemory
NtSetInformationFile
NtQueryDirectoryFile
NtClearEvent
NtCreateEvent
LdrUnloadDll
NtProtectVirtualMemory
NtReadFile
NtQueryFullAttributesFile
NtQueryInformationFile
NtOpenFile
NtMapViewOfSection
NtCreateSection
RtlMultiByteToUnicodeN
LdrGetProcedureAddress
RtlQueryEnvironmentVariable_U
RtlCompareUnicodeString
RtlInitAnsiString
NtAllocateVirtualMemory
RtlGetVersion
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
NtDuplicateObject
NtWaitForSingleObject
LdrGetDllHandle
NtDelayExecution
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
NtOpenDirectoryObject
RtlInitUnicodeString
NtQuerySystemInformation
NtQueryInformationProcess
NtOpenSection
NtUnmapViewOfSection
NtClose
RtlNtStatusToDosError
LdrLoadDll
RtlCreateAcl

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 153KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_a8b3bbb1fa1b7de265eb09cfeeee15a7.vir
.dll windows:4 windows x86 arch:x86

62e5db1ba371409d5b2d25cef78e9ce3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
CloseHandle
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
TerminateThread
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
ExitProcess
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_a93fc50c1a52e85176a29ddb50b6b625.vir
.dll windows:6 windows x64 arch:x64

fb6223297fc3c1581af4803286235613

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?uncaught_exception@std@@YA_NXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
__std_terminate
memset
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_onexit_table
_initialize_narrow_environment

kernel32

QueryPerformanceCounter
IsDebuggerPresent
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RtlCaptureContext
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlVirtualUnwind

Exports

Exports

??6slicer_itk@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AEAV12@W4SigmaStepMethod@MultiScaleHessianBasedMeasureImageFilterEnums@0@@Z

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_a96cf9df38208ab8d2673f00d66154af.vir
.exe windows:4 windows x86 arch:x86

ee61d0842c6b739aa6cb70c93a34a9fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cccageneral

?Connect@CLTM@ca@@QAE_NPBG@Z
??1CLTM@ca@@UAE@XZ
?Create@CLTM@ca@@QAEXKPBGK@Z
?Disconnect@CLTM@ca@@QAEXXZ
??0CLTM@ca@@QAE@XZ

atl

ord23
ord16
ord21
ord18
ord57
ord32
ord58
ord30
ord17

kernel32

WaitForSingleObject
SetEvent
OutputDebugStringA
Sleep
GetTickCount
CancelWaitableTimer
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
lstrlenA
GetModuleFileNameA
MultiByteToWideChar
InterlockedDecrement
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpynA
lstrcmpiA
GetCurrentThreadId
DebugBreak
GetCommandLineA
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
InterlockedIncrement
lstrlenW
SystemTimeToFileTime
WideCharToMultiByte
FileTimeToSystemTime
GetTimeZoneInformation
GetSystemTime
lstrcatA
GetTempPathA
ResetEvent
GetLocalTime
GetModuleHandleA
lstrcpyA
OutputDebugStringW
CreateEventW
GetSystemDirectoryA
GetComputerNameA
CreateEventA
InitializeCriticalSection
CloseHandle
GetStartupInfoA
LocalFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

user32

PostThreadMessageA
DispatchMessageA
GetMessageA
MessageBoxA
CharUpperA
CharNextA

advapi32

SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyExA
InitializeSecurityDescriptor
RegCloseKey

ole32

CoCreateInstance
CoUninitialize
CoResumeClassObjects
GetRunningObjectTable
CreateItemMoniker
CreateBindCtx
CLSIDFromProgID
CoSuspendClassObjects
CoInitializeEx

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SysAllocString
SysAllocStringLen
VariantInit
SysStringLen
LoadRegTypeLi
VariantClear
SysFreeString
CreateErrorInfo
GetErrorInfo
SetErrorInfo
VariantChangeType

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

msvcrt

_exit
_XcptFilter
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__dllonexit
__setusermatherr
_initterm
__getmainargs
_onexit
?terminate@@YAXXZ
_except_handler3
_CxxThrowException
_itow
vsprintf
_wcsicmp
difftime
wcscmp
_itoa
wcsstr
strrchr
_controlfp
_acmdln
_beginthreadex
??2@YAPAXI@Z
__CxxFrameHandler
free
memset
malloc
sprintf
memcpy
strchr
_purecall
memcmp
floor
_ftol
wcscpy
strcpy
fabs
_wtoi
wcstok
wcsncpy
wcsncmp
wcslen
wcscat
swprintf
abs
strcat
rand
srand
time
ceil
memmove
_vsnwprintf
_snwprintf
exit

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_aa7a81f197e2b7d8b68d536f9a701cb2.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\maxik\OneDrive\Рабочий стол\проектусы\round\Rounds\Library\Bee\artifacts\1900b0aE.dag\PhotonUnityNetworking.Utilities.PhotonPlayer.Editor.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_aaf230ddf519ebdafdcdb58faf383e3f.vir
.exe windows:4 windows x86 arch:x86

87b324a67e18fb2e1d12308b06fa8d4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA

comctl32

ord17

comdlg32

CommDlgExtendedError
GetOpenFileNameA

gdi32

DeleteObject

shell32

SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA

user32

CharToOemA
CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA

ole32

CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

Sections

.text
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_aaf8c4e066507b04c8ec5ed137b195a6.vir
.exe windows:1 windows x86 arch:x86

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:38:76:d0:5e:fa:c0:15:3c:4b:52:54:59:e4:69:2a
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-01-2015 00:00

Not After

11-04-2018 12:00

Subject

SERIALNUMBER=U72900KA2011PTC058074,CN=Remo Software Private Limited,O=Remo Software Private Limited,POSTALCODE=560052,STREET=Cunningham Road+STREET=18/10\, 3rd Fl\, Saleh Centre,L=Karnataka,C=IN,1.3.6.1.4.1.311.60.2.1.3=#1302494e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:5f:7a:3c:c1:4a:6f:bb:97:bf:f0:c1:c7:07:ef:ab:ad:45:d0:ea
Signer

Actual PE Digest

c0:5f:7a:3c:c1:4a:6f:bb:97:bf:f0:c1:c7:07:ef:ab:ad:45:d0:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_ab84bea3f80744da2c3f113c0ef548db.vir
.dll windows:6 windows x86 arch:x86

a334a8a7a1388f20902d5fdba2fcc619

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\ARIS\source\repos\DEVIL CHEAT PROJECT\Release\devil.pdb

Imports

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
_Query_perf_counter
?uncaught_exception@std@@YA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
_Query_perf_frequency
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

user32

FindWindowA
SetRect
mouse_event
MessageBoxA
ExitWindowsEx
GetCursorInfo
GetAsyncKeyState
wsprintfA
GetCursorPos
GetKeyState
ScreenToClient

bcrypt

BCryptGenRandom

kernel32

IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileSizeEx
VerifyVersionInfoW
VerSetConditionMask
SleepEx
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
WideCharToMultiByte
FreeLibrary
GetSystemDirectoryA
MultiByteToWideChar
CreateEventA
WaitForSingleObject
GetSystemTimeAsFileTime
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
FormatMessageW
SetLastError
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
VirtualQuery
GetTickCount
GetCurrentProcessId
ExitProcess
GetProcAddress
AddVectoredExceptionHandler
GetLocalTime
CreateThread
CloseHandle
Process32Next
LoadLibraryA
DisableThreadLibraryCalls
GetLastError
Sleep
CreateToolhelp32Snapshot
GetModuleHandleA
GetCurrentThreadId
GetVolumeInformationA
GetStdHandle
GetCurrentProcess
VirtualProtect
Process32First
InitializeSListHead
SetEvent

vcruntime140

__current_exception_context
_CxxThrowException
__std_type_info_destroy_list
__current_exception
memmove
memchr
memcpy
strrchr
memset
strchr
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

exit
system
_invalid_parameter_noinfo_noreturn
_errno
__sys_errlist
__sys_nerr
_beginthreadex
terminate
_seh_filter_dll
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

_read
fputc
_lseeki64
_write
__acrt_iob_func
fgets
_open
fopen
fgetpos
setvbuf
feof
__stdio_common_vswprintf
fputs
fwrite
_fileno
_close
fgetc
ungetc
__stdio_common_vsscanf
fflush
fseek
fsetpos
ftell
fread
_fseeki64
fclose
_get_stream_buffer_pointers
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

realloc
calloc
malloc
free
_callnewh

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-filesystem-l1-1-0

_unlink
_unlock_file
_fstat64
_access
_stat64
_lock_file

api-ms-win-crt-string-l1-1-0

_strdup
strncpy
strncmp
strcspn
_stricmp
strpbrk
strspn

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
_gmtime64
strftime

api-ms-win-crt-convert-l1-1-0

strtoul
strtoll
strtol
wcstombs
atoi

api-ms-win-crt-math-l1-1-0

_fdopen
_libm_sse2_sqrt_precise
_libm_sse2_pow_precise
_libm_sse2_cos_precise
_libm_sse2_sin_precise

normaliz

IdnToUnicode
IdnToAscii

ws2_32

WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
getsockopt
send
WSACloseEvent
WSACreateEvent
closesocket
WSASetLastError
getpeername
WSAGetLastError
ntohs
gethostname
WSAStartup
ioctlsocket
WSACleanup
setsockopt
WSAEnumNetworkEvents
sendto
WSAIoctl
recvfrom
freeaddrinfo
getaddrinfo
htons
recv
listen
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket

wldap32

ord211
ord46
ord217
ord33
ord60
ord45
ord50
ord301
ord200
ord30
ord79
ord35
ord143
ord32
ord27
ord26
ord22
ord41

crypt32

CertFindExtension
CertGetNameStringA
CryptQueryObject
CertAddCertificateContextToStore
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertCreateCertificateChainEngine

advapi32

CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptEncrypt

Sections

.text
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_ac33619541d2431428d3351260bf8beb.vir
.exe windows:4 windows x86 arch:x86

06d9517803d43251f57ff7cb506c1aa4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

odbccp32

ord6
ord22

advapi32

GetUserNameA
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
RegOpenKeyA
RegQueryValueA
RegQueryValueExA
RegSetValueA
RegSetValueExA

kernel32

AllocConsole
CloseHandle
CompareFileTime
CompareStringA
CreateDirectoryA
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreatePipe
CreateProcessA
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FormatMessageA
FreeConsole
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProfileIntA
GetProfileStringA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnfix
GlobalUnlock
HeapAlloc
HeapFree
InterlockedDecrement
InterlockedIncrement
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalFileTimeToFileTime
LocalFree
LockFile
LockFileEx
LockResource
MapViewOfFile
MoveFileA
MulDiv
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
RemoveDirectoryA
RtlUnwind
SearchPathA
SetConsoleCtrlHandler
SetConsoleTitleA
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetStdHandle
SetThreadLocale
SetUnhandledExceptionFilter
SetVolumeLabelA
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileStringA
WriteProfileStringA
_hread
_hwrite
_lclose
_lcreat
_llseek
_lopen
_lread
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
GlobalCompact

winspool.drv

ClosePrinter
DocumentPropertiesA
EndDocPrinter
EndPagePrinter
EnumPrintersA
GetPrinterA
OpenPrinterA
SetPrinterA
StartDocPrinterA
StartPagePrinter
WritePrinter

comctl32

ImageList_AddMasked
ord17
InitCommonControlsEx

comdlg32

ChooseColorA
ChooseFontA
CommDlgExtendedError
FindTextA
GetOpenFileNameA
GetSaveFileNameA
PageSetupDlgA
PrintDlgA

gdi32

AbortDoc
AddFontResourceA
Arc
BitBlt
Chord
CloseEnhMetaFile
CloseMetaFile
CreateBitmap
CreateBitmapIndirect
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBitmap
CreateEnhMetaFileA
CreateFontA
CreateHatchBrush
CreateMetaFileA
CreatePalette
CreatePatternBrush
CreatePen
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesA
EnumFontsA
Escape
ExtFloodFill
ExtTextOutA
FloodFill
FrameRgn
GetBkColor
GetDIBits
GetDeviceCaps
GetEnhMetaFileA
GetMapMode
GetMetaFileA
GetMetaFileBitsEx
GetObjectA
GetObjectType
GetPixel
GetStockObject
GetTextAlign
GetTextColor
GetTextExtentPoint32A
GetTextExtentPointA
GetTextFaceA
GetTextMetricsA
GetViewportOrgEx
GetWinMetaFileBits
GetWindowOrgEx
LineTo
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PlayMetaFile
PolyPolygon
RealizePalette
Rectangle
RemoveFontResourceA
ResetDCA
RestoreDC
RoundRect
SaveDC
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBitsToDevice
SetMapMode
SetMetaFileBitsEx
SetPixel
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
SetTextColor
SetTextJustification
SetViewportExtEx
SetViewportOrgEx
SetWinMetaFileBits
SetWindowExtEx
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
StretchDIBits
TextOutA
UnrealizeObject

shell32

DragAcceptFiles
DragQueryFileA
DragQueryPoint
ExtractIconA
ShellAboutA

user32

AppendMenuA
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CharLowerA
CharToOemA
CharToOemBuffA
CharUpperA
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CloseWindow
CopyRect
CreateAcceleratorTableA
CreateCaret
CreateCursor
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DestroyAcceleratorTable
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxIndirectParamA
DialogBoxIndirectParamW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DrawFocusRect
DrawIcon
DrawMenuBar
DrawStateA
DrawTextA
DrawTextExA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumThreadWindows
ExitWindowsEx
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetFocus
GetKeyState
GetKeyboardState
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetNextDlgTabItem
GetParent
GetPropA
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowDC
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
GetWindowWord
HideCaret
HiliteMenuItem
InsertMenuA
InvalidateRect
InvertRect
IsChild
IsClipboardFormatAvailable
IsDialogMessageA
IsIconic
IsMenu
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadAcceleratorsA
LoadBitmapA
LoadCursorA
LoadIconA
LoadMenuA
LoadStringA
MapDialogRect
MapVirtualKeyA
MapWindowPoints
MessageBeep
MessageBoxA
ModifyMenuA
MoveWindow
OemToCharA
OemToCharBuffA
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RegisterClassA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
ScrollWindow
ScrollWindowEx
SendMessageA
SendMessageTimeoutA
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongA
SetClassWord
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetKeyboardState
SetMenu
SetMenuItemInfoA
SetParent
SetPropA
SetRectEmpty
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowWord
SetWindowsHookExA
ShowCaret
ShowCursor
ShowWindow
TrackPopupMenu
TranslateAcceleratorA
TranslateMessage
UnhookWindowsHookEx
UpdateWindow
WaitMessage
WinHelpA
WindowFromPoint
keybd_event
wsprintfA
GetSystemMenu

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
CoInitialize
CoTaskMemFree
OleInitialize
OleUninitialize
StringFromCLSID

oleaut32

GetActiveObject
LoadTypeLib
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPutElement
SysAllocStringLen
SysFreeString
VarR8FromCy
VarR8FromDec
VariantClear
VariantCopy
VariantInit

odbc32

ord1
ord2
ord3
ord72
ord27
ord8
ord9
ord41
ord10
ord11
ord13
ord14
ord15
ord31
ord16
ord43
ord36
ord45
ord61
ord18
ord39
ord50
ord75
ord51
ord54
ord23
ord42

msimg32

AlphaBlend

Exports

Exports

@CZipArchive@$bctr$qv
@CZipArchive@$bdtr$qv
@CZipArchive@AddNewFile$qpxciopqulipv$opvul
@CZipArchive@AddNewFileDrv$qpxciopqulipv$opvul
@CZipArchive@CheckForError$qi
@CZipArchive@Close$qo
@CZipArchive@CloseFile$qpxco
@CZipArchive@CloseFile$qr8CZipFile
@CZipArchive@CloseFileAfterTestFailed$qv
@CZipArchive@CloseNewFile$qv
@CZipArchive@CryptCRC32$qulc
@CZipArchive@CryptCheck$qv
@CZipArchive@CryptCryptHeader$qlr14CZipAutoBuffer
@CZipArchive@CryptDecode$qrc
@CZipArchive@CryptDecodeBuffer$qul
@CZipArchive@CryptDecryptByte$qv
@CZipArchive@CryptEncode$qrc
@CZipArchive@CryptEncodeBuffer$qv
@CZipArchive@CryptInitKeys$qv
@CZipArchive@CryptUpdateKeys$qc
@CZipArchive@CurrentFile$qv
@CZipArchive@DeleteFileA$qus
@CZipArchive@DeleteFiles$qr13CZipWordArray
@CZipArchive@DeleteFiles$qrx24%CZipArray$10CZipString%o
@CZipArchive@DeleteInternal$qus
@CZipArchive@EmptyPtrList$qv
@CZipArchive@EnableFindFast$qo
@CZipArchive@ExtractFile$quspxcot2pqulipv$opvul
@CZipArchive@FindFile$qpxco
@CZipArchive@GetArchivePath$qv
@CZipArchive@GetCRCTable$qv
@CZipArchive@GetCurrentDisk$qv
@CZipArchive@GetFileInfo$qr14CZipFileHeaderus
@CZipArchive@GetGlobalComment$qv
@CZipArchive@GetLocalExtraField$qpci
@CZipArchive@GetNoEntries$qv
@CZipArchive@GetPassword$qv
@CZipArchive@GetSpanMode$qv
@CZipArchive@IsClosed$qo
@CZipArchive@Open$qpxcii
@CZipArchive@Open$qr11CZipMemFilei
@CZipArchive@OpenFile$qus
@CZipArchive@OpenInternal$qi
@CZipArchive@OpenNewFile$qr14CZipFileHeaderipxc
@CZipArchive@ReadFile$qpvul
@CZipArchive@RemovePackedFile$qulul
@CZipArchive@SetAdvanced$qiii
@CZipArchive@SetExtraField$qpxcus
@CZipArchive@SetFileComment$quspxc
@CZipArchive@SetFileHeaderAttr$qr14CZipFileHeaderul
@CZipArchive@SetGlobalComment$qpxc
@CZipArchive@SetPassword$qpxc
@CZipArchive@SetRootPath$qpxc
@CZipArchive@SetSpanCallback$qpqulipv$opv
@CZipArchive@SetSystemCompatibility$qi
@CZipArchive@SingleToWide$qrx14CZipAutoBufferr10CZipString
@CZipArchive@TestFile$quspqulipv$opvul
@CZipArchive@ThrowError$qio
@CZipArchive@TrimRootPath$qr17CZipPathComponent
@CZipArchive@WideToSingle$qpxcr14CZipAutoBuffer
@CZipArchive@WriteNewFile$qpxvul
@CZipArchive@_zliballoc$qpvuiui
@CZipArchive@_zlibfree$qpvt1
@CZipArchive@m_gszCopyright
@CZipAutoBuffer@$basg$qrx14CZipAutoBuffer
@CZipAutoBuffer@$bctr$qrx14CZipAutoBuffer
@CZipAutoBuffer@$bctr$qulo
@CZipAutoBuffer@$bctr$qv
@CZipAutoBuffer@$bdtr$qv
@CZipAutoBuffer@Allocate$qulo
@CZipAutoBuffer@Release$qv
@CZipCentralDir@$bctr$qv
@CZipCentralDir@$bdtr$qv
@CZipCentralDir@$bsubs$qi
@CZipCentralDir@AddNewFile$qrx14CZipFileHeader
@CZipCentralDir@BuildFindFastArray$qv
@CZipCentralDir@Clear$qo
@CZipCentralDir@CloseFile$qv
@CZipCentralDir@CloseNewFile$qv
@CZipCentralDir@CompareElement$qpxcuso
@CZipCentralDir@ConvertAll$qv
@CZipCentralDir@FindFileNameIndex$qpxco
@CZipCentralDir@GetFileHeader$qrx72std@%list$p14CZipFileHeader33std@%allocator$p14CZipFileHeader%%@iterator
@CZipCentralDir@GetIterator$qi
@CZipCentralDir@GetSize$qo
@CZipCentralDir@Init$qv
@CZipCentralDir@InsertFindFastElement$qp14CZipFileHeaderus
@CZipCentralDir@IsValidIndex$qi
@CZipCentralDir@Locate$qv
@CZipCentralDir@OpenFile$qus
@CZipCentralDir@Read$qv
@CZipCentralDir@ReadHeaders$qv
@CZipCentralDir@RemoveDataDescr$qo
@CZipCentralDir@RemoveFile$qus
@CZipCentralDir@RemoveFromDisk$qv
@CZipCentralDir@RemoveHeaders$qv
@CZipCentralDir@ThrowError$qi
@CZipCentralDir@Write$qv
@CZipCentralDir@WriteCentralEnd$qv
@CZipCentralDir@WriteHeaders$qv
@CZipCentralDir@m_gszSignature
@CZipException@$bctr$qipxc
@CZipException@$bdtr$qv
@CZipException@Throw$qipxc
@CZipException@ZlibErrToZip$qi
@CZipFile@$bctr$qv
@CZipFile@$oi$qv
@CZipFile@Flush$qv
@CZipFile@GetLength$qv
@CZipFile@Open$qpxcuio
@CZipFile@SetLength$ql
@CZipFile@ThrowError$qv
@CZipFileHeader@$bctr$qv
@CZipFileHeader@$bdtr$qv
@CZipFileHeader@CheckCrcAndSizes$qpc
@CZipFileHeader@GetComment$qv
@CZipFileHeader@GetCrcAndSizes$qpc
@CZipFileHeader@GetFileName$qv
@CZipFileHeader@GetSize$qv
@CZipFileHeader@GetSystemAttr$qv
@CZipFileHeader@GetTime$qv
@CZipFileHeader@IsDataDescr$qv
@CZipFileHeader@IsDirectory$qv
@CZipFileHeader@IsEncrypted$qv
@CZipFileHeader@PrepareData$qioo
@CZipFileHeader@Read$qp11CZipStorage
@CZipFileHeader@ReadLocal$qp11CZipStoragerus
@CZipFileHeader@SetComment$qpxc
@CZipFileHeader@SetFileName$qpxc
@CZipFileHeader@SetSystemAttr$qul
@CZipFileHeader@SetTime$qrxl
@CZipFileHeader@Write$qp11CZipStorage
@CZipFileHeader@WriteLocal$qr11CZipStorage
@CZipFileHeader@m_gszLocalSignature
@CZipFileHeader@m_gszSignature
@CZipInternalInfo@$bctr$qv
@CZipInternalInfo@$bdtr$qv
@CZipInternalInfo@Init$qv
@CZipMemFile@Grow$ql
@CZipMemFile@Open$qpxcuio
@CZipMemFile@Read$qpvui
@CZipMemFile@Seek$qli
@CZipMemFile@SetLength$ql
@CZipMemFile@Write$qpxvui
@CZipStorage@$bctr$qv
@CZipStorage@$bdtr$qv
@CZipStorage@CallCallback$qi10CZipString
@CZipStorage@ChangeDisk$qi
@CZipStorage@ChangePkzipRead$qv
@CZipStorage@ChangeTdRead$qv
@CZipStorage@Close$qo
@CZipStorage@Flush$qv
@CZipStorage@GetCurrentDisk$qv
@CZipStorage@GetFreeInBuffer$qv
@CZipStorage@GetFreeVolumeSpace$qv
@CZipStorage@GetPosition$qv
@CZipStorage@GetTdVolumeName$qopxc
@CZipStorage@IsSpanMode$qv
@CZipStorage@NextDisk$qipxc
@CZipStorage@Open$qpxcii
@CZipStorage@Open$qr11CZipMemFilei
@CZipStorage@OpenFile$qpxcuio
@CZipStorage@Read$qpvulo
@CZipStorage@ThrowError$qi
@CZipStorage@UpdateSpanMode$qus
@CZipStorage@VolumeLeft$qv
@CZipStorage@Write$qpxvulo
@CZipStorage@WriteInternalBuffer$qpxcul
@CZipStorage@m_gszExtHeaderSignat
@CZipWordArray@Sort$qo
__DbgWndProc
__GetExceptDLLinfo
__WndProc
___CPPdebugHook
_hb_arrayAdd
_hb_arrayDel
_hb_arrayGet
_hb_arrayIns
_hb_arrayIsObject
_hb_arrayLast
_hb_arrayLen
_hb_arrayNew
_hb_arrayRelease
_hb_arraySet
_hb_arraySize
_hb_extIsArray
_hb_fsClose
_hb_fsCreate
_hb_fsDelete
_hb_fsOpen
_hb_fsRead
_hb_fsSeek
_hb_fsWrite
_hb_param
_hb_paramError
_hb_parc
_hb_parclen
_hb_parcsiz
_hb_pards
_hb_pardsbuff
_hb_parinfa
_hb_parinfo
_hb_parl
_hb_parnd
_hb_parni
_hb_parnl
_hb_pcount
_hb_ret
_hb_reta
_hb_retc
_hb_retclen
_hb_retd
_hb_retdl
_hb_retdts
_hb_retl
_hb_retnd
_hb_retndlen
_hb_retni
_hb_retnilen
_hb_retnl
_hb_retnlen
_hb_retnllen
_hb_storc
_hb_storclen
_hb_stords
_hb_storl
_hb_stornd
_hb_storni
_hb_stornl
_hb_vmExecute
_hb_vmProcessExeUsesDllSymbols
_hb_vmProcessPrgDllSymbols
_hb_vmProcessSymbols
_hb_vmProcessSysDllSymbols
_hb_xfree
_hb_xgrab
adler32
crc32
deflate
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflateReset
deflateSetDictionary
get_crc_table
inflate
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
zError
zlibVersion

Sections

.text
Size: 1.0MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_ace0767a2e6853a2f1b3bfd0f097ee7c.vir
.dll windows:4 windows x86 arch:x86

b15f50e3f2711e0feb9b6d0b6f0258b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_ad7efacd88d52a07cd786bb4819eafc5.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Development\Intermec StockTake\StockTake\StockTake\obj\Debug\StockTake.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_adfbbd98a304d6dd5a54424f8b085fad.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_af2e91e17e70b7b47ca584d37a946020.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_af426e3ffdb14c7c52877cd42c055f30.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_afb6f63997265658b799b1aa9e4e5bc5.vir
.dll windows:4 windows x86 arch:x86

0722c2d5091b2241f9969c2465c22776

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryA
EnterCriticalSection
Sleep
DeleteFileA
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
GetLocalTime
CopyFileA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetCurrentThreadId
GetThreadLocale
IsDBCSLeadByte
GetDateFormatA
InterlockedIncrement
InterlockedExchange
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
CloseHandle
GetLastError
GetFileSize
SetEndOfFile
GetFileAttributesA
GetProcAddress
LoadLibraryA
CreateEventA
SetEvent
WaitForSingleObject
lstrlenA
LocalFree
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
RaiseException
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
SetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor

ole32

CoInitialize
CoUninitialize
OleRun
CoCreateInstance

oleaut32

SysAllocString
GetErrorInfo
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysFreeString

libxml2

xmlNewNode
xmlDocSetRootElement
xmlGetProp
xmlNewDoc
xmlFree
xmlStrPrintf
xmlXPathFreeObject
xmlFreeDoc
xmlNewChild
xmlNewProp
xmlSaveFile
xmlDocGetRootElement
xmlXPathFreeContext
xmlXPathEvalExpression
xmlXPathNewContext
xmlSetProp
xmlNodeSetContent
xmlNodeGetContent

user32

GetSystemMetrics

Exports

Exports

CloseDevice
ConfigureDevice
GetAttribAsLong
GetAttribAsString
GetDevMethods
GetDevVersion
LoadDevice
OpenDevice
SetAttribByLong
SetAttribByString
UnLoadDevice

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_afe85f91b0888ffcfe69de09b9b7b7a7.vir
.exe windows:4 windows x86 arch:x86

4333d91df325f779dcf70dac5a3d9480

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
GetModuleFileNameA
FindFirstFileA
GetPrivateProfileStringA
GetCurrentProcess
GetDriveTypeA
GetVersionExA
WritePrivateProfileStringA
MoveFileExA
GetShortPathNameA
SetFileTime
GetTempPathA
GetFullPathNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GlobalHandle
lstrcatA
GetDiskFreeSpaceA
CloseHandle
GlobalAlloc
GlobalLock
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
MoveFileA
SetFileAttributesA
DeleteFileA
GetFileAttributesA
GetLastError
TerminateProcess
GlobalUnlock
SetCurrentDirectoryA
GetCurrentDirectoryA
RaiseException
WinExec
GlobalFree
CreateDirectoryA
HeapFree
SetEnvironmentVariableA
HeapCompact
HeapSize
HeapAlloc
CreateFileA
ReadFile
RtlUnwind
IsBadCodePtr
GetStringTypeA
IsBadReadPtr
LoadLibraryA
LocalAlloc
LocalFree
ExitProcess
WriteFile
GetProcAddress
SetFilePointer
GetStringTypeW

user32

GetWindow
DestroyWindow
GetSysColor
GetDC
GetWindowRect
SendMessageA
ScreenToClient
FillRect
GetDlgItem
EndPaint
SetWindowLongA
BeginPaint
GetClientRect
wsprintfA
ReleaseDC
SetDlgItemTextA
GetParent
SetWindowPos
GetSystemMetrics
SetWindowTextA
PostMessageA
GetDlgItemTextA
OemToCharA
CreateWindowExA
LoadIconA
LoadCursorA
RegisterClassA
FindWindowA
GetLastActivePopup
BringWindowToTop
AdjustWindowRectEx
UpdateWindow
ExitWindowsEx
IsIconic
RedrawWindow
PostQuitMessage
DefWindowProcA
ShowWindow
KillTimer
SetTimer
SetFocus
DialogBoxIndirectParamA
EndDialog
EnableWindow
MessageBoxA
CreateDialogIndirectParamA
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterWindowMessageA

gdi32

GetObjectA
StretchDIBits
GetStockObject
CreateCompatibleDC
DeleteObject
CreateFontIndirectA
CreateSolidBrush
SetBkColor
CreatePalette
ExtTextOutA
GetDeviceCaps
RealizePalette
GetSystemPaletteEntries
IntersectClipRect
TextOutA
SelectPalette
SetBkMode
SelectObject
SetTextColor
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateDIBPatternBrush

comdlg32

GetSaveFileNameA

advapi32

RegOpenKeyA
OpenProcessToken
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerFindFileA

comctl32

ord17

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_b025c9d2fdeab069f2b2ce451003acb6.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_b0a8398b609efabb12fc7efc907b8f8c.vir
.exe windows:4 windows x86 arch:x86

d4aecd60fcab62e5d64066f4d7d3223b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

mfc42

ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord5199
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2764
ord1168
ord537
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord823
ord825
ord4673
ord1576
ord2985
ord800

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
exit
sprintf
strstr
atoi
_setmbcp

kernel32

GetCommandLineA
LoadLibraryExA
GetProcAddress
GetStartupInfoA
GetModuleHandleA
GetPrivateProfileStringA
GetSystemDirectoryA

advapi32

RegOpenKeyExA
RegEnumKeyA
RegCloseKey
RegQueryValueExA

shell32

SHGetFolderPathA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

vaknilt
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_b0b11f4384889800f52b96865accacae.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_b15a4cfbabe6e50295f3d6931e42c3e7.vir
.exe windows:4 windows x86 arch:x86

3ed0dcdd3b5bed3cd924f396717f3576

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

gui

?OnKeyDown@CDisassemblyWnd@@IAEXIII@Z
?EnsureVisible@CDisassemblyWnd@@QAEXH@Z
?UpdateLabel@CFileTabCtrl@@QAEXPAVCMDIChildWnd@@VCString@@@Z
?classCMemory@CMemory@@2UCRuntimeClass@@B
?messageMap@CMemory@@1UAFX_MSGMAP@@B
?Create@CMemory@@UAEHPBD0KABUtagRECT@@PAVCWnd@@IPAUCCreateContext@@@Z
??0CMemory@@QAE@XZ
??1CMemory@@UAE@XZ
?UpdateScrollbars@CMemory@@QAEXXZ
?SetMemory@CMemory@@IAEXIIE@Z
?OnSize@CMemory@@IAEXIHH@Z
?OnVScroll@CMemory@@IAEXIIPAVCScrollBar@@@Z
?OnMouseWheel@CMemory@@IAEHIFVCPoint@@@Z
?OnKeyDown@CMemory@@IAEXIII@Z
?PreTranslateMessage@CMemory@@UAEHPAUtagMSG@@@Z
?classCOutputWnd@COutputWnd@@2UCRuntimeClass@@B
?messageMap@COutputWnd@@1UAFX_MSGMAP@@B
?Create@COutputWnd@@UAEHPBD0KABUtagRECT@@PAVCWnd@@IPAUCCreateContext@@@Z
??0COutputWnd@@QAE@XZ
??1COutputWnd@@UAE@XZ
?OnLButtonDblClk@COutputWnd@@IAEXIVCPoint@@@Z
?SetBkColor@COutputWnd@@QAEXK@Z
?SetTextColor@COutputWnd@@QAEXK@Z
?SetTextFont@COutputWnd@@QAEXUtagLOGFONTA@@@Z
?OnMouseWheel@CDisassemblyWnd@@IAEHIFVCPoint@@@Z
??1CFileTabCtrl@@UAE@XZ
??1CWorkTabCtrl@@UAE@XZ
??1CWorkControlBar@@UAE@XZ
??0CFileTabCtrl@@QAE@XZ
??0CWorkTabCtrl@@QAE@XZ
??0CWorkControlBar@@QAE@XZ
?GlobalLoadState@CWorkControlBar@@SAXPAVCFrameWnd@@PBD@Z
?UpdateAllWindow@CWorkTabCtrl@@QAEXXZ
?AddPage@CWorkTabCtrl@@QAEXPAVCWnd@@PBDI@Z
?Create@CWorkTabCtrl@@QAEHIABVCRect@@PAVCWnd@@I@Z
?GlobalSaveState@CWorkControlBar@@SAXPAVCFrameWnd@@PBD@Z
?Clear@COutputWnd@@QAEXXZ
?SetActivePage@CWorkTabCtrl@@QAEXH@Z
?GetActivePage@CWorkTabCtrl@@QAEHXZ
?SetTextFont@CMemory@@QAEXUtagLOGFONTA@@@Z
??1CMyListCtrl@@UAE@XZ
??0CMyListCtrl@@QAE@VCString@@@Z
?PreTranslateMessage@CEditCell@@UAEHPAUtagMSG@@@Z
?GetMessageMap@CEditCell@@MBEPBUAFX_MSGMAP@@XZ
??0CEditCell@@QAE@PAVCMyListCtrl@@HHVCString@@@Z
??1CEditCell@@UAE@XZ
?classCWorkTabCtrl@CWorkTabCtrl@@2UCRuntimeClass@@B
?messageMap@CWorkTabCtrl@@1UAFX_MSGMAP@@B
?OnSizing@CWorkTabCtrl@@IAEXIPAUtagRECT@@@Z
?OnLButtonDown@CWorkTabCtrl@@IAEXIVCPoint@@@Z
?OnVScroll@CDisassemblyWnd@@IAEXIIPAVCScrollBar@@@Z
?OnSize@CDisassemblyWnd@@IAEXIHH@Z
?GetSelectedLine@CDisassemblyWnd@@QAEHXZ
?OnDestroy@CDisassemblyWnd@@IAEXXZ
?InsertLine@CDisassemblyWnd@@QAEXPADKH@Z
?OnCreate@CDisassemblyWnd@@IAEHPAUtagCREATESTRUCTA@@@Z
??0CDisassemblyWnd@@QAE@XZ
?Reset@CDisassemblyWnd@@IAEXXZ
??1CDisassemblyWnd@@UAE@XZ
?messageMap@CDisassemblyWnd@@1UAFX_MSGMAP@@B
?classCDisassemblyWnd@CDisassemblyWnd@@2UCRuntimeClass@@B
?DeleteLabel@CFileTabCtrl@@QAEXPAVCMDIChildWnd@@@Z
?InsertLine@COutputWnd@@QAEXPADH@Z
?AddLabel@CFileTabCtrl@@QAEXPAVCMDIChildWnd@@@Z

mfc42

ord3639
ord5265
ord4376
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord567
ord324
ord692
ord2302
ord4234
ord6334
ord4083
ord3447
ord3196
ord2884
ord4710
ord4853
ord1829
ord3619
ord3626
ord656
ord2414
ord4275
ord5981
ord2379
ord3571
ord3573
ord755
ord640
ord6172
ord5873
ord5789
ord5785
ord1641
ord1640
ord2859
ord323
ord470
ord2864
ord6129
ord3753
ord3754
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3699
ord489
ord768
ord2301
ord6199
ord3092
ord4589
ord5076
ord4341
ord4349
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord1726
ord4432
ord4042
ord3216
ord4544
ord5685
ord3274
ord3353
ord4622
ord3579
ord5495
ord439
ord736
ord6403
ord6402
ord3522
ord3521
ord4160
ord2817
ord1105
ord1799
ord290
ord614
ord2841
ord4226
ord2846
ord2107
ord2614
ord5440
ord6383
ord5450
ord6394
ord4614
ord4613
ord1945
ord4273
ord813
ord2243
ord560
ord5260
ord1233
ord1928
ord2867
ord5768
ord2753
ord2754
ord2097
ord384
ord2405
ord2860
ord3916
ord3497
ord3089
ord4723
ord4890
ord2535
ord3909
ord4317
ord4508
ord6128
ord3752
ord5148
ord4694
ord5053
ord4464
ord2526
ord469
ord729
ord2504
ord1706
ord430
ord2652
ord1669
ord2358
ord2370
ord2642
ord3874
ord1858
ord4245
ord5101
ord2101
ord2723
ord2390
ord3059
ord5100
ord4424
ord4303
ord3351
ord5012
ord976
ord5472
ord3403
ord2879
ord2878
ord4152
ord4077
ord5237
ord2382
ord5283
ord2649
ord1665
ord4436
ord2445
ord4427
ord527
ord401
ord674
ord794
ord5254
ord2115
ord4772
ord4500
ord4224
ord4413
ord1871
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2298
ord6209
ord3317
ord5861
ord6663
ord6876
ord668
ord1980
ord940
ord536
ord3181
ord4058
ord2781
ord2770
ord356
ord2645
ord4284
ord1768
ord1907
ord4258
ord3701
ord500
ord772
ord5606
ord3398
ord3733
ord810
ord4271
ord4000
ord2862
ord1146
ord2096
ord3287
ord3290
ord3914
ord6008
ord2763
ord3495
ord6874
ord4615
ord4610
ord4274
ord6375
ord1576
ord2554
ord2512
ord5731
ord3922
ord1089
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord815
ord561
ord6215
ord2558
ord617
ord5301
ord5214
ord296
ord986
ord411
ord502
ord4159
ord6117
ord1205
ord2621
ord1134
ord4277
ord2725
ord6143
ord3452
ord2515
ord355
ord5199
ord2004
ord1690
ord2528
ord5288
ord4439
ord2054
ord3386
ord4431
ord3700
ord498
ord771
ord5953
ord4715
ord4467
ord2450
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord338
ord4823
ord4858
ord2399
ord6329
ord809
ord556
ord1088
ord2122
ord6358
ord1859
ord4246
ord3698
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord3350
ord975
ord2880
ord4153
ord2383
ord4437
ord4428
ord642
ord807
ord796
ord765
ord327
ord554
ord529
ord402
ord4146
ord2639
ord2108
ord3294
ord2494
ord2627
ord2626
ord2087
ord6000
ord2117
ord4163
ord6625
ord4457
ord5871
ord4287
ord2119
ord2123
ord5255
ord5732
ord1008
ord3499
ord6069
ord2820
ord3811
ord6197
ord6379
ord5032
ord5860
ord551
ord4216
ord5442
ord3318
ord5284
ord3303
ord3175
ord6407
ord4055
ord6195
ord3870
ord6781
ord2065
ord4402
ord3640
ord4243
ord4299
ord3610
ord2089
ord3301
ord3293
ord3910
ord6907
ord3998
ord6762
ord6779
ord818
ord1949
ord3996
ord2100
ord6453
ord925
ord3402
ord5290
ord4401
ord1776
ord6055
ord2581
ord4219
ord2024
ord2413
ord6366
ord1771
ord6283
ord541
ord801
ord4278
ord6282
ord533
ord5194
ord5465
ord6648
ord1997
ord798
ord4204
ord939
ord941
ord1175
ord1168
ord354
ord2915
ord926
ord5572
ord5186
ord1200
ord6385
ord6877
ord4202
ord1979
ord5608
ord3790
ord665
ord6883

msvcrt

_setmbcp
_itoa
_strdup
isprint
_except_handler3
free
calloc
_mbsnbcpy
_splitpath
strchr
isalnum
strstr
strtol
strtok
sscanf
_controlfp
fopen
perror
_stat
_mbsstr
malloc
fread
ftell
fseek
fwrite
isdigit
strncmp
_strupr
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
sprintf
isspace
__CxxFrameHandler
memmove
atoi
strtoul
_mbsicmp
system
_putenv
fclose
_mbscmp

kernel32

FindFirstFileA
WriteFile
GetTempFileNameA
lstrcatA
lstrcpyA
MulDiv
GlobalAlloc
lstrcpynA
GetVersionExA
GetPrivateProfileStringA
GetProcAddress
GetModuleHandleA
Sleep
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
SetCommTimeouts
SetCommState
GetCommState
PurgeComm
DeviceIoControl
FindNextFileA
FreeLibrary
LoadLibraryA
CreateDirectoryA
GetStartupInfoA
MoveFileA
FindClose
GetFileAttributesA
CreateFileA
ReadFile
lstrlenA
GlobalLock
GlobalUnlock
CopyFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
DeleteFileA
WaitForSingleObject
CloseHandle
CreateProcessA
TerminateProcess

user32

GetWindowLongA
IsIconic
GetWindow
IsZoomed
CloseWindow
IsWindowVisible
GetActiveWindow
BringWindowToTop
GetMenu
EnableMenuItem
LoadMenuA
GetParent
ClientToScreen
LoadIconA
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
SetCapture
TranslateAcceleratorA
LoadAcceleratorsA
GetCursorPos
ScreenToClient
LoadCursorA
SetCursor
GetDlgItem
GetDC
ReleaseDC
IsWindow
OffsetRect
KillTimer
SetTimer
GetAsyncKeyState
UpdateWindow
GetFocus
CreateCaret
SetScrollInfo
EnableScrollBar
PtInRect
DestroyCaret
InvalidateRect
PostMessageA
FillRect
DrawTextA
GetSysColor
ReleaseCapture
HideCaret
SetCaretPos
ShowCaret
GetClientRect
DispatchMessageA
TranslateMessage
PeekMessageA
SendMessageA
EnableWindow
RedrawWindow
SetScrollPos
GetKeyState
GetSubMenu

gdi32

GetTextExtentPoint32A
GetCharWidthA
SetBoundsRect
CreateSolidBrush
TextOutA
CreateCompatibleDC
CreateFontA
CreateFontIndirectA
GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
BitBlt

shell32

ShellExecuteExA
SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA

comctl32

ImageList_ReplaceIcon
ImageList_Draw

msvcp60

??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
?pubseekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@ios_base@std@@QAEXH_N@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Fpz@std@@3_JB
??0Init@ios_base@std@@QAE@XZ

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

Sections

.text
Size: 284KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_b1bc03fb8079499eb9911f95c2bac448.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_b2c9891fce46879bc6331937295ac8b1.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_b315f058b771ac20b92b3f555b22eaca.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_b669a24246437ad5ca2e70814a619bb9.vir
.exe windows:5 windows x86 arch:x86

32398d4ef535166fe3a511a0837e8cb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetLastError
LoadLibraryA
ExitProcess

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_b6f847a3a277193c976546549b0da036.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

\\W7\Speechi\Speechi\RecordVideo\obj\x86\Release\videorecord.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 766KB - Virtual size: 766KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_b8685349d3ec842fb701f343dfc2aa88.vir
.dll regsvr32 windows:4 windows x86 arch:x86

7e7c5a18955a805bfdd0e926dbbc3113

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
EnumResourceNamesW
FindResourceW
GetEnvironmentVariableW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrW
LoadLibraryW
LoadResource
MultiByteToWideChar
RaiseException
SizeofResource

ntdll

_vsnprintf

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
_strdup
free
fwrite
getenv
memcmp
memmove
strchr
strcmp
strcspn
strlen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetPStoreProvider
PStoreCreateInstance
PStoreEnumProviders

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 164B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_b8a935fd35ebae04be3be971408d2026.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_b8ac0f752bae7e798fcf442b5c92f2a0.vir
.dll windows:6 windows x64 arch:x64

38f1a043bcda231275e9d6dd3ad097af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp140_app

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1_app

__CxxFrameHandler4

vcruntime140_app

__C_specific_handler
_CxxThrowException
__std_type_info_destroy_list
__std_exception_copy
__std_exception_destroy
memcpy
memmove
memset
memcmp

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsprintf

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_cexit
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-crt-math-l1-1-0

logf

Exports

Exports

ADDON_Create
ADDON_GetTypeMinVersion
ADDON_GetTypeVersion

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_b95ef5d203bf0b5e1ae944ccfeb425c4.vir
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_b9fa8dcc7fd97dc0b64fe4dbead32539.vir
Virussign.2024.06.08/virussign.com_baddab3abf287e8af44dad604090ccf5.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_baf520e559f16e03e97855aeed6b2450.vir
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_bbbea9c65b906915a52fb35425192c5f.vir
.dll windows:6 windows x86 arch:x86

346403e2d2fb3cdb6abb55ca9a451761

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DCompile
D3DDisassemble

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateEventExW
SetEvent

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-file-l1-1-0

FindClose
FindNextFileW
GetFullPathNameW
FindFirstFileExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-libraryloader-l2-1-0

LoadPackagedLibrary

api-ms-win-core-localization-l1-2-0

FormatMessageA

msvcp140_app

?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
??0_Locinfo@std@@QAE@HPBD@Z
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Getname@_Locinfo@std@@QBEPBDXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_Xruntime_error@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
_Strcoll
?id@?$collate@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
_Strxfrm
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?_Raise_handler@std@@3P6AXABVexception@stdext@@@ZA
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
_Thrd_hardware_concurrency
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AAE@XZ
_Mtx_current_owns
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPAXPBX@Z
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
_Cnd_timedwait
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
_Cnd_register_at_thread_exit
_Cnd_wait
_Query_perf_counter
_Xtime_get_ticks
_Cnd_broadcast
_Cnd_destroy_in_situ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?in_avail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z

kernel32

InitOnceComplete
InitOnceBeginInitialize

vcruntime140_app

memset
memmove
memcpy
memchr
__RTDynamicCast
_except_handler4_common
_CxxThrowException
__std_type_info_destroy_list
__current_exception_context
__current_exception
strchr
__RTtypeid
__std_type_info_name
__std_type_info_compare
strstr
__std_terminate
_purecall
__std_exception_copy
__CxxFrameHandler3
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
realloc
free

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
feof
fopen_s
fputc
fseek
__acrt_iob_func
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
fflush
fclose
__stdio_common_vsprintf_s
fgetc
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite

api-ms-win-crt-convert-l1-1-0

strtoul
mbsrtowcs
wcstombs
mbstowcs_s
wcstombs_s
atoi
strtol

api-ms-win-crt-runtime-l1-1-0

_invoke_watson
_set_errno
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
terminate
abort
exit
_invalid_parameter_noinfo_noreturn
_errno

api-ms-win-crt-string-l1-1-0

tolower
strncmp
toupper
isdigit
strncpy
_strdup
isspace
_stricmp

api-ms-win-crt-math-l1-1-0

_CIatan2
_CIcosh
_CIsinh
round
log2
_CItanh
modf
lroundf
asinhf
atanhf
acoshf
truncf
_fdsign
exp2f
_libm_sse2_acos_precise
_libm_sse2_asin_precise
_libm_sse2_atan_precise
roundf
_libm_sse2_cos_precise
fmax
fmaxf
hypot
_libm_sse2_exp_precise
_libm_sse2_log10_precise
_libm_sse2_log_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
ceil
ldexp
floor
_libm_sse2_tan_precise

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

Exports

Exports

??0BeatDetect@@QAE@PAVPCM@@@Z
??0Func@@QAE@ABV0@@Z
??0Func@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@P6AMPAM@ZHH@Z
??0PCM@@QAE@XZ
??0PlatformMethods@angle@@QAE@XZ
??0PresetInputs@@QAE@ABV0@@Z
??0PresetOutputs@@QAE@ABV0@@Z
??0projectM@@QAE@USettings@0@H@Z
??0projectM@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
??1BeatDetect@@QAE@XZ
??1Func@@QAE@XZ
??1PCM@@QAE@XZ
??1projectM@@UAE@XZ
??4BeatDetect@@QAEAAV0@ABV0@@Z
??4Func@@QAEAAV0@ABV0@@Z
??4PCM@@QAEAAV0@ABV0@@Z
??4PlatformMethods@angle@@QAEAAU01@$$QAU01@@Z
??4PlatformMethods@angle@@QAEAAU01@ABU01@@Z
??4PresetInputs@@QAEAAV0@ABV0@@Z
??4PresetOutputs@@QAEAAV0@ABV0@@Z
??_7PresetInputs@@6B@
??_7PresetOutputs@@6B@
??_7projectM@@6B@
?FLAG_DISABLE_PLAYLIST_LOAD@projectM@@2HB
?FLAG_NONE@projectM@@2HB
?_initPCM@PCM@@AAEXH@Z
?addPCM16@PCM@@QAEXQAY0CAA@F@Z
?addPCM16Data@PCM@@QAEXPBFF@Z
?addPCM8@PCM@@QAEXQAY0EAA@E@Z
?addPCM8_512@PCM@@QAEXQAY0CAA@$$CBE@Z
?addPCMfloat@PCM@@QAEXPBMH@Z
?addPCMfloat_2ch@PCM@@QAEXPBMH@Z
?addPresetURL@projectM@@QAEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0ABV?$vector@HV?$allocator@H@std@@@3@@Z
?changeHardcutDuration@projectM@@QAEXH@Z
?changePresetDuration@projectM@@QAEXH@Z
?changePresetName@projectM@@QAEXIV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?changePresetRating@projectM@@QAEXIHW4PresetRatingType@@@Z
?changeTextureSize@projectM@@QAEXH@Z
?clearPlaylist@projectM@@QAEXXZ
?default_key_handler@projectM@@QAEXW4projectMEvent@@W4projectMKeycode@@@Z
?deleteSearchText@projectM@@QAEXXZ
?destroyPresetTools@projectM@@AAEXXZ
?detectFromSamples@BeatDetect@@QAEXXZ
?evaluateSecondPreset@projectM@@QAEXXZ
?freePCM@PCM@@QAEXXZ
?getBeatVals@BeatDetect@@QAEXMIPAM0@Z
?getErrorLoadingCurrentPreset@projectM@@QBE_NXZ
?getMeshSize@projectM@@QAEXPAH0@Z
?getName@Func@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getNumArgs@Func@@QBEHXZ
?getPCM@PCM@@QAEXPAMHHHMH@Z
?getPCMScale@BeatDetect@@QAEMXZ
?getPCMnew@PCM@@QAEHPAMHHMHH@Z
?getPlaylistSize@projectM@@QBEIXZ
?getPresetIndex@projectM@@QBEIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getPresetName@projectM@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?getPresetRating@projectM@@QBEHIW4PresetRatingType@@@Z
?getPresetURL@projectM@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?getSearchIndex@projectM@@QBEIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getWindowHeight@projectM@@QAEHXZ
?getWindowWidth@projectM@@QAEHXZ
?initPresetTools@projectM@@AAEHHH@Z
?initRenderToTexture@projectM@@QAEIXZ
?insertPresetURL@projectM@@QAEXIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0ABV?$vector@HV?$allocator@H@std@@@3@@Z
?isPresetLocked@projectM@@QBE_NXZ
?isShuffleEnabled@projectM@@QBE_NXZ
?isTextInputActive@projectM@@QBE_N_N@Z
?key_handler@projectM@@QAEXW4projectMEvent@@W4projectMKeycode@@W4projectMModifier@@@Z
?maxsamples@PCM@@2HA
?pcm@projectM@@QAEPAVPCM@@XZ
?pipelineContext2@projectM@@QAEAAVPipelineContext@@XZ
?pipelineContext@projectM@@QAEAAVPipelineContext@@XZ
?populatePresetMenu@projectM@@QAEXXZ
?presetPositionValid@projectM@@QBE_NXZ
?presetRatingChanged@projectM@@UBEXIHW4PresetRatingType@@@Z
?presetSwitchFailedEvent@projectM@@UBEX_NIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?presetSwitchedEvent@projectM@@UBEX_NI@Z
?projectM_init@projectM@@AAEXHHHHHH@Z
?projectM_reset@projectM@@AAEXXZ
?projectM_resetGL@projectM@@QAEXHH@Z
?projectM_resetTextures@projectM@@QAEXXZ
?projectM_resetengine@projectM@@AAEXXZ
?projectM_setTitle@projectM@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?readConfig@projectM@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?readSettings@projectM@@AAEXABUSettings@1@@Z
?removePreset@projectM@@QAEXI@Z
?renderFrame@projectM@@QAEXXZ
?renderFrameEndOnSeparatePasses@projectM@@QAEXPAVPipeline@@@Z
?renderFrameOnlyPass1@projectM@@QAEPAVPipeline@@PAV2@@Z
?renderFrameOnlyPass2@projectM@@QAEXPAVPipeline@@HHH@Z
?reset@BeatDetect@@QAEXXZ
?resetSearchText@projectM@@QAEXXZ
?selectNext@projectM@@QAEX_N@Z
?selectPreset@projectM@@QAEXI_N@Z
?selectPresetByName@projectM@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?selectPresetPosition@projectM@@QAEXI@Z
?selectPrevious@projectM@@QAEX_N@Z
?selectRandom@projectM@@QAEX_N@Z
?selectedPresetIndex@projectM@@QBE_NAAI@Z
?setHelpText@projectM@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setPresetLock@projectM@@QAEX_N@Z
?setSearchText@projectM@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setShuffleEnabled@projectM@@QAEX_N@Z
?setToastMessage@projectM@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?settings@projectM@@QBEABUSettings@1@XZ
?shuffleEnabledValueChanged@projectM@@UBEX_N@Z
?startPresetTransition@projectM@@AAE_N_N@Z
?switchToCurrentPreset@projectM@@AAE?AV?$unique_ptr@VPreset@@U?$default_delete@VPreset@@@std@@@std@@XZ
?toggleSearchText@projectM@@QAEXXZ
?touch@projectM@@QAEXMMHH@Z
?touchDestroy@projectM@@QAEXMM@Z
?touchDestroyAll@projectM@@QAEXXZ
?touchDrag@projectM@@QAEXMMH@Z
?writeConfig@projectM@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUSettings@1@@Z
ADDON_Create
ADDON_GetTypeMinVersion
ADDON_GetTypeVersion
_ANGLEGetDisplayPlatform@20
_ANGLEResetDisplayPlatform@4

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_bbc411f18478e254b625ec1b0fdf0f09.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 845KB - Virtual size: 845KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_bd5f3a80ea6153b4ee71675a5ddf561c.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_bde84e2885749cb6b0fcc46c201dc58d.vir
.dll windows:5 windows x86 arch:x86

8f02a6650390e3de20cd8713f47ca2dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\builds\build-sourcemod-msvc12\windows-1.7\OUTPUT\extensions\topmenus\topmenus.ext\topmenus.ext.pdb

Imports

kernel32

EncodePointer
DecodePointer
IsProcessorFeaturePresent
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCommandLineA
GetCurrentThreadId
RaiseException
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
DeleteCriticalSection
GetFileType
GetStartupInfoW
SetLastError
HeapSize
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
CloseHandle
SetStdHandle
WriteConsoleW
CreateFileW

Exports

Exports

GetSMExtAPI

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_bebcd9de6b6c54250974655bee081ad6.vir
.exe windows:4 windows x86 arch:x86

5c4d602843f54570889588b32f7af650

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_bf1276bd977d7dfbc24b76b70864e369.vir
.exe windows:4 windows x86 arch:x86

5bd186fdc6805cc26c09779e468bcded

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hisdb_lib

?ExecSql@CHisDB@@QAEHVCString@@@Z
?IsConnectDB@CHisDB@@QAEHXZ
?Connectaccessdb@CHisDB@@QAEHVCString@@00@Z
?MoveFirst@CHisDB@@QAEHXZ
?GetData@CHisDB@@QAEXJAAVCString@@@Z
?MoveNext@CHisDB@@QAEHXZ
?CreateAccessDB@CHisDB@@SAHVCString@@@Z
?DisConnectDB@CHisDB@@QAEHXZ
?IsHaveTableName@CHisDB@@SAHVCString@@0@Z
?CloseResordSet@CHisDB@@QAEXXZ
?CloseTable@CHisDB@@QAEXXZ
?OpenTable@CHisDB@@QAEHVCString@@@Z
?AddNew@CHisDB@@QAEHXZ
?PutData@CHisDB@@QAEXJVCString@@@Z
?Update@CHisDB@@QAEHXZ
?ExInitCom@CHisDB@@SAXXZ
?InitCom@CHisDB@@SAHXZ
??1CHisDB@@UAE@XZ
?OpenResordsetSql@CHisDB@@QAEHVCString@@@Z
??0CHisDB@@QAE@XZ

mfc42

ord4960
ord4108
ord6054
ord4078
ord1776
ord4407
ord5240
ord2385
ord5163
ord6374
ord4353
ord5281
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3748
ord5065
ord1725
ord5260
ord2446
ord2091
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4432
ord6508
ord693
ord609
ord616
ord567
ord364
ord784
ord2302
ord4241
ord4456
ord6334
ord2642
ord3996
ord860
ord540
ord800
ord4284
ord4720
ord2379
ord941
ord4278
ord6283
ord6282
ord858
ord6907
ord3998
ord922
ord924
ord926
ord939
ord2818
ord3337
ord6767
ord535
ord537
ord2820
ord5265
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord324
ord4234
ord4710
ord4376
ord2370
ord2362
ord2366
ord2301
ord3092
ord5953
ord6453
ord4204
ord665
ord1979
ord6385
ord5186
ord354
ord3573
ord3626
ord3663
ord2414
ord2135
ord818
ord1641
ord4480
ord2688
ord6199
ord6215
ord3619
ord2243
ord3908
ord4133
ord4297
ord3301
ord5875
ord3517
ord1168
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4963
ord4427
ord796
ord674
ord554
ord529
ord366
ord807
ord5442
ord2863
ord2864
ord6067
ord2494
ord2627
ord2626
ord6000
ord2117
ord4457
ord4499
ord5252
ord5949
ord5852
ord5484
ord2884
ord686
ord6146
ord5885
ord5882
ord5883
ord2453
ord2862
ord2097
ord384
ord6625
ord1200
ord668
ord1980
ord2770
ord356
ord4129
ord3811
ord613
ord289
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord2621
ord1134
ord2725
ord2448
ord551
ord5710
ord2764
ord4203
ord4202
ord6930
ord6928
ord3181
ord4058
ord2781
ord6648
ord3790
ord5834
ord2044
ord5450
ord6394
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1945
ord4273
ord4341
ord4349
ord4723
ord4890
ord4964
ord4961
ord1726
ord560
ord813
ord1175
ord4160
ord2537
ord763
ord640
ord602
ord5678
ord5736
ord765
ord1199
ord2450
ord3074
ord1147
ord3097
ord1640
ord323
ord3506
ord3499
ord2515
ord355
ord483
ord3567
ord3698
ord1949
ord6094
ord4524
ord4529
ord4526
ord4543
ord4545
ord4531
ord4889
ord4347
ord4340
ord5076
ord4533
ord4892
ord4370
ord4899
ord4588
ord4589
ord3640
ord4424
ord3370
ord2124
ord5261
ord1727
ord3749
ord5290
ord5241
ord4402
ord6055
ord2582
ord6741
ord3402
ord3574
ord4396
ord2575
ord3582
ord4398
ord2578
ord4218
ord2023
ord2411
ord1841
ord825
ord823
ord4436
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_setmbcp
__CxxFrameHandler
sprintf
atoi
atof
time
_mbscmp
_ftol
printf
exit
atol
strncpy
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_controlfp
_XcptFilter
_acmdln
_initterm
__getmainargs

kernel32

GetStartupInfoA
GetModuleHandleA
GetTickCount
LoadLibraryA
GetProcAddress
lstrcpyA
GlobalUnlock
GlobalLock
DeviceIoControl
CreateFileA
CloseHandle
CopyFileA
lstrcatA
GetSystemDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
Beep
GetLastError
GetCurrentDirectoryA

user32

wsprintfA
UpdateWindow
ChangeDisplaySettingsA
FindWindowA
GetWindowLongA
SetWindowLongA
GetWindowRect
SetWindowPos
GetSystemMenu
GetMenuItemCount
GetMenuItemID
EnableMenuItem
SetRect
KillTimer
SetTimer
MessageBoxA
SendMessageA
GetClientRect
EnableWindow
PeekMessageA

gdi32

CreateSolidBrush
Rectangle
TextOutA
AbortDoc
EndDoc
EndPage
StartPage
StartDocA
SetAbortProc
DPtoLP
GetDeviceCaps
GetTextExtentPoint32A

advapi32

CloseServiceHandle
StartServiceA
OpenServiceA
OpenSCManagerA
CreateServiceA

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c07e3d56221fbed5ca57b6c0b9f17a7e.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_c0c69977f633a22b86d48c2c1b18ddd5.vir
.exe windows:4 windows x86 arch:x86

90afa92d873238ff3b805cbd75c43898

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetVersionExA
GetVersion
CompareStringA
GetTimeZoneInformation
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetDriveTypeA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetCommandLineA
GetStartupInfoA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
RemoveDirectoryA
MoveFileA
RtlUnwind
DeleteFileA
SetEnvironmentVariableA
CreateDirectoryA
HeapFree
HeapAlloc
HeapCompact
TerminateProcess
ExitProcess
GetFileAttributesA
SetFileAttributesA
GetCurrentProcess
MoveFileExA
GetModuleHandleA
FormatMessageA
CopyFileA
SetFileTime
OpenFile
SetErrorMode
GetPrivateProfileStringA
WritePrivateProfileStringA
GetTickCount
GetFullPathNameA
MultiByteToWideChar
WideCharToMultiByte
GetLocalTime
GetTempPathA
GetShortPathNameA
GetExitCodeProcess
GetCurrentDirectoryA
CompareStringW
SetCurrentDirectoryA
CreateProcessA
Sleep
lstrcatA
lstrlenA
WinExec
LoadLibraryA
GetProcAddress
FreeLibrary
GetDiskFreeSpaceA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CloseHandle
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetLastError
FindFirstFileA
FindClose
GetWindowsDirectoryA
IsBadWritePtr
GetSystemDirectoryA

user32

ExitWindowsEx
IsIconic
PostQuitMessage
DefWindowProcA
DialogBoxParamA
PostMessageA
EndDialog
CheckDlgButton
SetTimer
KillTimer
BringWindowToTop
GetLastActivePopup
FindWindowA
RegisterClassA
SendMessageA
GetWindow
LoadCursorA
AdjustWindowRectEx
LoadIconA
GetSysColor
ScreenToClient
GetWindowRect
GetDlgItem
EndPaint
BeginPaint
GetClientRect
FillRect
DrawTextA
GetSystemMetrics
SendDlgItemMessageA
GetFocus
GetDlgItemTextA
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
IsDlgButtonChecked
CheckRadioButton
SetFocus
GetParent
UpdateWindow
IsWindowVisible
InvalidateRect
CreateDialogParamA
RedrawWindow
PeekMessageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetDlgItemTextA
SetWindowTextA
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExA
GetWindowLongA
IsWindowEnabled
CallWindowProcA
ValidateRect
SetWindowLongA
GetClassNameA
MessageBoxA
EnableWindow
SendMessageTimeoutA
wsprintfA

gdi32

GetDeviceCaps
GetSystemPaletteEntries
CreatePalette
SetBkColor
DeleteDC
CreateFontIndirectA
GetStockObject
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
RealizePalette
SelectPalette
CreateHalftonePalette
CreateDIBPatternBrush
CreateSolidBrush
SetBrushOrgEx
SetStretchBltMode
StretchDIBits
SetTextColor
SetBkMode
ExtTextOutA
RemoveFontResourceA
AddFontResourceA

comdlg32

GetOpenFileNameA

advapi32

RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegCreateKeyA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegOpenKeyA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA

shell32

DragQueryFileA
DragFinish
ShellExecuteA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
DragAcceptFiles

ole32

CoGetMalloc
CoCreateInstance
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerFindFileA

comctl32

ord17

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c0d3dcb9050d245e01e6d855609d19fa.vir
.dll windows:4 windows x86 arch:x86

2bfa1336f29650ef347eb30fb86065a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\clientci\workspace\hips_v1.0_fix_compile\basic\Output\release\BDMUpdate.pdb

Imports

bdmbase

��E�ǀ�
+��
CloseZip
ZipExtract
CreateZip
?BDMTSCreateDir@BDMMisc@@YAHPB_W@Z
BDMIsDirectoryExist
BDMIsFileExist
_BDMGetFileMD5_2@8

bdmstringutils

?s_Null@CFormatArg@BDMStringUtils@@2V12@A
?GetSystemDirectory_DLL@BDMStringUtils@@YA_NPA_WH@Z
?GetWindowsDirectory_DLL@BDMStringUtils@@YA_NPA_WH@Z
?FormatStdString_DLL@BDMStringUtils@@YA_NPA_WPAKPB_WABVCFormatArg@1@333333333@Z

kernel32

FindFirstFileW
TerminateProcess
GetFileAttributesW
Process32NextW
GetLastError
DeleteFileW
Thread32First
GetModuleFileNameW
GetModuleHandleW
CreateFileW
SetFilePointer
ReadFile
]�uǆ�
2��?
�9Erǆ�
��u�ωE؉]�� a��eE��u��U��
FreeLibrary
lstrcmpiW
OpenProcess
GetProcAddress
CloseHandle
Sleep
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
GetTickCount
RemoveDirectoryW
Thread32Next
FindClose
CompareFileTime
SetLastError
FindNextFileW
GetThreadTimes
MoveFileExW
OpenThread
Process32FirstW
CreateToolhelp32Snapshot
ExpandEnvironmentStringsW
CopyFileW
��u��U��
��u�ωE��
��]��]��E�P�u��E��
LoadLibraryW
�E�u3��E�+E�S��P�M��j�E�PS�M��(��P��
��j�E�PS�M��(��P��
(��P��
j�E�Pj�M��P��
��P��
3�9]�t,�E�+E�;�s"W�M��E�GP�M��M� �G��9]�u3��E�+E�j��WSSW�M�Q�5��<�M��u��u�SPS��
�;�s"W�M��E�GP�M��M� �G��9]�u3��E�+E�j��WSSW�M�Q�5��<�M��u��u�SPS��
GP�M��M� �G��9]�u3��E�+E�j��WSSW�M�Q�5��<�M��u��u�SPS��
��E�+E�j��WSSW�M�Q�5��<�M��u��u�SPS��
�<�M��u��u�SPS��
MultiByteToWideChar

user32

PostThreadMessageW
FindWindowExW
wsprintfW

advapi32

CreateProcessAsUserW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
ControlService
OpenProcessToken
RegCreateKeyExW
DuplicateTokenEx
RegCloseKey
AdjustTokenPrivileges
RegDeleteValueW
LookupPrivilegeValueW
GetTokenInformation

shell32

ShellExecuteW

��

?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std�E��j ��<�E�興��ǆ�
E�興��ǆ�
��P��D��P��3�P�}��6��hx3P�E�P�E�� Wj��g��Wj��E��g��5�v<�E�P��|��uW�/
��5�v<�E�P��|��uW�/
�GWP��H
��G�Ћ��
��f
�^��ˉ�P��z��ˉ�<��^��ˉ�T��d��ˉ�\��~��ˉ�@��0��ˉ�8��<
��@��0��ˉ�8��<
�
��CSP�M��E
��
�p��d��P�M��E�軕��*��]��t��W��H��PS��x��M��P�
��t��W��H��PS��x��M��P�
��M��E�j_3��9�|��u3�� E�+�|��j��WSSW�M�Q�5��<��x��5�v<�5�v<SPS�z��
<SPS�z��
��Sj�M��b��$��D��ǀ�
��
�P��V�RQ�U�
]��i��M��t�M��5��2��D
RPSQS�M��P�E苈�
�c��PVS�M��X��P�b��M��J��E��h�
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
M��M��b��j��
�E�ǀ�
uǆ�
�ω�d��
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z

��eĉ}��}��}��e��e�wp�m��fvp�m��?

tǃ�
2��OB
�
Eĉ}��}��}��E��E�WP�M��FVP�M��?
��E��E�WP�M��FVP�M��?
E�WP�M��FVP�M��?
M��?
FVP��L��?
��?
�q��
M��L��M��l��7��E��}��}��}��E�P�M��E��h$��u��u�j��l��PV�M��P�e�
��l��7��E��}��}��}��E�P�M��E��h$��u��u�j��l��PV�M��P�e�
��E��}��}��}��E�P�M��E��h$��u��u�j��l��PV�M��P�e�
}��}��E�P�M��E��h$��u��u�j��l��PV�M��P�e�
��h$��u��u�j��l��PV�M��P�e�
��u�j��l��PV�M��P�e�
��P�e�
P�M��P�J�
�9}�t-�E�+E�;�s#S�M��m��E��DP�M��]��M�� C�΍M��E��M��N��E��]��9}�u�}�� E�+E��Ečs��ΉE��U��j��VWWV�M�Q�5��<3�E�M�QPW�učM�W��
�E��M��N��E��]��9}�u�}�� E�+E��Ečs��ΉE��U��j��VWWV�M�Q�5��<3�E�M�QPW�učM�W��
��9}�u�}�� E�+E��Ečs��ΉE��U��j��VWWV�M�Q�5��<3�E�M�QPW�učM�W��
�P�E�P�I�
��|��P�E�P�Z�
P�E�P�n�
�
��P�E�P��
E�P��
�
��{
�E�P��
�<��
�jj�WWj��M�Q�5��<��
��P�E�P��
�E�P��
�
p��P�E�P��
E�P��
�
��d��P�E�P��
P�
��j��h��P�E�P�"
E��ΉE��Ή�x��t��j��h��P�E�P�"
��Ή�p��*��Ή�`��Q
��y��Ή�\��Ή�p��*��Ή�`��Q
�s��Ή�d��y��Ή�\��Ή�p��*��Ή�`��Q
��Ή�|��s��Ή�d��y��Ή�\��Ή�p��*��Ή�`��Q
Ή�h��Ή�|��s��Ή�d��y��Ή�\��Ή�p��*��Ή�`��Q
��Ή�h��Ή�|��s��Ή�d��y��Ή�\��Ή�p��*��Ή�`��Q
�E�P�E�P�;�

��

M�Q�5��<3�E�M�QPW�učM�W��
čM�W��
�U��j��VWWV�M�Q�5��<3�E�M�QPW�učM�W��

�

�t�M�ǃ�
��4��K�M��j��
�
<��T��Vj�WjP��X��

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c1360b350ef9d50ac38b38e196c0e20e.vir
.dll windows:6 windows x64 arch:x64

5b3f6eed799ed54f159fb63a92fb0709

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c6:0e:11:c0:4c:c9:82:25:8d:28:b6:ce:5f:30:4d
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

30-11-2022 00:00

Not After

07-01-2026 23:59

Subject

SERIALNUMBER=2286585,CN=MobiSystems\, Inc.,O=MobiSystems\, Inc.,L=San Diego,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:54:98:8e:79:e6:58:d8:f3:c2:c1:af:7c:ec:6c:1a:d0:0d:b6:c8:d5:fb:46:18:88:8c:6b:4a:a7:06:f8:6d
Signer

Actual PE Digest

bc:54:98:8e:79:e6:58:d8:f3:c2:c1:af:7c:ec:6c:1a:d0:0d:b6:c8:d5:fb:46:18:88:8c:6b:4a:a7:06:f8:6d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

recv
connect
select
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
socket
send
closesocket

leptonica-1.83.1

pixErodeBrick
pixCreateTemplate
pixSetOrClearBorder
pixaAddPix
pixSeedfillBinary
pixCountConnComp
pixRasterop
pixAddSingleTextblock
bmfCreate
ptaAddPt
bmfDestroy
pixaConvertToPdf
pixaCreate
pixaDestroy
pixaGetCount
pixaClear
pixOtsuAdaptiveThreshold
pixSauvolaBinarizeTiled
pixGetDimensions
pixSetXRes
pixGetYRes
pixSetYRes
pixGetColormap
pixSetAllArbitrary
pixRemoveColormap
pixConvert24To32
pixGetPixel
pixSetPixel
pixClone
pixDestroy
pixCopy
pixOr
pixAnd
pixZero
ptaCreate
pixReadMem
pixScale
pixInvert
pixWriteMem
pixSetMasked
pixRenderPolyline
pixRenderPolylineArb
ptaDestroy
pixSetText
pixRotate180
boxGetGeometry
boxSetGeometry
boxaCreate
boxaDestroy
boxaAddBox
boxaGetCount
boxaGetBox
pixConnComp
pixCloseBrick
numaDestroy
numaGetCount
numaGetIValue
pixClearInRect
pixCountPixelsByRow
pixaGetBox
pixReduceRankBinaryCascade
boxaGetBoxGeometry
boxaReplaceBox
pixGenerateHalftoneMask
pixSetAll
pixCountPixels
pixClipBoxToForeground
pixaGetPix
pixaReplacePix
pixaDisplayTiledInColumns
pixExpandReplicate
pixOpenBrick
pixSetInRect
pixDistanceFunction
pixBlockconv
composeRGBPixel
pixGetSpp
pixSetSpp
pixCreate
pixDilateBrick
pixGetInputFormat
pixSubtract
pixaAddBox
pixRemoveAlpha
pixRead
findFileFormat
lept_free
pixGetXRes
pixRotateOrth
pixConvertTo8
pixGetDepth
pixWrite
pixConvertTo32
pixClipRectangle
pixForegroundFraction
pixGetData
pixGetWpl
pixRenderBoxArb
boxDestroy
boxCreate
pixGetHeight
pixGetWidth
findFileFormatBuffer
pixReadTiff
pixReadFromMultipageTiff
pixReadMemTiff
pixReadMemFromMultipageTiff
l_generateCIDataForPdf
pixGenerateCIData
l_CIDataDestroy
l_getFormattedDate
zlibCompress

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
FindClose
GetStartupInfoA
CreateSemaphoreA
CreateProcessA
WaitForSingleObject
ReleaseSemaphore
CloseHandle
GetModuleFileNameA
FindNextFileA
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileA

msvcp140

?id@?$ctype@D@std@@2V0locale@2@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uncaught_exception@std@@YA_NXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Cnd_do_broadcast_at_thread_exit
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Thrd_id
_Thrd_yield
_Thrd_join
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?classic@locale@std@@SAAEBV12@XZ
?_Xbad_alloc@std@@YAXXZ
_Query_perf_frequency
_Query_perf_counter
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Thrd_detach
_Xtime_get_ticks
_Thrd_sleep
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
_Mtx_lock

vcruntime140

__std_exception_destroy
_CxxThrowException
strchr
__std_terminate
memcmp
memcpy
memmove
memset
memchr
strstr
strrchr
__C_specific_handler
__current_exception
__std_type_info_destroy_list
__current_exception_context
__std_exception_copy
_purecall

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
strerror
_errno
_beginthreadex
terminate
exit
abort
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

strspn
strncpy
strpbrk
isspace
strcspn
strtok_s
strcmp

api-ms-win-crt-stdio-l1-1-0

fopen
ftell
fseek
__stdio_common_vsscanf
ungetc
__stdio_common_vsprintf
setvbuf
_fileno
_setmode
clearerr
_fseeki64
fsetpos
fread
fputc
__stdio_common_vfprintf
__stdio_common_vsprintf_s
fgets
fgetpos
__acrt_iob_func
fflush
fgetc
fwrite
fclose
_get_stream_buffer_pointers

api-ms-win-crt-math-l1-1-0

_fdclass
powf
pow
atan2f
_dclass
ceilf
expf
round
fmod
floorf
cosf
fmodf
sin
cos
sqrtf
atan2
sinf
log2f
exp
fmaxf
roundf
ceil
log
logf
tan
asinf
floor
sqrt

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-convert-l1-1-0

_ltoa
strtol
_ultoa
atoi

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_access

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

??0?$BBGrid@VBLOBNBOX@tesseract@@VBLOBNBOX_CLIST@2@UBLOBNBOX_C_IT@2@@tesseract@@QEAA@AEBV01@@Z
??0?$BBGrid@VBLOBNBOX@tesseract@@VBLOBNBOX_CLIST@2@UBLOBNBOX_C_IT@2@@tesseract@@QEAA@HAEBVICOORD@1@0@Z
??0?$BBGrid@VBLOBNBOX@tesseract@@VBLOBNBOX_CLIST@2@UBLOBNBOX_C_IT@2@@tesseract@@QEAA@XZ
??0?$BBGrid@VColPartition@tesseract@@VColPartition_CLIST@2@UColPartition_C_IT@2@@tesseract@@QEAA@AEBV01@@Z
??0?$BBGrid@VColPartition@tesseract@@VColPartition_CLIST@2@UColPartition_C_IT@2@@tesseract@@QEAA@HAEBVICOORD@1@0@Z
??0?$BBGrid@VColPartition@tesseract@@VColPartition_CLIST@2@UColPartition_C_IT@2@@tesseract@@QEAA@XZ
??0AlignedBlob@tesseract@@QEAA@AEBV01@@Z
??0AlignedBlob@tesseract@@QEAA@HAEBVICOORD@1@0@Z
??0BLOCK@tesseract@@QEAA@PEBD_NFFFFFF@Z
??0BLOCK@tesseract@@QEAA@XZ
??0BitVector@tesseract@@QEAA@AEBV01@@Z
??0BitVector@tesseract@@QEAA@H@Z
??0BitVector@tesseract@@QEAA@XZ
??0BlobGrid@tesseract@@QEAA@AEBV01@@Z
??0BlobGrid@tesseract@@QEAA@HAEBVICOORD@1@0@Z
??0CCUtil@tesseract@@QEAA@AEBV01@@Z
??0CCUtil@tesseract@@QEAA@XZ
??0CLIST@tesseract@@QEAA@XZ
??0CLIST_ITERATOR@tesseract@@QEAA@PEAVCLIST@1@@Z
??0CLIST_ITERATOR@tesseract@@QEAA@XZ
??0C_BLOB@tesseract@@QEAA@PEAVC_OUTLINE@1@@Z
??0C_BLOB@tesseract@@QEAA@PEAVC_OUTLINE_LIST@1@@Z
??0C_BLOB@tesseract@@QEAA@XZ
??0ChoiceIterator@tesseract@@QEAA@AEBVLTRResultIterator@1@@Z
??0Classify@tesseract@@QEAA@AEBV01@@Z
??0Classify@tesseract@@QEAA@XZ
??0ColPartition@tesseract@@QEAA@W4BlobRegionType@1@AEBVICOORD@1@@Z
??0ColPartition@tesseract@@QEAA@XZ
??0ColPartitionGrid@tesseract@@QEAA@AEBV01@@Z
??0ColPartitionGrid@tesseract@@QEAA@HAEBVICOORD@1@0@Z
??0ColPartitionGrid@tesseract@@QEAA@XZ
??0ColumnFinder@tesseract@@QEAA@HAEBVICOORD@1@0H_NNPEAVTabVector_LIST@1@2HH@Z
??0Convolve@tesseract@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HHH@Z
??0DENORM@tesseract@@QEAA@AEBV01@@Z
??0DENORM@tesseract@@QEAA@XZ
??0Dawg@tesseract@@IEAA@W4DawgType@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PermuterType@1@H@Z
??0Dawg@tesseract@@QEAA@AEBV01@@Z
??0Dict@tesseract@@QEAA@AEBV01@@Z
??0Dict@tesseract@@QEAA@PEAVCCUtil@1@@Z
??0DocumentCache@tesseract@@QEAA@_J@Z
??0DocumentData@tesseract@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0ELIST2@tesseract@@QEAA@XZ
??0ELIST2_ITERATOR@tesseract@@QEAA@PEAVELIST2@1@@Z
??0ELIST@tesseract@@QEAA@XZ
??0ELIST_ITERATOR@tesseract@@QEAA@PEAVELIST@1@@Z
??0ELIST_ITERATOR@tesseract@@QEAA@XZ
??0ERRCODE@tesseract@@QEAA@PEBD@Z
??0EquationDetect@tesseract@@QEAA@PEBD0@Z
??0EquationDetectBase@tesseract@@QEAA@AEBV01@@Z
??0EquationDetectBase@tesseract@@QEAA@XZ
??0FCOORD@tesseract@@QEAA@MM@Z
??0FCOORD@tesseract@@QEAA@VICOORD@1@@Z
??0FontInfoTable@tesseract@@QEAA@XZ
??0FullyConnected@tesseract@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HHW4NetworkType@1@@Z
??0GridBase@tesseract@@QEAA@AEBV01@@Z
??0GridBase@tesseract@@QEAA@HAEBVICOORD@1@0@Z
??0GridBase@tesseract@@QEAA@XZ
??0INT_TEMPLATES_STRUCT@tesseract@@QEAA@XZ
??0Image@tesseract@@QEAA@PEAUPix@@@Z
??0Image@tesseract@@QEAA@XZ
??0ImageData@tesseract@@QEAA@AEBV01@@Z
??0ImageData@tesseract@@QEAA@XZ
??0ImageData@tesseract@@QEAA@_NVImage@1@@Z
??0ImageThresholder@tesseract@@QEAA@AEBV01@@Z
??0ImageThresholder@tesseract@@QEAA@XZ
??0IndexMap@tesseract@@QEAA@AEBV01@@Z
??0IndexMap@tesseract@@QEAA@XZ
??0IndexMapBiDi@tesseract@@QEAA@AEBV01@@Z
??0IndexMapBiDi@tesseract@@QEAA@XZ
??0Input@tesseract@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVStaticShape@1@@Z
??0Input@tesseract@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@Z
??0IntFeatureSpace@tesseract@@QEAA@XZ
??0LLSQ@tesseract@@QEAA@XZ
??0LSTM@tesseract@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HHH_NW4NetworkType@1@@Z
??0LSTMRecognizer@tesseract@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0LSTMRecognizer@tesseract@@QEAA@XZ
??0LTRResultIterator@tesseract@@QEAA@AEBV01@@Z
??0LTRResultIterator@tesseract@@QEAA@PEAVPAGE_RES@1@PEAVTesseract@1@HHHHHH@Z
??0Maxpool@tesseract@@QEAA@PEBDHHH@Z
??0MutableIterator@tesseract@@QEAA@AEBV01@@Z
??0MutableIterator@tesseract@@QEAA@PEAVPAGE_RES@1@PEAVTesseract@1@HHHHHH@Z
??0Network@tesseract@@QEAA@AEBV01@@Z
??0Network@tesseract@@QEAA@W4NetworkType@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@Z
??0Network@tesseract@@QEAA@XZ
??0NetworkIO@tesseract@@QEAA@$$QEAV01@@Z
??0NetworkIO@tesseract@@QEAA@AEBV01@@Z
??0NetworkIO@tesseract@@QEAA@XZ
??0PAGE_RES_IT@tesseract@@QEAA@PEAVPAGE_RES@1@@Z
??0PAGE_RES_IT@tesseract@@QEAA@XZ
??0POLY_BLOCK@tesseract@@QEAA@AEBVTBOX@1@W4PolyBlockType@1@@Z
??0POLY_BLOCK@tesseract@@QEAA@PEAVICOORDELT_LIST@1@W4PolyBlockType@1@@Z
??0POLY_BLOCK@tesseract@@QEAA@XZ
??0PageIterator@tesseract@@QEAA@AEBV01@@Z
??0PageIterator@tesseract@@QEAA@PEAVPAGE_RES@1@PEAVTesseract@1@HHHHHH@Z
??0ParagraphModel@tesseract@@QEAA@W4ParagraphJustification@1@HHHH@Z
??0ParagraphModel@tesseract@@QEAA@XZ
??0Parallel@tesseract@@QEAA@PEBDW4NetworkType@1@@Z
??0ParamsModel@tesseract@@QEAA@$$QEAV01@@Z
??0ParamsModel@tesseract@@QEAA@AEBV01@@Z
??0ParamsModel@tesseract@@QEAA@PEBDAEBV?$vector@MV?$allocator@M@std@@@std@@@Z
??0ParamsModel@tesseract@@QEAA@XZ
??0Plumbing@tesseract@@QEAA@AEBV01@@Z
??0Plumbing@tesseract@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0QSPLINE@tesseract@@QEAA@AEBV01@@Z
??0QSPLINE@tesseract@@QEAA@HPEAHPEAN@Z
??0QSPLINE@tesseract@@QEAA@QEAHH00HH@Z
??0QSPLINE@tesseract@@QEAA@XZ
??0RecodeBeamSearch@tesseract@@QEAA@AEBV01@@Z
??0RecodeBeamSearch@tesseract@@QEAA@AEBVUnicharCompress@1@H_NPEAVDict@1@@Z
??0Reconfig@tesseract@@QEAA@PEBDHHH@Z
??0ResultIterator@tesseract@@IEAA@AEBVLTRResultIterator@1@@Z
??0ResultIterator@tesseract@@QEAA@AEBV01@@Z
??0Reversed@tesseract@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4NetworkType@1@@Z
??0STATS@tesseract@@QEAA@HH@Z
??0STATS@tesseract@@QEAA@XZ
??0SVEventHandler@tesseract@@QEAA@AEBV01@@Z
??0SVEventHandler@tesseract@@QEAA@XZ
??0SVMenuNode@tesseract@@AEAA@HPEBDH_N00@Z
??0SVMenuNode@tesseract@@QEAA@AEBV01@@Z
??0SVMenuNode@tesseract@@QEAA@XZ
??0ScrollView@tesseract@@QEAA@PEBDHHHHHH@Z
??0ScrollView@tesseract@@QEAA@PEBDHHHHHH_N0@Z
??0ScrollView@tesseract@@QEAA@PEBDHHHHHH_N@Z
??0Series@tesseract@@QEAA@PEBD@Z
??0Shape@tesseract@@QEAA@$$QEAV01@@Z
??0Shape@tesseract@@QEAA@AEBV01@@Z
??0Shape@tesseract@@QEAA@XZ
??0ShapeClassifier@tesseract@@QEAA@AEBV01@@Z
??0ShapeClassifier@tesseract@@QEAA@XZ
??0ShapeTable@tesseract@@QEAA@AEBV01@@Z
??0ShapeTable@tesseract@@QEAA@AEBVUNICHARSET@1@@Z
??0ShapeTable@tesseract@@QEAA@XZ
??0SquishedDawg@tesseract@@QEAA@AEBV01@@Z
??0SquishedDawg@tesseract@@QEAA@PEA_KHW4DawgType@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PermuterType@1@HH@Z
??0SquishedDawg@tesseract@@QEAA@PEBDW4DawgType@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PermuterType@1@H@Z
??0SquishedDawg@tesseract@@QEAA@W4DawgType@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PermuterType@1@H@Z
??0StructuredTable@tesseract@@QEAA@AEBV01@@Z
??0StructuredTable@tesseract@@QEAA@XZ
??0TBOX@tesseract@@QEAA@FFFF@Z
??0TBOX@tesseract@@QEAA@VFCOORD@1@@Z
??0TBOX@tesseract@@QEAA@VICOORD@1@0@Z
??0TBOX@tesseract@@QEAA@XZ
??0TFile@tesseract@@QEAA@XZ
??0TO_BLOCK@tesseract@@QEAA@PEAVBLOCK@1@@Z
??0TO_BLOCK@tesseract@@QEAA@XZ
??0TabFind@tesseract@@QEAA@HAEBVICOORD@1@0PEAVTabVector_LIST@1@HHH@Z
??0TableFinder@tesseract@@QEAA@AEBV01@@Z
??0TableFinder@tesseract@@QEAA@XZ
??0TableRecognizer@tesseract@@QEAA@XZ
??0TessAltoRenderer@tesseract@@QEAA@$$QEAV01@@Z
??0TessAltoRenderer@tesseract@@QEAA@AEBV01@@Z
??0TessAltoRenderer@tesseract@@QEAA@PEBD@Z
??0TessBaseAPI@tesseract@@QEAA@XZ
??0TessBoxTextRenderer@tesseract@@QEAA@$$QEAV01@@Z
??0TessBoxTextRenderer@tesseract@@QEAA@AEBV01@@Z
??0TessBoxTextRenderer@tesseract@@QEAA@PEBD@Z
??0TessClassifier@tesseract@@QEAA@AEBV01@@Z
??0TessClassifier@tesseract@@QEAA@_NPEAVClassify@1@@Z
??0TessHOcrRenderer@tesseract@@QEAA@$$QEAV01@@Z
??0TessHOcrRenderer@tesseract@@QEAA@AEBV01@@Z
??0TessHOcrRenderer@tesseract@@QEAA@PEBD@Z
??0TessHOcrRenderer@tesseract@@QEAA@PEBD_N@Z
??0TessLSTMBoxRenderer@tesseract@@QEAA@$$QEAV01@@Z
??0TessLSTMBoxRenderer@tesseract@@QEAA@AEBV01@@Z
??0TessLSTMBoxRenderer@tesseract@@QEAA@PEBD@Z
??0TessOsdRenderer@tesseract@@QEAA@$$QEAV01@@Z
??0TessOsdRenderer@tesseract@@QEAA@AEBV01@@Z
??0TessOsdRenderer@tesseract@@QEAA@PEBD@Z
??0TessPDFRenderer@tesseract@@QEAA@$$QEAV01@@Z
??0TessPDFRenderer@tesseract@@QEAA@AEBV01@@Z
??0TessPDFRenderer@tesseract@@QEAA@PEBD0_N@Z
??0TessResultRenderer@tesseract@@IEAA@PEBD0@Z
??0TessResultRenderer@tesseract@@QEAA@AEBV01@@Z
??0TessTextRenderer@tesseract@@QEAA@$$QEAV01@@Z
??0TessTextRenderer@tesseract@@QEAA@AEBV01@@Z
??0TessTextRenderer@tesseract@@QEAA@PEBD@Z
??0TessTsvRenderer@tesseract@@QEAA@$$QEAV01@@Z
??0TessTsvRenderer@tesseract@@QEAA@AEBV01@@Z
??0TessTsvRenderer@tesseract@@QEAA@PEBD@Z
??0TessTsvRenderer@tesseract@@QEAA@PEBD_N@Z
??0TessUnlvRenderer@tesseract@@QEAA@$$QEAV01@@Z
??0TessUnlvRenderer@tesseract@@QEAA@AEBV01@@Z
??0TessUnlvRenderer@tesseract@@QEAA@PEBD@Z
??0TessWordStrBoxRenderer@tesseract@@QEAA@$$QEAV01@@Z
??0TessWordStrBoxRenderer@tesseract@@QEAA@AEBV01@@Z
??0TessWordStrBoxRenderer@tesseract@@QEAA@PEBD@Z
??0TessdataManager@tesseract@@QEAA@AEBV01@@Z
??0TessdataManager@tesseract@@QEAA@P6A_NPEBDPEAV?$vector@DV?$allocator@D@std@@@std@@@Z@Z
??0TessdataManager@tesseract@@QEAA@XZ
??0Tesseract@tesseract@@QEAA@XZ
??0TextlineProjection@tesseract@@QEAA@H@Z
??0TrainingSample@tesseract@@QEAA@AEBV01@@Z
??0TrainingSample@tesseract@@QEAA@XZ
??0Trie@tesseract@@QEAA@AEBV01@@Z
??0Trie@tesseract@@QEAA@W4DawgType@1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PermuterType@1@HH@Z
??0UNICHAR@tesseract@@QEAA@H@Z
??0UNICHAR@tesseract@@QEAA@PEBDH@Z
??0UNICHAR@tesseract@@QEAA@XZ
??0UNICHARMAP@tesseract@@QEAA@XZ
??0UNICHARSET@tesseract@@QEAA@AEBV01@@Z
??0UNICHARSET@tesseract@@QEAA@XZ
??0UNICHAR_PROPERTIES@UNICHARSET@tesseract@@QEAA@$$QEAU012@@Z
??0UNICHAR_PROPERTIES@UNICHARSET@tesseract@@QEAA@AEBU012@@Z
??0UNICHAR_PROPERTIES@UNICHARSET@tesseract@@QEAA@XZ
??0UnicharCompress@tesseract@@QEAA@AEBV01@@Z
??0UnicharCompress@tesseract@@QEAA@XZ
??0WERD@tesseract@@QEAA@PEAVC_BLOB_LIST@1@EPEBD@Z
??0WERD@tesseract@@QEAA@PEAVC_BLOB_LIST@1@PEAV01@@Z
??0WERD@tesseract@@QEAA@XZ
??0WERD_CHOICE@tesseract@@QEAA@AEBV01@@Z
??0WERD_CHOICE@tesseract@@QEAA@PEBD0MMEAEBVUNICHARSET@1@@Z
??0WERD_CHOICE@tesseract@@QEAA@PEBDAEBVUNICHARSET@1@@Z
??0WERD_CHOICE@tesseract@@QEAA@PEBVUNICHARSET@1@@Z
??0WERD_CHOICE@tesseract@@QEAA@PEBVUNICHARSET@1@H@Z
??0WERD_RES@tesseract@@QEAA@AEBV01@@Z
??0WERD_RES@tesseract@@QEAA@PEAVWERD@1@@Z
??0WERD_RES@tesseract@@QEAA@XZ
??0Wordrec@tesseract@@QEAA@XZ
??0const_iterator@UNICHAR@tesseract@@AEAA@PEBD@Z
??1?$BBGrid@VBLOBNBOX@tesseract@@VBLOBNBOX_CLIST@2@UBLOBNBOX_C_IT@2@@tesseract@@UEAA@XZ
??1?$BBGrid@VColPartition@tesseract@@VColPartition_CLIST@2@UColPartition_C_IT@2@@tesseract@@UEAA@XZ
??1AlignedBlob@tesseract@@UEAA@XZ
??1BLOCK@tesseract@@QEAA@XZ
??1BitVector@tesseract@@QEAA@XZ
??1BlobGrid@tesseract@@UEAA@XZ
??1CCUtil@tesseract@@UEAA@XZ
??1CLIST@tesseract@@QEAA@XZ
??1C_BLOB@tesseract@@QEAA@XZ
??1ChoiceIterator@tesseract@@QEAA@XZ
??1Classify@tesseract@@UEAA@XZ
??1ColPartition@tesseract@@QEAA@XZ
??1ColPartitionGrid@tesseract@@UEAA@XZ
??1ColumnFinder@tesseract@@UEAA@XZ
??1DENORM@tesseract@@QEAA@XZ
??1Dawg@tesseract@@UEAA@XZ
??1Dict@tesseract@@QEAA@XZ
??1DocumentCache@tesseract@@QEAA@XZ
??1DocumentData@tesseract@@QEAA@XZ
??1EquationDetect@tesseract@@UEAA@XZ
??1EquationDetectBase@tesseract@@UEAA@XZ
??1FontInfoTable@tesseract@@QEAA@XZ
??1GridBase@tesseract@@UEAA@XZ
??1INT_TEMPLATES_STRUCT@tesseract@@QEAA@XZ
??1ImageData@tesseract@@QEAA@XZ
??1ImageThresholder@tesseract@@UEAA@XZ
??1IndexMap@tesseract@@UEAA@XZ
??1IndexMapBiDi@tesseract@@UEAA@XZ
??1LSTMRecognizer@tesseract@@QEAA@XZ
??1LTRResultIterator@tesseract@@UEAA@XZ
??1MutableIterator@tesseract@@UEAA@XZ
??1Network@tesseract@@UEAA@XZ
??1NetworkIO@tesseract@@QEAA@XZ
??1POLY_BLOCK@tesseract@@QEAA@XZ
??1PageIterator@tesseract@@UEAA@XZ
??1ParamsModel@tesseract@@QEAA@XZ
??1Plumbing@tesseract@@UEAA@XZ
??1QSPLINE@tesseract@@QEAA@XZ
??1RecodeBeamSearch@tesseract@@QEAA@XZ
??1ResultIterator@tesseract@@UEAA@XZ
??1STATS@tesseract@@QEAA@XZ
??1SVEventHandler@tesseract@@UEAA@XZ
??1SVMenuNode@tesseract@@QEAA@XZ
??1ScrollView@tesseract@@QEAA@XZ
??1Shape@tesseract@@QEAA@XZ
??1ShapeClassifier@tesseract@@UEAA@XZ
??1ShapeTable@tesseract@@QEAA@XZ
??1SquishedDawg@tesseract@@UEAA@XZ
??1StructuredTable@tesseract@@QEAA@XZ
??1TFile@tesseract@@QEAA@XZ
??1TO_BLOCK@tesseract@@QEAA@XZ
??1TabFind@tesseract@@UEAA@XZ
??1TableFinder@tesseract@@QEAA@XZ
??1TessAltoRenderer@tesseract@@UEAA@XZ
??1TessBaseAPI@tesseract@@UEAA@XZ
??1TessBoxTextRenderer@tesseract@@UEAA@XZ
??1TessClassifier@tesseract@@UEAA@XZ
??1TessHOcrRenderer@tesseract@@UEAA@XZ
??1TessLSTMBoxRenderer@tesseract@@UEAA@XZ
??1TessOsdRenderer@tesseract@@UEAA@XZ
??1TessPDFRenderer@tesseract@@UEAA@XZ
??1TessResultRenderer@tesseract@@UEAA@XZ
??1TessTextRenderer@tesseract@@UEAA@XZ
??1TessTsvRenderer@tesseract@@UEAA@XZ
??1TessUnlvRenderer@tesseract@@UEAA@XZ
??1TessWordStrBoxRenderer@tesseract@@UEAA@XZ
??1TessdataManager@tesseract@@QEAA@XZ
??1Tesseract@tesseract@@UEAA@XZ
??1TextlineProjection@tesseract@@QEAA@XZ
??1TrainingSample@tesseract@@QEAA@XZ
??1Trie@tesseract@@UEAA@XZ
??1UNICHARMAP@tesseract@@QEAA@XZ
??1UNICHARSET@tesseract@@QEAA@XZ
??1UNICHAR_PROPERTIES@UNICHARSET@tesseract@@QEAA@XZ
??1UnicharCompress@tesseract@@QEAA@XZ
??1WERD@tesseract@@QEAA@XZ
??1WERD_CHOICE@tesseract@@QEAA@XZ
??1WERD_RES@tesseract@@QEAA@XZ
??1Wordrec@tesseract@@UEAA@XZ
??4?$BBGrid@VBLOBNBOX@tesseract@@VBLOBNBOX_CLIST@2@UBLOBNBOX_C_IT@2@@tesseract@@QEAAAEAV01@AEBV01@@Z
??4?$BBGrid@VColPartition@tesseract@@VColPartition_CLIST@2@UColPartition_C_IT@2@@tesseract@@QEAAAEAV01@AEBV01@@Z
??4AlignedBlob@tesseract@@QEAAAEAV01@AEBV01@@Z
??4BLOCK@tesseract@@QEAAAEAV01@AEBV01@@Z
??4BitVector@tesseract@@QEAAAEAV01@AEBV01@@Z
??4BlobGrid@tesseract@@QEAAAEAV01@AEBV01@@Z
??4CCUtil@tesseract@@QEAAAEAV01@AEBV01@@Z
??4CHAR_FRAGMENT@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4CHAR_FRAGMENT@tesseract@@QEAAAEAV01@AEBV01@@Z
??4CLIST@tesseract@@QEAAAEAV01@AEBV01@@Z
??4CLIST_ITERATOR@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4CLIST_ITERATOR@tesseract@@QEAAAEAV01@AEBV01@@Z
??4C_BLOB@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ChoiceIterator@tesseract@@QEAAAEAV01@AEBV01@@Z
??4Classify@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ColPartitionGrid@tesseract@@QEAAAEAV01@AEBV01@@Z
??4DENORM@tesseract@@QEAAAEAV01@AEBV01@@Z
??4Dawg@tesseract@@QEAAAEAV01@AEBV01@@Z
??4Dict@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ELIST2@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4ELIST2@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ELIST2_ITERATOR@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4ELIST2_ITERATOR@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ELIST@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4ELIST@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ELIST_ITERATOR@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4ELIST_ITERATOR@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ERRCODE@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4ERRCODE@tesseract@@QEAAAEAV01@AEBV01@@Z
??4EquationDetectBase@tesseract@@QEAAAEAV01@AEBV01@@Z
??4FCOORD@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4FCOORD@tesseract@@QEAAAEAV01@AEBV01@@Z
??4GridBase@tesseract@@QEAAAEAV01@AEBV01@@Z
??4INT_TEMPLATES_STRUCT@tesseract@@QEAAAEAU01@AEBU01@@Z
??4Image@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4Image@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ImageData@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ImageThresholder@tesseract@@QEAAAEAV01@AEBV01@@Z
??4IndexMap@tesseract@@QEAAAEAV01@AEBV01@@Z
??4IndexMapBiDi@tesseract@@QEAAAEAV01@AEBV01@@Z
??4IntFeatureSpace@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4IntFeatureSpace@tesseract@@QEAAAEAV01@AEBV01@@Z
??4IntSimdMatrix@tesseract@@QEAAAEAU01@$$QEAU01@@Z
??4IntSimdMatrix@tesseract@@QEAAAEAU01@AEBU01@@Z
??4LLSQ@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4LLSQ@tesseract@@QEAAAEAV01@AEBV01@@Z
??4LTRResultIterator@tesseract@@QEAAAEAV01@AEBV01@@Z
??4MutableIterator@tesseract@@QEAAAEAV01@AEBV01@@Z
??4Network@tesseract@@QEAAAEAV01@AEBV01@@Z
??4NetworkIO@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4NetworkIO@tesseract@@QEAAAEAV01@AEBV01@@Z
??4PAGE_RES_IT@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4PAGE_RES_IT@tesseract@@QEAAAEAV01@AEBV01@@Z
??4PageIterator@tesseract@@QEAAAEBV01@AEBV01@@Z
??4ParagraphModel@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4ParagraphModel@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ParamUtils@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4ParamUtils@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ParamsModel@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4ParamsModel@tesseract@@QEAAAEAV01@AEBV01@@Z
??4Plumbing@tesseract@@QEAAAEAV01@AEBV01@@Z
??4QSPLINE@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ResultIterator@tesseract@@QEAAAEAV01@AEBV01@@Z
??4STATS@tesseract@@QEAAAEAV01@AEBV01@@Z
??4SVEventHandler@tesseract@@QEAAAEAV01@AEBV01@@Z
??4SVMenuNode@tesseract@@QEAAAEAV01@AEBV01@@Z
??4Shape@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4Shape@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ShapeClassifier@tesseract@@QEAAAEAV01@AEBV01@@Z
??4ShapeTable@tesseract@@QEAAAEAV01@AEBV01@@Z
??4SquishedDawg@tesseract@@QEAAAEAV01@AEBV01@@Z
??4StructuredTable@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TBOX@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4TBOX@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TFile@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TableFinder@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TableRecognizer@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TessAltoRenderer@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4TessAltoRenderer@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TessBoxTextRenderer@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4TessBoxTextRenderer@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TessClassifier@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TessHOcrRenderer@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4TessHOcrRenderer@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TessLSTMBoxRenderer@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4TessLSTMBoxRenderer@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TessOsdRenderer@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4TessOsdRenderer@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TessPDFRenderer@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4TessPDFRenderer@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TessResultRenderer@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TessTextRenderer@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4TessTextRenderer@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TessTsvRenderer@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4TessTsvRenderer@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TessUnlvRenderer@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4TessUnlvRenderer@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TessWordStrBoxRenderer@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4TessWordStrBoxRenderer@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TessdataManager@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TextlineProjection@tesseract@@QEAAAEAV01@AEBV01@@Z
??4TrainingSample@tesseract@@QEAAAEAV01@AEBV01@@Z
??4Trie@tesseract@@QEAAAEAV01@AEBV01@@Z
??4UNICHAR@tesseract@@QEAAAEAV01@$$QEAV01@@Z
??4UNICHAR@tesseract@@QEAAAEAV01@AEBV01@@Z
??4UNICHARMAP@tesseract@@QEAAAEAV01@AEBV01@@Z
??4UNICHARSET@tesseract@@QEAAAEAV01@AEBV01@@Z
??4UNICHAR_PROPERTIES@UNICHARSET@tesseract@@QEAAAEAU012@$$QEAU012@@Z
??4UNICHAR_PROPERTIES@UNICHARSET@tesseract@@QEAAAEAU012@AEBU012@@Z
??4UnicharCompress@tesseract@@QEAAAEAV01@AEBV01@@Z
??4WERD@tesseract@@QEAAAEAV01@AEBV01@@Z
??4WERD_CHOICE@tesseract@@QEAAAEAV01@AEBV01@@Z
??4WERD_RES@tesseract@@QEAAAEAV01@AEBV01@@Z
??4const_iterator@UNICHAR@tesseract@@QEAAAEAV012@$$QEAV012@@Z
??4const_iterator@UNICHAR@tesseract@@QEAAAEAV012@AEBV012@@Z
??8FCOORD@tesseract@@QEBA_NAEBV01@@Z
??8Image@tesseract@@QEBA_N$$T@Z
??8PAGE_RES_IT@tesseract@@QEBA_NAEBV01@@Z
??8Shape@tesseract@@QEBA_NAEBV01@@Z
??8TBOX@tesseract@@QEBA_NAEBV01@@Z
??9FCOORD@tesseract@@QEBA_NAEBV01@@Z
??9Image@tesseract@@QEBA_N$$T@Z
??9PAGE_RES_IT@tesseract@@QEBA_NAEBV01@@Z
??ABitVector@tesseract@@QEBA_NH@Z
??AShape@tesseract@@QEBAAEBUUnicharAndFonts@1@H@Z
??BImage@tesseract@@QEAAPEAPEAUPix@@XZ
??BImage@tesseract@@QEBAPEAUPix@@XZ
??BImage@tesseract@@QEBA_NXZ
??CImage@tesseract@@QEBAPEAUPix@@XZ
??Dconst_iterator@UNICHAR@tesseract@@QEBAHXZ
??Econst_iterator@UNICHAR@tesseract@@QEAAAEAV012@XZ
??IImage@tesseract@@QEBA?AV01@V01@@Z
??UImage@tesseract@@QEBA?AV01@V01@@Z
??YWERD_CHOICE@tesseract@@QEAAAEAV01@AEBV01@@Z
??_4BitVector@tesseract@@QEAAXAEBV01@@Z
??_4Image@tesseract@@QEAAAEAV01@V01@@Z
??_5BitVector@tesseract@@QEAAXAEBV01@@Z
??_5Image@tesseract@@QEAAAEAV01@V01@@Z
??_6BitVector@tesseract@@QEAAXAEBV01@@Z
??_7?$BBGrid@VBLOBNBOX@tesseract@@VBLOBNBOX_CLIST@2@UBLOBNBOX_C_IT@2@@tesseract@@6B@
??_7?$BBGrid@VColPartition@tesseract@@VColPartition_CLIST@2@UColPartition_C_IT@2@@tesseract@@6B@
??_7AlignedBlob@tesseract@@6B@
??_7BlobGrid@tesseract@@6B@
??_7CCUtil@tesseract@@6B@
??_7Classify@tesseract@@6B@
??_7ColPartitionGrid@tesseract@@6B@
??_7ColumnFinder@tesseract@@6B@
??_7Dawg@tesseract@@6B@
??_7EquationDetect@tesseract@@6B@
??_7EquationDetectBase@tesseract@@6B@
??_7GridBase@tesseract@@6B@
??_7ImageThresholder@tesseract@@6B@
??_7IndexMap@tesseract@@6B@
??_7IndexMapBiDi@tesseract@@6B@
??_7LTRResultIterator@tesseract@@6B@
??_7MutableIterator@tesseract@@6B@
??_7Network@tesseract@@6B@
??_7PageIterator@tesseract@@6B@
??_7Plumbing@tesseract@@6B@
??_7ResultIterator@tesseract@@6B@
??_7SVEventHandler@tesseract@@6B@
??_7ShapeClassifier@tesseract@@6B@
??_7SquishedDawg@tesseract@@6B@
??_7TabFind@tesseract@@6B@
??_7TessAltoRenderer@tesseract@@6B@
??_7TessBaseAPI@tesseract@@6B@
??_7TessBoxTextRenderer@tesseract@@6B@
??_7TessClassifier@tesseract@@6B@
??_7TessHOcrRenderer@tesseract@@6B@
??_7TessLSTMBoxRenderer@tesseract@@6B@
??_7TessOsdRenderer@tesseract@@6B@
??_7TessPDFRenderer@tesseract@@6B@
??_7TessResultRenderer@tesseract@@6B@
??_7TessTextRenderer@tesseract@@6B@
??_7TessTsvRenderer@tesseract@@6B@
??_7TessUnlvRenderer@tesseract@@6B@
??_7TessWordStrBoxRenderer@tesseract@@6B@
??_7Tesseract@tesseract@@6B@
??_7Trie@tesseract@@6B@
??_7Wordrec@tesseract@@6B@
?Absorb@ColPartition@tesseract@@QEAAXPEAV12@AEBV?$function@$$A6A_NH@Z@std@@@Z
?AbsorbNearbyLines@StructuredTable@tesseract@@IEAAXXZ
?AcceptableChoice@Dict@tesseract@@QEAA_NAEBVWERD_CHOICE@2@W4XHeightConsistencyEnum@2@@Z
?AcceptableResult@Dict@tesseract@@QEBA_NPEAVWERD_RES@2@@Z
?AccumulatePartDistances@ColPartitionGrid@tesseract@@AEAAXAEBVColPartition@2@AEBVICOORD@2@AEBVTBOX@2@VImage@2@2AEBVFCOORD@2@_NPEAV?$vector@HV?$allocator@H@std@@@std@@@Z
?AdaptToChar@Classify@tesseract@@QEAAXPEAUTBLOB@2@HHMPEAVADAPT_TEMPLATES_STRUCT@2@@Z
?AdaptToWordStr@TessBaseAPI@tesseract@@QEAA_NW4PageSegMode@2@PEBD@Z
?AdaptableWord@Classify@tesseract@@QEAA_NPEAVWERD_RES@2@@Z
?AdaptiveClassifier@Classify@tesseract@@QEAAXPEAUTBLOB@2@PEAVBLOB_CHOICE_LIST@2@@Z
?AdaptiveClassifierIsEmpty@Classify@tesseract@@QEBA_NXZ
?AdaptiveClassifierIsFull@Classify@tesseract@@QEBA_NXZ
?AddAllToFloat@NetworkIO@tesseract@@QEAAXAEBV12@@Z
?AddBox@ColPartition@tesseract@@QEAAXPEAVBLOBNBOX@2@@Z
?AddBoxes@ImageData@tesseract@@AEAA_NPEBD@Z
?AddBoxes@ImageData@tesseract@@QEAAXAEBV?$vector@VTBOX@tesseract@@V?$allocator@VTBOX@tesseract@@@std@@@std@@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@4@AEBV?$vector@HV?$allocator@H@std@@@4@@Z
?AddChild@SVMenuNode@tesseract@@AEAAXPEAV12@@Z
?AddChild@SVMenuNode@tesseract@@QEAAPEAV12@PEBD@Z
?AddChild@SVMenuNode@tesseract@@QEAAXPEBDH00@Z
?AddChild@SVMenuNode@tesseract@@QEAAXPEBDH0@Z
?AddChild@SVMenuNode@tesseract@@QEAAXPEBDH@Z
?AddChild@SVMenuNode@tesseract@@QEAAXPEBDHH@Z
?AddConfigToClass@tesseract@@YAHPEAUCLASS_STRUCT@1@@Z

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 662KB - Virtual size: 661KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c15a75b213490824ad6c4d745d02c618.vir
.exe windows:5 windows x86 arch:x86

2e80c00d68efcf6d11ca6cbbc73bd947

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_c1e2d5a865690ea636246d57fc3e7721.vir
.exe windows:5 windows x86 arch:x86

f566aaff05ea306610d411e2ed3f7e54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveOutSetPlaybackRate
waveOutWrite
waveOutOpen
waveOutPrepareHeader
waveOutGetDevCapsA

kernel32

SystemTimeToFileTime
GlobalFlags
GetOEMCP
GetFileAttributesA
GetFileSizeEx
GetFileTime
WritePrivateProfileStringA
GetCurrentDirectoryA
SetErrorMode
RtlUnwind
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCommandLineA
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
GetStdHandle
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetModuleHandleW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
MoveFileA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
lstrcmpA
GetModuleFileNameW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
GlobalAlloc
ExitProcess
CreateMutexA
GetPrivateProfileIntA
GetSystemTime
DeleteFileA
CreateThread
Sleep
GetPrivateProfileStringA
GetModuleFileNameA
FindFirstFileA
FindNextFileA
FindClose
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
FreeResource
GetCPInfo
lstrlenA
lstrcmpiA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersion
GetVersionExA
ResetEvent
CloseHandle
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
lstrlenW
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetTickCount
SetEvent
WaitForSingleObject
MultiByteToWideChar
DeviceIoControl
InterlockedCompareExchange
GetEnvironmentVariableA
GetLocalTime
SearchPathA
OpenSemaphoreA
GetACP
IsDBCSLeadByteEx

user32

RegisterClipboardFormatA
PostThreadMessageA
GetWindowThreadProcessId
EndPaint
BeginPaint
GetMessageA
ValidateRect
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
UpdateWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DeferWindowPos
MessageBeep
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
IntersectRect
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
SetRectEmpty
DestroyMenu
GetMenuStringA
DispatchMessageA
PeekMessageA
TranslateMessage
GetPropA
GetLastActivePopup
GetKeyState
IsWindowVisible
GetWindow
GetFocus
EnumDisplaySettingsA
GetCapture
SetForegroundWindow
IsIconic
DrawIcon
SetWindowLongA
SetFocus
GetSystemMenu
GetWindowDC
IsWindow
PtInRect
RegisterWindowMessageA
GetForegroundWindow
ReleaseCapture
GetCursorPos
LoadCursorA
LoadIconA
SetCapture
KillTimer
SetTimer
ScreenToClient
IsZoomed
SetWindowRgn
DestroyCursor
LoadImageA
SetCursor
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
ClientToScreen
GetClientRect
GetWindowRect
UnregisterClassA
IsRectEmpty
CharUpperA
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CreateDialogIndirectParamA
EqualRect
EndDialog
SendMessageA
DrawFocusRect
FrameRect
OffsetRect
InflateRect
GetIconInfo
CreateIconIndirect
DrawStateA
IsMenu
GetMenuItemInfoA
GetSystemMetrics
SystemParametersInfoA
DrawIconEx
DestroyIcon
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetSysColorBrush
GetSysColor
EnableWindow
GetDesktopWindow
ReleaseDC
GetDC
RemoveMenu
ModifyMenuA
GetSubMenu
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
CreatePopupMenu
CreateMenu
DrawEdge
FillRect
LoadBitmapA
CopyRect
SetRect
PostMessageA
LoadMenuA
GetMenu

gdi32

SetBkMode
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetTextColor
GetRgnBox
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
CreateSolidBrush
SetMapMode
CreatePen
RestoreDC
SaveDC
GetBkColor
GetClipBox
StretchDIBits
CreateFontA
GetCharWidthA
RoundRect
CreateRoundRectRgn
CreateRectRgn
CombineRgn
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
GetTextExtentPoint32W
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetTextExtentPoint32A
SetPixel
GetPixel
BitBlt
PatBlt
Rectangle
Ellipse
GetBkMode
GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateFontIndirectA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegEnumKeyA
RegQueryValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
OleUninitialize
CoTaskMemFree
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleLoadPicture
SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit

reacheditor

Release_Cvt
SetOutputParam
AbortCvt
UnInit_Cvt
Init_Cvt
AbortEditor
Release_Editor
StartEditor
SetEditorParam
Init_Editor
StartCvt

ddraw

DirectDrawCreate

wmvcore

WMCreateReader
WMCreateEditor

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 150KB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_a
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_i
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_l
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_f
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_l
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_p
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_a
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_r
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_s
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 398KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c25b48a07f001073c1ba54fb65510fd5.vir
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 500KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c352d030b244fc5e2df4a91783ead093.vir
.exe windows:5 windows x86 arch:x86

7a06bdb902da41a74668875a6c42864b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

svchost.pdb

Imports

advapi32

RegQueryValueExW
SetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey
RegOpenKeyExW
StartServiceCtrlDispatcherW

kernel32

HeapFree
GetLastError
WideCharToMultiByte
lstrlenW
LocalFree
GetCurrentProcess
GetCurrentThread
GetProcAddress
LoadLibraryExW
LeaveCriticalSection
HeapAlloc
EnterCriticalSection
LCMapStringW
FreeLibrary
lstrcpyW
ExpandEnvironmentStringsW
lstrcmpiW
ExitProcess
GetCommandLineW
InitializeCriticalSection
GetProcessHeap
SetErrorMode
SetUnhandledExceptionFilter
RegisterWaitForSingleObject
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
LocalAlloc
lstrcmpW
DelayLoadFailureHook

ntdll

NtQuerySecurityObject
RtlFreeHeap
NtOpenKey
wcscat
wcscpy
RtlAllocateHeap
RtlCompareUnicodeString
RtlInitUnicodeString
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
NtClose
RtlSubAuthorityCountSid
RtlGetDaclSecurityDescriptor
RtlQueryInformationAcl
RtlGetAce
RtlImageNtHeader
wcslen
RtlUnhandledExceptionFilter
RtlCopySid

rpcrt4

RpcServerUnregisterIfEx
RpcMgmtWaitServerListen
RpcMgmtSetServerStackSize
RpcServerUnregisterIf
RpcServerListen
RpcServerUseProtseqEpW
RpcServerRegisterIf
I_RpcMapWin32Status
RpcMgmtStopServerListening

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_c3a204bdd0841e4ac8223e27171a7c34.vir
.exe windows:6 windows x64 arch:x64

ce1183cc150987a99aef5749f22af81e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\build\output\unity\unity\artifacts\WindowsPlayer\Win64_VS2019_nondev_m_r\WindowsPlayer_player_Master_mono_x64.pdb

Imports

unityplayer

UnityMain

kernel32

HeapAlloc
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
CloseHandle
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c48114e791a49b4e01fe4c784e3d0b82.vir
.dll windows:4 windows x86 arch:x86

3db54d3a2a95745e34199f49fc9d2a47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

??0CESysUnion@@QAE@ABV0@@Z
??0CESysUnion@@QAE@XZ
??0CESysUnions@@QAE@ABV0@@Z
??0CESysUnions@@QAE@XZ
??1CESysUnion@@QAE@XZ
??1CESysUnions@@QAE@XZ
??4CESysUnion@@QAEAAV0@ABV0@@Z
??4CESysUnions@@QAEAAV0@ABV0@@Z
?Add@CESysUnions@@QAEXVCESysUnion@@@Z
?Char@CESysUnion@@QAEDXZ
?Clear@CESysUnion@@QAEXXZ
?Clear@CESysUnions@@QAEXXZ
?Copy@CESysUnion@@AAEXABV1@@Z
?Del@CESysUnions@@QAEXK@Z
?Del@CESysUnions@@QAEXKK@Z
?Double@CESysUnion@@QAENXZ
?Float@CESysUnion@@QAEMXZ
?Get@CESysUnions@@QAEJKKPAV1@@Z
?Get@CESysUnions@@QAEJKPAVCESysUnion@@@Z
?GetPri@CESysUnions@@QAEJKKPAV1@@Z
?Init@CESysUnion@@AAEXXZ
?Long@CESysUnion@@QAEJXZ
?MsgFrom@CESysUnions@@QAEXPAD@Z
?MsgTo@CESysUnions@@QAEJPAD@Z
?Search@CESysUnions@@QAEJK@Z
?Set@CESysUnion@@QAEXKD@Z
?Set@CESysUnion@@QAEXKE@Z
?Set@CESysUnion@@QAEXKF@Z
?Set@CESysUnion@@QAEXKG@Z
?Set@CESysUnion@@QAEXKJ@Z
?Set@CESysUnion@@QAEXKK@Z
?Set@CESysUnion@@QAEXKM@Z
?Set@CESysUnion@@QAEXKN@Z
?Set@CESysUnion@@QAEXKPAD@Z
?Set@CESysUnions@@QAEXPAV1@@Z
?Set@CESysUnions@@QAEXPAVCESysUnion@@@Z
?SetEmpty@CESysUnion@@QAEXK@Z
?Short@CESysUnion@@QAEFXZ
?Stack@CESysUnions@@QAE?AUESysUnionStack_t@@XZ
?String@CESysUnion@@QAEPADXZ
?UChar@CESysUnion@@QAEEXZ
?ULong@CESysUnion@@QAEKXZ
?UShort@CESysUnion@@QAEGXZ

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c48a9ca066676a8462293b44923328df.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_c4d493c71f51a48c5fd0fdf78b69633d.vir
.dll windows:4 windows x64 arch:x64

24b3d2952588080766f7fd68e6e8f755

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
RaiseException

Exports

Exports

NetApiBufferAllocate
NetApiBufferFree
NetApiBufferReallocate
NetApiBufferSize
NetRemoteComputerSupports
NetapipBufferAllocate
NetpIsComputerNameValid
NetpIsDomainNameValid
NetpIsGroupNameValid
NetpIsRemote
NetpIsRemoteNameValid
NetpIsShareNameValid
NetpIsUncComputerNameValid
NetpIsUserNameValid
NetpwListCanonicalize
NetpwListTraverse
NetpwNameCanonicalize
NetpwNameCompare
NetpwNameValidate
NetpwPathCanonicalize
NetpwPathCompare
NetpwPathType

Sections

.text
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_c4da0c65b27139185747945ab68beaf7.vir
.dll windows:4 windows x86 arch:x86

067c1ebd61f2ee9e3c8aaf0f39c0365a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
GlobalAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetACP
HeapSize
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
Sleep
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
SetEnvironmentVariableA
CloseHandle

user32

OpenClipboard
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
wsprintfA
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
LoadCursorA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
RegisterWindowMessageA
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
UnregisterClassA
LoadStringA
GetSysColorBrush
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos

gdi32

CreateRectRgnIndirect
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
GetObjectA
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SetBkColor
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC

winmm

waveOutPause
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

OleUninitialize
CLSIDFromString
OleInitialize

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi

comctl32

ImageList_Destroy
ord17

ws2_32

ioctlsocket
recv
getpeername
inet_ntoa
recvfrom
accept
WSACleanup
closesocket
WSAAsyncSelect

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

Exports

Exports

egergergfdgregeg
fwefegegrggr
gerggegre
gregregerg
��
��

Sections

.text
Size: 652KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c570741f5ff230eb7ac4dd0a2a80e09e.vir
.dll windows:4 windows x86 arch:x86

b15f50e3f2711e0feb9b6d0b6f0258b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c5fb9feba80e8073a3595e9bef97d86f.vir
.exe windows:4 windows x86 arch:x86

ba576e3b70e9ae1bd3396e05224632e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work\twplay\bin\netengine.pdb

Imports

p2pengine

BT_Context_Run
BT_Context_InitW
BT_Context_UnInitNat
BT_Context_UnInit
BT_Context_InitNat
BT_Context_SetLogFileW
BT_Task_SetSeqPicker
BT_File_GetHexInfoHashW
BT_File_GetPieceCount
BT_Task_ReadData
BT_Task_IsInit
BT_Task_AddExtAnnounceW
BT_File_OpenW
BT_Task_CloseVideoBuffer
BT_Task_GetVideoBufferInfo
BT_Task_Release
BT_Task_AddResUrlW
BT_Task_Open
BT_Task_Close
BT_Task_Execute
BT_Task_SetSeqFilePos
BT_File_GetTorrentNameW
BT_File_GetFileSize
BT_Task_SetUpnpPort
BT_File_GetCommentsW
BT_Task_GetTotalHaveFileSize
BT_Task_GetDownloadRate
BT_File_GetPieceSize
BT_File_Close
BT_Task_InitW

ws2_32

closesocket
WSACleanup
gethostbyname
inet_ntoa
recv
ioctlsocket
__WSAFDIsSet
select
inet_addr
connect
send
accept
listen
bind
htons
htonl
WSAGetLastError
socket
WSAStartup

kernel32

GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
VirtualAlloc
GetConsoleMode
GetConsoleCP
VirtualFree
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
RtlUnwind
RaiseException
GetDateFormatA
GetTimeFormatA
GetTempPathW
DeleteFileW
OpenEventW
SetEvent
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
CreateEventW
CloseHandle
WaitForSingleObject
GetLastError
Sleep
GetProcAddress
LoadLibraryW
CreateFileW
WriteFile
FindClose
SetEndOfFile
CreateDirectoryW
FindFirstFileW
SetFilePointer
CreateThread
GetCurrentThreadId
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetSystemInfo
GetVersionExW
GetPrivateProfileStringW
WritePrivateProfileStringW
LocalFree
FormatMessageW
FreeLibrary
OutputDebugStringA
HeapAlloc
HeapSize
GetVersionExA
SystemTimeToFileTime
SetFilePointerEx
LockFileEx
QueryPerformanceCounter
GetCurrentProcessId
HeapFree
GetDiskFreeSpaceW
SetEnvironmentVariableA
HeapDestroy
GetFullPathNameW
LoadLibraryA
GetSystemTime
GetFullPathNameA
GetFileAttributesA
InterlockedCompareExchange
HeapCreate
AreFileApisANSI
UnlockFile
DeleteFileA
HeapValidate
GetFileAttributesW
LockFile
HeapReAlloc
CreateFileA
CreateFileMappingW
WaitForSingleObjectEx
GetFileSize
GetDiskFreeSpaceA
OutputDebugStringW
ReadFile
CreateMutexW
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
FlushFileBuffers
MapViewOfFile
UnmapViewOfFile
GetFileAttributesExW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
GetModuleFileNameW
GetTempPathA
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

advapi32

RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW

shell32

ShellExecuteW

shlwapi

PathIsDirectoryW

Sections

.text
Size: 696KB - Virtual size: 693KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c6e8f2327b9a6ff3b7713b201d8c9722.vir
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_c6e9ecc2f40c6cfb2d1437c4c91d2a0b.vir
.dll windows:6 windows x86 arch:x86

Code Sign

54:75:00:71:42:50:5c:a3:c2:31:17:15:ae:9a:03:f8
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-04-2017 00:00

Not After

26-04-2020 23:59

Subject

CN=Emurasoft\, Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Emurasoft\, Inc.,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:4b:bd:56:30:41:b1:41:03:3e:01:4f:2f:02:54:df:6b:6a:df:6d:a3:70:a2:4e:55:3f:62:f4:3e:47:9d:a9
Signer

Actual PE Digest

8e:4b:bd:56:30:41:b1:41:03:3e:01:4f:2f:02:54:df:6b:6a:df:6d:a3:70:a2:4e:55:3f:62:f4:3e:47:9d:a9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\SRC\EmEditor\Release\wordcomplete_loceng.pdb

Sections

.rdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c70c6a7bf3890c9dc55b214241b43835.vir
.dll regsvr32 windows:4 windows x86 arch:x86

24b3d2952588080766f7fd68e6e8f755

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
RaiseException

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c734fb42f277b65b3b822168800254f8.vir
.exe windows:4 windows x86 arch:x86

0215dc3baad612381d9dd2303b0fafb0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyA
RegQueryValueW

user32

InvalidateRect
AdjustWindowRectEx
PostQuitMessage
EnableMenuItem
GetSystemMenu
GetDC
OffsetRect
CheckMenuRadioItem
ClientToScreen
DefWindowProcW
SetWindowPos
CreateMenu
LoadCursorW
LoadBitmapW
GetMessageTime
BeginPaint
ShowCursor
DispatchMessageW
EmptyClipboard
DestroyMenu
CreateWindowExW
DestroyCursor
ExitWindowsEx
MessageBoxW
AppendMenuW
GetCursorPos
SetForegroundWindow
GetWindowDC
WindowFromPoint
ShowCaret
GetClassNameW
ScreenToClient
GetParent
GetDlgItem
EnumWindows
OpenClipboard
UpdateWindow
WaitForInputIdle
MessageBeep
MsgWaitForMultipleObjects
PeekMessageW
GetSystemMetrics
GetWindowTextW
GetUpdateRect
CopyRect
DefFrameProcW
DrawIconEx
PostMessageW
TranslateMessage
RegisterClassW
GetMessageW
GetMenuItemCount
ShowWindow
UnregisterClassW
CallWindowProcW
RedrawWindow
TrackPopupMenu
SetWindowTextW
GetWindowTextLengthW
GetActiveWindow
SystemParametersInfoW
GetMenuItemInfoW
EndPaint
LoadImageW
SendMessageW
DrawMenuBar
GetFocus
GetForegroundWindow
DestroyWindow
MoveWindow
KillTimer
ReleaseDC
HideCaret
IsClipboardFormatAvailable
GetUpdateRgn
CloseClipboard
EnableWindow
CreatePopupMenu
LoadCursorFromFileW
IsIconic
RegisterClipboardFormatW
IsWindow
GetKeyState
GetSubMenu
SetTimer
GetWindow
SetFocus
DrawFocusRect
GetClipboardFormatNameW
ChildWindowFromPoint
LoadIconW

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
GetLastError
MultiByteToWideChar
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
WideCharToMultiByte
RtlUnwind
GetVersion
GetCommandLineA
HeapAlloc
HeapFree
GetLocalTime
GetSystemTime
GetTimeZoneInformation
GetSystemTimeAsFileTime
ReadFile
SetFilePointer
CreateFileMappingW
MapViewOfFile
CreateFileA
InitializeCriticalSection
ExitProcess
CreateFileW
UnmapViewOfFile
CloseHandle

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_c764ca86114f725bba897256d73b3a33.vir
.exe windows:6 windows x86 arch:x86

f906e0a01234bc01a7ca16169782ef3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

write.pdb

Imports

shell32

ShellExecuteW

kernel32

UnhandledExceptionFilter
Sleep
HeapSetInformation
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange

msvcrt

_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_controlfp

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_c92a53ec59f12d45c86b5e1872024891.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_cbac9dfe36de7bebda1d5f6c38fb44d0.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_ccc18a90ba16afd578ba4f2e4b8fb6f7.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\TrackerTouch\Code\MapAppGoogle\obj\Release\Tracker TM.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 679KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_ccdf882efde1991c710c7cfdcf8a1ed0.vir
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\WS\Client\Builds\Launcher\TimeProtect\Release\TimeProtect.pdb

Exports

Exports

Check
Expire
GetDaysInstalled
GetDaysInstalledBit
GetExe
GetExpired
GetExtraInfo
GetGame
GetRestriction
GetSKU
GetTimeLeft
GetTimeTotal
GetType
GetUsesLeft
IncrementCounter
Register

Sections

.text
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text1
Size: 552KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 108KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc1
Size: 36KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 520KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_cd29744467bd83d810a033388fac0f53.vir
.exe windows:5 windows x86 arch:x86

4278480a3186073fb1ab5bf06d0588eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetCommandLineA
ExitProcess

user32

CharNextA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_ce4c0ef610ccdf05e6da178bbf6fe4ce.vir
.exe windows:5 windows x86 arch:x86

20dd26497880c05caed9305b3c8b9109

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_cea129030e5fa26b9f2d68aa50896ea2.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_cf072182b5373ed0f9ff79a52cb557d6.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_d00b72c395bcd2b6da0c03670c2226ac.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_d0c5c4d6e911c2c47dfd243f8800e143.vir
.dll windows:6 windows x86 arch:x86

897c96b8e22bba95ec1e53664856ecf1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\code\kodi-deps\Build\win10-win32\pycryptodome-prefix\src\pycryptodome-build\RelWithDebInfo\_raw_aes.pdb

Imports

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

vcruntime140_app

__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

free
calloc

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit
_seh_filter_dll

Exports

Exports

AES_start_operation
AES_stop_operation
PyInit__raw_aes

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_d1bbcf0a03f8ead210992141f1d192a1.vir
.exe windows:4 windows x86 arch:x86

aebf1104214070f24afd069902bb7b8d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut
midiOutUnprepareHeader
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
waveOutOpen

ws2_32

inet_ntoa
WSACleanup
send
closesocket
WSAAsyncSelect
recvfrom
ioctlsocket
recv
getpeername
accept
select
WSAStartup

rasapi32

RasGetConnectStatusA
RasHangUpA

kernel32

GetVersion
FileTimeToSystemTime
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
LocalFree
FileTimeToLocalFileTime
lstrcpynA
DuplicateHandle
LockFile
UnlockFile
SetEndOfFile
lstrcmpiA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
RaiseException
GetSystemTime
GetLocalTime
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
GetTimeZoneInformation
SetLastError
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
InterlockedExchange
FlushFileBuffers

user32

GetSysColorBrush
GetScrollPos
RegisterClassA
GetMenuItemCount
GetMenuItemID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetLastActivePopup
RegisterWindowMessageA
GetWindowPlacement
GetNextDlgTabItem
UnregisterClassA
CreateDialogIndirectParamA
DestroyWindow
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
CharUpperA
GetWindowTextLengthA
UnregisterHotKey
RegisterHotKey
CreateWindowExA
CallWindowProcA
GetForegroundWindow
SetWindowTextA
GetWindowTextA
GetDlgItem
GetClassNameA
GetDesktopWindow
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetSystemMenu
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
SetRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
LoadStringA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
EnumDisplaySettingsA
AdjustWindowRectEx
GetMessagePos
EndDialog

gdi32

StartDocA
DeleteDC
EndDoc
EndPage
CreateFontIndirectA
GetStockObject
CreateSolidBrush
CombineRgn
CreateRectRgn
FillRgn
PatBlt
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
CreateRectRgnIndirect
SetBkColor
CreateFontA
TranslateCharsetInfo
SaveDC
RestoreDC
SetBkMode
SetStretchBltMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
GetViewportOrgEx
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
GetObjectA
CreatePen
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetDIBits
GetTextExtentPoint32A
SetPolyFillMode
GetDeviceCaps
GetWindowExtEx

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comdlg32

GetFileTitleA
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA

advapi32

RegQueryValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA

shell32

Shell_NotifyIconA
ShellExecuteA
DragAcceptFiles
DragFinish
DragQueryFileA

ole32

CLSIDFromString
OleUninitialize
OleInitialize

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantCopy

comctl32

ord17
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_Destroy
ImageList_Create
ImageList_BeginDrag
ImageList_Add

wininet

InternetCloseHandle

Sections

.text
Size: 488KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 868KB - Virtual size: 865KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_d29a7219bff9d676124f7d64a178c876.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 608KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_d2e69bfbea8106c8fa09bd8ac902d328.vir
.dll windows:4 windows x86 arch:x86

c1133a4b67345d3d2d92f3323d9c4613

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

j:\obj\nt_ms_x86_p\dbextf6.pdb

Imports

kernel32

CloseHandle
LoadLibraryA
GetProcAddress
HeapFree
HeapReAlloc
HeapAlloc
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
TlsAlloc
ExitProcess
WideCharToMultiByte
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
InitializeCriticalSection
GetACP
GetOEMCP
GetCPInfo
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
MultiByteToWideChar
RtlUnwind
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
VirtualProtect
GetSystemInfo
VirtualQuery
HeapSize
FlushFileBuffers

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_d5066a36a43732b9486d7b09ad2894ce.vir
.exe windows:4 windows x86 arch:x86

85d3e298943ef0982bb6cf64384df885

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Develop\Work\Fishdom-trunk\output\Release-Game\Fishdom.pdb

Imports

kernel32

GetTimeZoneInformation
SetEndOfFile
GetDateFormatA
GetTimeFormatA
GetLocaleInfoW
SetEnvironmentVariableA
GetOEMCP
GetACP
InterlockedExchange
LoadLibraryA
SetStdHandle
IsBadCodePtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
VirtualQuery
GetSystemInfo
VirtualProtect
DeleteCriticalSection
SetConsoleCtrlHandler
WinExec
CompareStringA
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
ReadFile
HeapSize
SetFilePointer
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
SetCurrentDirectoryA
GetLocaleInfoA
CopyFileA
CreateDirectoryA
CreateFileA
LocalFree
CloseHandle
GetVersionExA
GetCurrentThreadId
FindFirstFileA
GetLastError
FindNextFileA
FindClose
FlushFileBuffers
WriteFile
EnterCriticalSection
SetUnhandledExceptionFilter
GetPrivateProfileStringA
GetShortPathNameA
GetCurrentDirectoryA
WritePrivateProfileStringA
DeleteFileA
MoveFileA
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
GetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
GetLocalTime
LeaveCriticalSection
CompareStringW
IsBadWritePtr
VirtualAlloc
IsProcessorFeaturePresent
HeapFree
RtlUnwind
RaiseException
ExitProcess
IsBadReadPtr
GetProcAddress
GetModuleHandleA
TerminateProcess
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapAlloc
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree

user32

PtInRect
FindWindowA
LoadIconA
RegisterClassExA
CreateWindowExA
DefWindowProcA
SetWindowLongA
SetFocus
UpdateWindow
AdjustWindowRectEx
DestroyWindow
UnregisterClassA
GetWindowLongA
GetParent
GetWindow
GetWindowRect
IsWindow
MapWindowPoints
SetWindowPos
GetForegroundWindow
SetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
ShowWindow
GetDesktopWindow
GetDC
ReleaseDC
SystemParametersInfoA
MessageBoxA
GetMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
SetCursor
LoadCursorA
ShowCursor
GetCursorPos
ScreenToClient
GetClientRect

gdi32

GetDeviceCaps
GetStockObject

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
FreeSid
SetSecurityInfo
SetEntriesInAclA
AllocateAndInitializeSid
GetSecurityInfo
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA
ShellExecuteExA

bass

BASS_ErrorGetCode
BASS_Init
BASS_StreamPlay
BASS_ChannelSetAttributes
BASS_GetDeviceDescription
BASS_Free
BASS_StreamCreateFile
BASS_SamplePlayEx
BASS_SampleGetInfo
BASS_SampleLoad
BASS_Pause
BASS_Start
BASS_SampleStop
BASS_ChannelStop

d3d8

Direct3DCreate8

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 375KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 16.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_d568cf1b273c385022947ed6ad85c265.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\p4\stg\ccc\apps\ccc\Source\Applications\MOM\MOM.EXE\obj\Release\MOM.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_d618f18b9ce664ec33ef8aa5fbc48c7d.vir
.exe windows:5 windows x86 arch:x86

cfe08b0c6765a37145dbfe03308890d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleHandleA
HeapReAlloc
HeapAlloc
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapSize
RtlUnwind
Sleep
HeapFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent

user32

GetMessageA
RegisterClassExA
PostQuitMessage
LoadIconA
TranslateMessage
MessageBoxA
CreateWindowExA
DefWindowProcA
ShowWindow
DispatchMessageA
UpdateWindow
LoadCursorA

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_d6954e87c9190ba87ab21a8f5ba44406.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

.\Library\Bee\artifacts\1900b0aE.dag\Unity.VisualScripting.Core.Editor.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_d71f77e3dd55fed9c120153500fe00f1.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\lenovo\Documents\Bitbucket\ConnectionCenter\SmartinhalerConnectionCenter\SmartTalkApp\obj\ReleasePRD\SmartinhalerLive Connection Center.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_d72ae7985f0cb0584c7e155e02607f9f.vir
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_d75df63f3cd57d9cc8c2006a7905db9e.vir
.exe windows:6 windows x86 arch:x86

ade60645c4e6eab00eaabcfff809bdbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Journal.pdb

Imports

advapi32

TraceMessage
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCreateKeyW
RegDeleteValueW
RegDeleteKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

FreeLibrary
CompareFileTime
FindFirstFileExW
GetStringTypeExW
InterlockedIncrement
InterlockedDecrement
LocalAlloc
InterlockedExchange
FindClose
RaiseException
LoadLibraryW
GetProcAddress
GetPrivateProfileSectionNamesW
WritePrivateProfileSectionW
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateFileW
WriteFile
CreateDirectoryW
GetFileAttributesExW
SetFileAttributesW
GetLocalTime
FindNextFileW
HeapAlloc
GetProcessHeap
HeapFree
FileTimeToLocalFileTime
GetDateFormatW
GetTimeFormatW
GetTempFileNameW
ExpandEnvironmentStringsW
GetLongPathNameW
GetCalendarInfoW
FileTimeToSystemTime
GetFullPathNameW
GetDriveTypeW
GlobalReAlloc
Sleep
CreateEventW
CreateThread
SetEvent
WaitForSingleObject
CloseHandle
WaitForMultipleObjects
LocalFileTimeToFileTime
GetModuleFileNameW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocaleInfoW
GetNumberFormatW
GetUserDefaultLCID
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
SizeofResource
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DeleteFileW
GlobalAlloc
lstrcmpW
GetSystemTime
GetComputerNameW
FindResourceW
LoadResource
SetLastError
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
CreateProcessW
lstrlenW
FormatMessageW
LocalFree
SetCurrentDirectoryW
CompareStringW
GetLastError
MulDiv
LockResource
SystemTimeToFileTime
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
GetTempPathW
GetFileAttributesW
HeapSetInformation
RegisterApplicationRestart
GetCurrentThreadId
GetSystemDirectoryW
FindFirstFileW
CopyFileW
GetUserDefaultUILanguage
LoadLibraryA

gdi32

DeleteObject
SetTextColor
SetBkColor
SetBkMode
GetStockObject
MoveToEx
LineTo
CreateRectRgnIndirect
CreateRoundRectRgn
CreatePolygonRgn
CreateRectRgn
CreateSolidBrush
BitBlt
SelectObject
GetObjectW
CreatePen
CopyEnhMetaFileW
DeleteEnhMetaFile
GetObjectA
SaveDC
SetLayout
RestoreDC
CombineRgn
FillRgn
PatBlt
SelectPalette
RealizePalette
GetDIBits
SetDCPenColor
GetTextExtentPoint32W
MaskBlt
GetTextMetricsW
CreateFontIndirectW
CreateFontW
GetCharWidthW
Rectangle
OffsetWindowOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
Polygon

user32

GetWindowPlacement
SetWindowPlacement
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
InsertMenuItemW
TrackPopupMenu
SetFocus
GetFocus
GetWindowRect
EnableWindow
SetRectEmpty
SendMessageW
CreateWindowExW
SetWindowPos
MoveWindow
GetDlgItem
SystemParametersInfoW
SendMessageTimeoutW
GetSystemMetrics
DestroyCursor
LoadImageW
GetWindowInfo
CopyRect
PtInRect
OffsetRect
IntersectRect
GetDlgCtrlID
CreatePopupMenu
DeleteMenu
AppendMenuW
CheckMenuItem
EnableMenuItem
GetMenuItemCount
GetMenuItemID
UnregisterPowerSettingNotification
GetSubMenu
InsertMenuW
ModifyMenuW
IsWindowEnabled
SetMenuItemBitmaps
LoadMenuW
PostMessageW
DrawMenuBar
GetSystemMenu
IsIconic
IsZoomed
GetClientRect
MapWindowPoints
ClientToScreen
GetDC
ReleaseDC
UpdateWindow
InvalidateRect
RedrawWindow
GetActiveWindow
SetActiveWindow
IsWindowVisible
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindow
WindowFromPoint
SetForegroundWindow
LoadStringW
GetDesktopWindow
GetSysColor
IsRectEmpty
SetRect
OpenClipboard
LockWindowUpdate
InflateRect
WaitForInputIdle
MessageBoxW
LoadIconW
MessageBeep
RegisterPowerSettingNotification
EqualRect
TrackPopupMenuEx
GetWindow
DestroyWindow
RegisterClassW
GetClassInfoW
GetWindowLongW
LoadBitmapW
SetCapture
DrawFrameControl
DefWindowProcW
UnionRect
IsChild
DrawFocusRect
SetWindowLongW
EndPaint
BeginPaint
ReleaseCapture
GetMessagePos
GetMessageTime
GetParent
FrameRect
ScreenToClient
SetDlgItemTextW
GetDlgItemTextW
GetKeyboardLayout
CharNextW
CharPrevW
TranslateAcceleratorW
ShowWindow
MapDialogRect
EnumChildWindows
LoadAcceleratorsW
GetNextDlgTabItem
CallWindowProcW
DispatchMessageW
TranslateMessage
PeekMessageW
PostQuitMessage
GetProcessDefaultLayout
SetCursor
GetCapture
GetScrollPos
SetScrollPos
SetCursorPos
GetKeyState
GetCursorPos
CheckDlgButton
IsDlgButtonChecked
DestroyIcon
CharLowerW
TrackMouseEvent
GetForegroundWindow
GetMonitorInfoW
MonitorFromRect
MonitorFromWindow
GetLastActivePopup
DestroyMenu
GetMenuStringW
FindWindowW
GetMenuItemRect
SetMenuItemInfoW
DrawEdge
GetAsyncKeyState
GetCursor
GetSysColorBrush
GetWindowDC
GetDoubleClickTime
FillRect
DrawTextW
SetWindowRgn
SetTimer
KillTimer
DrawIconEx
LoadCursorW
RemoveMenu

mfc42u

ord2036
ord2440
ord1569
ord1230
ord283
ord472
ord3737
ord5871
ord6168
ord3701
ord3568
ord6437
ord1001
ord1085
ord2350
ord4470
ord802
ord6451
ord3016
ord289
ord613
ord3688
ord536
ord4273
ord942
ord860
ord4527
ord4334
ord4341
ord4883
ord4957
ord4954
ord6050
ord1718
ord364
ord4714
ord6212
ord6127
ord5031
ord2083
ord326
ord5277
ord4236
ord784
ord1833
ord3084
ord3062
ord355
ord2507
ord3494
ord483
ord2362
ord763
ord1912
ord6438
ord1231
ord3215
ord2559
ord2225
ord1258
ord1134
ord2144
ord1193
ord1562
ord1125
ord5945
ord1263
ord4197
ord1135
ord1761
ord542
ord2755
ord6565
ord5597
ord3092
ord5949
ord3093
ord1184
ord1941
ord1165
ord567
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord818
ord3000
ord2127
ord4282
ord3133
ord4331
ord1560
ord3658
ord3792
ord1172
ord2855
ord1834
ord4237
ord3649
ord2576
ord4215
ord2430
ord1637
ord674
ord800
ord4421
ord2116
ord1658
ord2641
ord5233
ord4072
ord4146
ord2873
ord2874
ord3398
ord5006
ord3345
ord4298
ord5097
ord5094
ord3054
ord2382
ord2715
ord4493
ord2858
ord5048
ord1143
ord4294
ord2854
ord5248
ord3865
ord2859
ord975
ord6191
ord2371
ord6195
ord6868
ord4155
ord540
ord641
ord793
ord656
ord6307
ord4166
ord538
ord5468
ord4118
ord1662
ord2385
ord2644
ord268
ord4158
ord535
ord2606
ord6205
ord2992
ord6211
ord3916
ord4219
ord2506
ord5867
ord366
ord861
ord4695
ord6266
ord5278
ord1930
ord3087
ord1130
ord1795
ord2862
ord2809
ord2520
ord3915
ord5651
ord5024
ord2810
ord4585
ord4279
ord6456
ord4508
ord4770
ord2422
ord6561
ord6611
ord5852
ord858
ord4124
ord4718
ord4451
ord4407
ord4584
ord4430
ord4604
ord617
ord296
ord5214
ord5215
ord4269
ord815
ord5285
ord561
ord3733
ord4616
ord5710
ord5303
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord5727
ord2504
ord2546
ord4480
ord6371
ord4692
ord1190
ord2717
ord1148
ord1594
ord5297
ord5499
ord2627
ord1131
ord5208
ord986
ord520
ord4154
ord2613
ord3917
ord816
ord1229
ord1150
ord562
ord5683
ord1202
ord6113
ord3621
ord2406
ord3566
ord1634
ord1633
ord5781
ord609
ord3592
ord4419
ord5276
ord1767
ord6048
ord4992
ord4847
ord4370
ord5261
ord1817
ord4233
ord4817
ord2820
ord795
ord652
ord4420
ord4617
ord6171
ord6076
ord3193
ord3449
ord4381
ord2391
ord4852
ord4947
ord5649
ord3167
ord5573
ord1739
ord5736
ord5239
ord2534
ord2502
ord6332
ord3060
ord3053
ord4690
ord2746
ord640
ord323
ord338
ord6325
ord1937
ord4268
ord2680
ord4717
ord5848
ord3069
ord5256
ord813
ord2879
ord4426
ord1719
ord3743
ord5236
ord4103
ord4955
ord4958
ord4518
ord4523
ord4520
ord4537
ord4539
ord4525
ord4884
ord4335
ord5070
ord4886
ord4364
ord4893
ord4582
ord4583
ord5977
ord4343
ord5047
ord560
ord4458
ord6303
ord521
ord711
ord413
ord4162
ord2400
ord2088
ord384
ord2442
ord6793
ord620
ord6741
ord2436
ord5244
ord6851
ord5275
ord6922
ord5230
ord6586
ord6585
ord6853
ord2381
ord4116
ord5467
ord4051
ord4358
ord2522
ord6150
ord6487
ord4263
ord5878
ord3870
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord616
ord4078
ord1857
ord4071
ord2857
ord807
ord554
ord3725
ord5058
ord6365
ord5080
ord4360
ord3290
ord2445
ord6142
ord6617
ord6193
ord2072
ord1704
ord1709
ord3614
ord1899
ord768
ord4829
ord5283
ord4848
ord4371
ord4942
ord4970
ord4899
ord5154
ord5156
ord5155
ord4253
ord4472
ord790
ord6024
ord3569
ord4390
ord2567
ord3605
ord489
ord2294
ord2634
ord4352
ord1775
ord4704
ord4736
ord3714
ord5436
ord6379
ord3716
ord5426
ord6928
ord5446
ord6390
ord4270
ord2070
ord1792
ord4222
ord2505
ord293
ord4846
ord4369
ord4428
ord692
ord3634
ord4395
ord2573
ord4214
ord2016
ord2405
ord6362
ord1764
ord2455
ord771
ord4425
ord2046
ord5284
ord1683
ord1900
ord1008
ord4229
ord324
ord1831
ord4224
ord3014
ord2508
ord361
ord2637
ord940
ord5568
ord2910
ord6865
ord2885
ord6278
ord5706
ord6279
ord927
ord496
ord4254
ord4433
ord537

msvcp60

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB

msvcrt

iswupper
iswpunct
_CIlog
towupper
iswlower
wcsncmp
swscanf
calloc
__CxxFrameHandler3
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
malloc
__RTDynamicCast
wcstoul
_ultow
_purecall
_ltow
qsort
_itow
_CIpow
wcsrchr
tolower
strstr
_wtol
_ftol2
iswspace
wcschr
memmove
_wcsnicmp
ceil
free
memcpy
_wcsicmp
_wtoi
_vsnwprintf
_ftol2_sse
memset
towlower

atl

ord31
ord30

ntdll

EtwTraceMessage
WinSqmIsOptedIn
WinSqmIncrementDWORD

comctl32

CreatePropertySheetPageW
ImageList_AddMasked
ImageList_Draw
ImageList_SetBkColor
ImageList_Replace
ImageList_GetIconSize
ImageList_Destroy
ImageList_GetImageInfo
ImageList_Create
ImageList_Remove
ImageList_Add
ImageList_GetImageCount
ImageList_ReplaceIcon
ord345

shell32

SHGetFileInfoW
SHAppBarMessage
ShellAboutW
SHGetDesktopFolder
SHSetLocalizedName
SHCreateDirectoryExW
SHGetMalloc
SHGetFolderPathW
SHPathPrepareForWriteW
SHGetFolderLocation
SHBrowseForFolderW
SHGetSettings
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetFolderPathAndSubDirW
SHFileOperationW
ShellExecuteW
SHAddToRecentDocs

shlwapi

PathAddBackslashW
PathFindExtensionW
PathIsDirectoryW
PathFindFileNameW
StrRetToBufW
PathAppendW
PathRemoveFileSpecW
PathRemoveExtensionW
PathCompactPathExW
PathFileExistsW
PathStripPathW
SHDeleteValueW
PathCombineW
PathIsUNCServerW
PathGetCharTypeW
PathRenameExtensionW
PathUnquoteSpacesW
PathFindSuffixArrayW
StrToIntW
StrChrW
PathIsNetworkPathW
PathStripToRootW
StrFormatByteSizeW
PathRemoveBackslashW
PathCommonPrefixW
PathAddExtensionW
StrToInt64ExW
PathCompactPathW
SHDeleteKeyW
PathGetDriveNumberW

ole32

CoCreateInstance
PropVariantClear
GetHGlobalFromStream
CreateStreamOnHGlobal
PropVariantCopy
CoTaskMemFree
StgOpenStorageEx
StgCreateStorageEx
CoGetClassObject
CoUninitialize
CoInitialize

oleaut32

VariantTimeToSystemTime
VarR8FromStr
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VarBstrFromI4
VarBstrFromBool
SystemTimeToVariantTime
VariantClear

uxtheme

OpenThemeData
GetThemeSysFont
GetThemeColor
IsThemeActive
GetThemeSysColorBrush
CloseThemeData
DrawThemeBackground

gdiplus

GdipCloneBrush
GdipCreateBitmapFromGraphics
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFontFromLogfontA
GdipFree
GdipAlloc
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromHICON
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCloneBitmapAreaI
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateSolidFill
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipGetDC
GdipReleaseDC
GdipDrawString
GdipCreateFontFromDC

slc

SLGetWindowsInformationDWORD

Sections

.text
Size: 797KB - Virtual size: 796KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 874KB - Virtual size: 874KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_d809ced6c67c7f64ea449d103fa22e90.vir
.exe windows:4 windows x86 arch:x86

62fb5e8965ced52869367033762f6530

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaVarCmpNe
__vbaStrCat
ord660
ord662
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaCyErrVar
__vbaLateMemSt
__vbaExitProc
__vbaBoolStr
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord599
__vbaBoolVar
ord520
__vbaFPFix
__vbaFpR8
__vbaRefVarAry
__vbaBoolVarNull
_CIsin
ord524
__vbaErase
__vbaVarCmpGt
ord632
__vbaVarZero
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord527
ord528
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
ord560
__vbaObjVar
__vbaI2I4
ord670
__vbaVarOr
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
__vbaR8Cy
__vbaRedim
EVENT_SINK_Release
__vbaNew
ord601
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord711
ord712
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord714
__vbaLateIdStAd
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaCheckType
__vbaI2Var
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaR8Str
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaFpCy
ord610
__vbaAryLock
__vbaVarAdd
ord612
__vbaVarDup
ord613
__vbaFpI2
__vbaVarMod
__vbaVarTstGe
__vbaVarCopy
ord617
__vbaR8IntI2
__vbaLateMemCallLd
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaCastObj
ord619
__vbaR8IntI4
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaFPInt
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 576KB - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_d833fd797a7606945a4f44471ea01b93.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_da6bea8754348558d3df40959c6851fb.vir
.dll windows:4 windows x86 arch:x86

c111ec5c2ee815c8eb3d1b78a003f10d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
DisableThreadLibraryCalls
GetVersion
GlobalAlloc
GlobalFree

msvcrt40

malloc
atol
_initterm
free
strcpy
strcmp
_adjust_fdiv

Exports

Exports

T51main

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 71B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_db37346ef9b4bba31f60f9dbe13ba37c.vir
.exe windows:5 windows x86 arch:x86

c121cabc15a5a16cb26463cec5174545

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lua5.1

lua_pushfstring
lua_getinfo
lua_getstack
lua_pushlstring
lua_gettop
lua_tointeger
lua_isnumber
lua_concat
lua_isstring
lua_tothread
lua_type
luaL_newstate
lua_close
lua_sethook
lua_settop
luaL_openlibs
luaL_loadbuffer
lua_pushcclosure
lua_insert
lua_pcall
lua_remove
lua_pushstring
lua_setfield
lua_pushnumber
lua_pushboolean
lua_pushnil
lua_getfield
lua_tonumber
lua_toboolean
lua_createtable
lua_settable
lua_gettable
lua_error
lua_next
luaL_openlib
lua_pushvalue
lua_tolstring

winmm

mixerOpen
mixerSetControlDetails
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
waveInReset
waveInClose
waveInOpen
waveInStart
waveInGetNumDevs
waveInGetDevCapsA
waveInUnprepareHeader
mixerGetNumDevs
waveInAddBuffer
waveOutGetPosition
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetNumDevs
waveOutGetDevCapsA
mciGetErrorStringA
mciSendCommandA
timeGetTime
mixerClose
waveInPrepareHeader
PlaySoundA
timeGetDevCaps
sndPlaySoundA
timeBeginPeriod
timeSetEvent
timeKillEvent
timeEndPeriod

wsock32

socket
WSAAsyncGetHostByName
inet_addr
WSACancelAsyncRequest
connect
ioctlsocket
htons
WSACleanup
WSAStartup
select
WSAGetLastError
__WSAFDIsSet
inet_ntoa
send
closesocket
recv

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msacm32

acmStreamOpen
acmStreamConvert
acmStreamUnprepareHeader
acmStreamClose
acmStreamSize
acmStreamPrepareHeader
acmFormatSuggest

kernel32

LocalFileTimeToFileTime
DosDateTimeToFileTime
SetVolumeLabelA
GetLocalTime
FlushFileBuffers
MoveFileA
VirtualUnlock
FreeResource
VirtualFree
VirtualAlloc
GetModuleFileNameW
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetThreadLocale
ResumeThread
LocalReAlloc
EnumResourceLanguagesA
ConvertDefaultLocale
GetFileTime
GetStringTypeExA
LockFile
UnlockFile
DuplicateHandle
GetFileAttributesExA
GetFileSizeEx
GetProfileIntA
GlobalFlags
GetCPInfo
GetOEMCP
GetModuleHandleW
LoadLibraryW
GetSystemDirectoryW
SearchPathA
FindResourceExA
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
ExitProcess
GetTimeFormatA
GetDateFormatA
VirtualQuery
HeapReAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
ExitThread
SetStdHandle
GetFileType
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
GetStdHandle
CompareStringW
SetEnvironmentVariableW
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
LocalLock
LocalUnlock
IsDBCSLeadByte
lstrcmpA
TlsGetValue
IsBadReadPtr
TlsFree
TlsSetValue
GlobalHandle
TlsAlloc
GetProcessAffinityMask
VirtualProtect
VirtualLock
OpenFile
InterlockedDecrement
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
GetCurrentThreadId
GetSystemDefaultLangID
DeviceIoControl
SetErrorMode
IsBadStringPtrA
WriteFile
SetEndOfFile
GetFileSize
GetSystemInfo
GlobalMemoryStatus
GetDriveTypeA
GetComputerNameA
ExpandEnvironmentStringsA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCurrentProcessId
GetLocaleInfoA
GlobalSize
TerminateThread
CreateThread
WaitForSingleObject
CreateEventA
SetEvent
GetExitCodeThread
GetThreadPriority
SetThreadPriority
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
GetCurrentProcess
GetTickCount
LoadLibraryExA
TerminateProcess
OpenProcess
GetTempPathA
LocalFree
FormatMessageA
GetWindowsDirectoryA
GetShortPathNameA
MoveFileExA
CopyFileA
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
lstrcpyA
MulDiv
GetTempFileNameA
GetExitCodeProcess
CreateProcessA
GetDiskFreeSpaceA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
SetFileTime
SystemTimeToFileTime
SetCurrentDirectoryA
GetCurrentDirectoryA
FindNextFileA
CloseHandle
ReadFile
SetFilePointer
CreateFileA
GetVolumeInformationA
GetFullPathNameA
FindClose
FindFirstFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrlenA
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
SetFileAttributesA
lstrcpynA
Sleep
GetEnvironmentVariableA
SetEnvironmentVariableA
GetSystemDirectoryA
FreeLibrary
lstrlenW
InterlockedIncrement
GetFileAttributesA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
SetLastError
CompareStringA
GetVersionExA
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
FileTimeToDosDateTime
lstrcmpiA
GetLogicalDriveStringsA
LocalAlloc
EnumResourceNamesA
LoadLibraryExW
LocalSize
EnumResourceTypesA
IsBadWritePtr
lstrcatA

user32

DefMDIChildProcA
TranslateMDISysAccel
PostThreadMessageA
SubtractRect
GetTabbedTextExtentA
DestroyCursor
DrawIcon
GetDCEx
IsCharLowerA
MapVirtualKeyExA
SetWindowContextHelpId
MapDialogRect
IsMenu
IsZoomed
GetSysColorBrush
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
DestroyAcceleratorTable
NotifyWinEvent
GetMessageA
ValidateRect
DestroyMenu
MapVirtualKeyA
GetKeyNameTextA
EndPaint
BeginPaint
GetMenuStringA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
ScrollWindow
TrackPopupMenuEx
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetClassInfoExA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetMenu
IsIconic
GetWindowPlacement
GetWindowTextLengthA
GetDlgCtrlID
IsDialogMessageA
SendDlgItemMessageA
CheckRadioButton
CheckDlgButton
UnhookWindowsHookEx
CreateDialogIndirectParamA
GetDlgItem
IsWindowEnabled
CharToOemA
OemToCharBuffA
CharLowerA
WaitForInputIdle
SetDlgItemTextA
SetWindowTextA
EndDialog
DialogBoxParamA
GetActiveWindow
OemToCharA
CharNextA
CharPrevA
CharUpperBuffA
CharLowerBuffA
UnregisterClassA
ExitWindowsEx
RemoveMenu
DrawMenuBar
CreateWindowExA
RegisterClassA
DestroyWindow
GetAsyncKeyState
GetNextDlgTabItem
WindowFromPoint
GetDoubleClickTime
ClipCursor
InvertRect
IsClipboardFormatAvailable
GetClassInfoA
DrawEdge
FrameRect
FillRect
TrackMouseEvent
InsertMenuA
EnableScrollBar
MapWindowPoints
DrawFrameControl
CreatePopupMenu
GetMenuItemCount
DefFrameProcA
GetWindowRgn
EqualRect
GetForegroundWindow
GetWindowThreadProcessId
GetWindowTextA
GetWindow
EnumWindows
SetActiveWindow
DrawAnimatedRects
SetParent
EnumChildWindows
FindWindowA
GetClassNameA
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
GetSubMenu
SendMessageTimeoutA
MsgWaitForMultipleObjects
wsprintfA
DrawIconEx
LoadBitmapA
CharUpperA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MessageBeep
IsChild
RegisterWindowMessageA
ShowWindow
MoveWindow
UnionRect
SetWindowRgn
TranslateMessage
LoadCursorA
SetCursor
SetRectEmpty
DefWindowProcA
UpdateWindow
InvalidateRgn
IntersectRect
SetCapture
GetCapture
SetFocus
GetFocus
SetWindowPos
CallWindowProcA
GetWindowDC
EnableMenuItem
DeleteMenu
GetSystemMenu
PostQuitMessage
RegisterClassExA
GetMenuState
MessageBoxA
GetMessagePos
DestroyIcon
DrawFocusRect
SetRect
DrawStateA
InflateRect
GetIconInfo
GetMenuItemInfoA
CopyRect
GetSystemMetrics
AppendMenuA
SystemParametersInfoA
DispatchMessageA
PeekMessageA
CloseWindow
GetParent
PostMessageA
ReleaseCapture
GetKeyState
PtInRect
ScreenToClient
GetCursorPos
RedrawWindow
GetSysColor
InvalidateRect
IsWindowVisible
IsWindow
OffsetRect
LoadIconA
SendMessageA
SetTimer
KillTimer
EnableWindow
ReleaseDC
UpdateLayeredWindow
ClientToScreen
GetDesktopWindow
IsRectEmpty
GetClientRect
GetDC
GetWindowRect
LoadImageA
SetForegroundWindow
SetWindowLongA
GetWindowLongA
SetWindowLongW
GetWindowLongW
IsWindowUnicode
CreateIconIndirect
CreateIconFromResourceEx
CallWindowProcW
DefWindowProcW
DefFrameProcW
DefDlgProcA
CreateAcceleratorTableA
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyIcon
SetCursorPos
GetMenuDefaultItem
EmptyClipboard
CloseClipboard
SetClipboardData
CopyImage
OpenClipboard
WaitMessage
DefDlgProcW
DefMDIChildProcW
RegisterClassW
LookupIconIdFromDirectoryEx
GetMenuStringW
HideCaret
ShowCaret
GetCursor
ShowOwnedPopups
SetClassLongA
LockWindowUpdate
GetUpdateRect
GetNextDlgGroupItem
RegisterClipboardFormatA
CreateMenu
CopyAcceleratorTableA
GetKeyboardLayoutList
LoadMenuA

gdi32

AddFontResourceA
RemoveFontResourceA
CreateHalftonePalette
CreateFontIndirectA
GetTextColor
Polygon
SelectPalette
RealizePalette
GetWindowOrgEx
GetWindowExtEx
IntersectClipRect
CreateRectRgnIndirect
CombineRgn
LPtoDP
GetMapMode
GetViewportExtEx
DPtoLP
GetDeviceCaps
CreateRectRgn
BitBlt
ExtCreateRegion
CreateRoundRectRgn
GetBkColor
GetPaletteEntries
GdiFlush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateFontA
EnumFontFamiliesExA
CreateScalableFontResourceA
CreatePalette
CreateBitmap
PatBlt
CreatePatternBrush
SetMapMode
ExcludeClipRect
LineTo
MoveToEx
SetTextAlign
AbortDoc
GetPixel
SetViewportExtEx
ScaleViewportExtEx
Rectangle
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
PolyBezierTo
ExtSelectClipRgn
GetObjectType
CreateHatchBrush
GetStockObject
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
GetRgnBox
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetCharWidthA
StretchDIBits
OffsetRgn
SetDIBColorTable
GetDIBits
StartPage
SetPixel
RoundRect
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
ExtFloodFill
SetPaletteEntries
GetTextAlign
GetTextFaceA
GetNearestPaletteIndex
GetSystemPaletteEntries
DeleteMetaFile
SetPixelV
StartDocA
GetCurrentObject
SetViewportOrgEx
CreatePen
SetWindowOrgEx
GetTextExtentPoint32A
OffsetViewportOrgEx
SelectClipRgn
GetClipRgn
GetBkMode
GetTextMetricsA
CreateCompatibleBitmap
PtInRegion
EndDoc
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
SetTextColor
CreateSolidBrush
StretchBlt
SetBrushOrgEx
GetBitmapBits
GetTextExtentPoint32W
ExtTextOutW
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
SetWinMetaFileBits
DeleteEnhMetaFile
GetEnhMetaFileHeader
GetMetaFileBitsEx
GetMetaFileA
GetEnhMetaFileA
PlayEnhMetaFile
GetClipBox
GetDCOrgEx
SetBkColor
SetBkMode
GetStretchBltMode
SetRectRgn
DeleteDC
SelectObject
CreateDIBSection
EndPage
CreateCompatibleDC
GetObjectA
DeleteObject

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetSaveFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

AdjustTokenPrivileges
RegEnumKeyA
GetUserNameA
UnlockServiceDatabase
OpenSCManagerA
GetServiceDisplayNameA
QueryServiceStatus
ControlService
StartServiceA
DeleteService
CloseServiceHandle
CreateServiceA
OpenServiceA
RegConnectRegistryA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
EnumServicesStatusA
EqualSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegOpenKeyA
LookupAccountSidA
SetNamedSecurityInfoA
SetEntriesInAclA
FreeSid
GetNamedSecurityInfoA
ConvertStringSidToSidA
AllocateAndInitializeSid
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegSetValueA
IsValidSid
LookupAccountNameA
ConvertSidToStringSidA
RegOpenKeyExA
LookupPrivilegeValueA

shell32

ShellExecuteExA
ExtractIconA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
DragQueryFileA
DragFinish
ExtractIconExA
SHGetFileInfoA
SHAppBarMessage
Shell_NotifyIconA
SHGetSpecialFolderLocation

comctl32

ImageList_GetImageInfo
ImageList_GetBkColor
FlatSB_GetScrollProp
_TrackMouseEvent
ImageList_DrawEx
ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawIndirect

shlwapi

PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathRemoveFileSpecW

oledlg

ord1
ord8

ole32

CreateStreamOnHGlobal
CLSIDFromString
CoCreateInstance
CoInitialize
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
CoRegisterMessageFilter
CoRevokeClassObject
OleLockRunning
CoUninitialize
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
DoDragDrop
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
LoadTypeLi
RegisterTypeLi
VariantClear
SysStringLen
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
SafeArrayDestroy
VariantChangeType
VariantCopy
SysAllocStringLen
VariantInit
SysAllocString
SysFreeString
OleLoadPicturePath

urlmon

URLDownloadToFileA

gdiplus

GdipCloneImage
GdiplusShutdown
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

netapi32

Netbios

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 854KB - Virtual size: 853KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_dba5e9e106463d810cc18226fe91b55a.vir
.dll windows:6 windows

0e08a7f2f117b480da6d48381f82f6bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcp140_app

?_Xlength_error@std@@YAXPBD@Z
_Xtime_get_ticks

vcruntime140_app

__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__C_specific_handler
_CxxThrowException
__std_type_info_destroy_list
memmove
memset
memcpy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_initterm
_initialize_narrow_environment
_cexit
_execute_onexit_table
_configure_narrow_argv
_initialize_onexit_table

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-core-errorhandling-l1-1-0

RaiseException

Exports

Exports

ADDON_Create
ADDON_GetTypeMinVersion
ADDON_GetTypeVersion

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_dd6916461ebbff6ba558542cbbe44813.vir
.exe windows:4 windows x86 arch:x86

0134f7265fc54a3165561ba771bcc1a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3825
ord3079
ord4080
ord4627
ord4424
ord3698
ord567
ord825
ord765
ord4275
ord3573
ord3626
ord2414
ord1641
ord3663
ord755
ord800
ord5875
ord6172
ord2818
ord540
ord470
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord640
ord6194
ord5785
ord1640
ord323
ord4673
ord4274
ord6375
ord4486
ord2554
ord3831
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord641
ord2514
ord2621
ord1134
ord668
ord1200
ord1168
ord858
ord924
ord2764
ord860
ord1980
ord2770
ord356
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord4234
ord1146
ord2302
ord6215
ord4160
ord2863
ord2379
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord2512
ord6055
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
strrchr
fopen
_setmbcp
__CxxFrameHandler
_ftol
vsprintf
sprintf
_controlfp
_mkdir
remove
fclose

kernel32

CloseHandle
WriteFile
SizeofResource
CreateFileA
CopyFileA
LockResource
FindResourceA
MoveFileA
Sleep
GetModuleHandleA
GetStartupInfoA
GetFileAttributesA
GetModuleFileNameA
OutputDebugStringA
LoadResource
GetLastError

user32

GetSystemMenu
DrawIcon
GetSystemMetrics
IsIconic
KillTimer
AppendMenuA
SetTimer
LoadIconA
GrayStringA
DrawTextA
TabbedTextOutA
GetClientRect
SetRect
FillRect
SendMessageA
GetSysColor
EnableWindow

gdi32

ExtTextOutA
TextOutA
RectVisible
PtVisible
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
Escape

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_dee2512948184e4f6de9369f047c4200.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_df1891808e28af13c6aca9809115cd05.vir
.dll windows:4 windows x86 arch:x86

ab75ab62f0e3324587ddff85930e2127

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress
GetTickCount
HeapAlloc
HeapReAlloc
IsBadStringPtrW
RaiseException

ntdll

_vsnprintf

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
_strdup
free
fwrite
getenv
memcmp
memmove
strchr
strcmp
strcspn
strlen

Exports

Exports

DllCanUnloadNow
DllMain
WIMApplyImage
WIMCaptureImage
WIMCloseHandle
WIMCommitImageHandle
WIMCopyFile
WIMCreateFile
WIMCreateImageFile
WIMDeleteImage
WIMDeleteImageMounts
WIMEnumImageFiles
WIMExportImage
WIMExtractImagePath
WIMFindFirstImageFile
WIMFindNextImageFile
WIMGetAttributes
WIMGetImageCount
WIMGetImageInformation
WIMGetMessageCallbackCount
WIMGetMountedImageHandle
WIMGetMountedImageInfo
WIMGetMountedImageInfoFromFile
WIMGetMountedImages
WIMInitFileIOCallbacks
WIMLoadImage
WIMMountImage
WIMMountImageHandle
WIMReadImageFile
WIMRegisterLogFile
WIMRegisterMessageCallback
WIMRemountImage
WIMSetBootImage
WIMSetFileIOCallbackTemporaryPath
WIMSetImageInformation
WIMSetReferenceFile
WIMSetTemporaryFile
WIMSplitFile
WIMUmountImage
WIMUmountImageHandle
WIMUnregisterLogFile
WIMUnregisterMessageCallback

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 160B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_df9ff3b77ba12cb806e9ac44f672e6c4.vir
.exe windows:4 windows x86 arch:x86

ea780480ffd81f8062e32df82f57996f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CreateFileW
GetTempPathA
GetTempPathW
LoadLibraryA
LoadLibraryW
GetVersionExA
GetLastError
CloseHandle
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetProcAddress
GetStartupInfoA

msvcrt

_ftol
wcscat
??3@YAXPAX@Z
calloc
free
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??2@YAPAXI@Z

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_e01ea112fa158c0a9beac68429874f8c.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_e05e068a0be8ddb2c02544d53e05a162.vir
.exe windows:4 windows x86 arch:x86

617755220d6939714467e4e4bfbcd5ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

GetStartupInfoW
ExitProcess
RtlUnwind
HeapFree
TerminateProcess
HeapAlloc
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
IsBadWritePtr
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
SetErrorMode
GetCurrentProcess
FlushFileBuffers
WriteFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFlags
InterlockedIncrement
lstrcmpiW
WritePrivateProfileStringW
GlobalFindAtomW
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcatW
GetVersionExA
InterlockedDecrement
FreeResource
GlobalAddAtomW
GetLastError
SetLastError
GlobalFree
MulDiv
GlobalUnlock
FormatMessageW
lstrcpynW
LocalFree
lstrlenW
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleW
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
GetLocaleInfoW
LoadLibraryW
GetProcAddress
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
CreateFileW
GetFileSize
SetFilePointer
ReadFile
CloseHandle
FreeLibrary
GetSystemDirectoryW
GetFileAttributesW
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapDestroy

user32

DestroyMenu
GetSysColorBrush
LoadCursorW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
wsprintfW
ShowWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
UnregisterClassW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
UnhookWindowsHookEx
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
MessageBoxW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageW
PostQuitMessage
GetSysColor
GetSystemMetrics
LoadIconW
EnableWindow
GetClientRect
IsIconic
SendMessageW
DrawIcon
GetPropW

gdi32

RectVisible
PtVisible
DeleteObject
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
CreateBitmap
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
TextOutW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteW

comctl32

ord17

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantInit
VariantChangeType
VariantClear

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qysswjf
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_e16447392b28b4a8f94cd6adaf433464.vir
.exe windows:4 windows x86 arch:x86

543d14b6fc604a065dbe3c5e8b85411b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaCopyBytes
__vbaStrCat
__vbaVarCmpNe
__vbaSetSystemError
__vbaHresultCheckObj
ord662
_adj_fdiv_m32
__vbaExitProc
ord300
ord301
ord595
__vbaOnError
__vbaObjSet
ord302
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord306
__vbaBoolVar
ord520
ord307
ord308
ord309
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaFpUI1
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord605
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaFpI2
ord616
__vbaVarLateMemCallLd
__vbaVarTstGe
ord617
_CIatan
ord618
__vbaStrMove
ord619
_allmul
_CItan
ord546
ord547
_CIexp
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar
ord581

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_e1b103b50b7358c69cb409d9f051595f.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_e2d7e06a1625e9f8f3be85487904029e.vir
.dll windows:4 windows x86 arch:x86

b15f50e3f2711e0feb9b6d0b6f0258b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_e35d3c75125dc8ced39194fad57107ef.vir
.exe windows:4 windows x86 arch:x86

ccc0e829fe1206cd39d147ca374725d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemTime
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA

comctl32

ord17

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

DeleteObject

shell32

SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA

user32

CharToOemA
CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA

ole32

CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

Sections

.text
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_e3e4eb6c5c147bdd73d247b440c151f1.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_e4e4dc838d93f4769192d9acfe189093.vir
.dll windows:6 windows x86 arch:x86

02c28fd443e95dc3e68d80b8c744543a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-core-file-l1-2-2

GetTempPathA

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

msvcp140_app

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ

vcruntime140_app

_except_handler4_common
memcpy
memmove
memset
__std_type_info_destroy_list
memchr
__std_exception_copy
__CxxFrameHandler3
__std_terminate
__std_exception_destroy
_CxxThrowException
_purecall
__current_exception
__current_exception_context

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_initterm_e
_initterm
terminate
_invalid_parameter_noinfo_noreturn
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

fwrite
fopen
__stdio_common_vsprintf
__stdio_common_vsprintf_s
fclose

api-ms-win-crt-time-l1-1-0

_localtime64
_gmtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

rename
_stat64i32
remove

api-ms-win-crt-convert-l1-1-0

wcstombs
strtod
atoi

api-ms-win-crt-string-l1-1-0

strncmp
_strnicmp
strncpy

api-ms-win-crt-math-l1-1-0

modf
_dclass
ceil
_isnan
_finite

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

ADDON_Create
ADDON_GetTypeMinVersion
ADDON_GetTypeVersion

Sections

.text
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_e611c15ff5e7b99b01ebf31a59b6fe1a.vir
Virussign.2024.06.08/virussign.com_e629426924625239457e94b9af30c8d9.vir
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 368KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 163KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_e6d9c6531b66d14d24a59a0b6223dea1.vir
.exe windows:4 windows x86 arch:x86

4204e1fe9e2e0a7f6bec612446ce171b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
CreateDirectoryA
GetPrivateProfileStringA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
WriteFile
DosDateTimeToFileTime
GetProcAddress
DeleteFileA
FreeLibrary
GetTempFileNameA
LoadLibraryA
GetTempPathA
GetSystemDirectoryA
FormatMessageA
lstrcmpA
lstrcpynA
GetLastError
ReadFile
FindResourceA
CompareStringA
CreateProcessA
WaitForSingleObject
GetStartupInfoA
RemoveDirectoryA
FindNextFileA
ExitProcess
MulDiv
GetSystemDefaultLCID
GetModuleFileNameA
lstrcatA
GetFileAttributesA
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
Sleep
GetDiskFreeSpaceA
FindFirstFileA
FindClose
lstrcpyA
lstrlenA
LockResource
LoadResource
GetWindowsDirectoryA
CloseHandle
SetStdHandle
LCMapStringW
LCMapStringA
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
WideCharToMultiByte
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersion
GetCommandLineA
GetModuleHandleA
HeapFree
HeapAlloc

user32

SendMessageA
TranslateMessage
MessageBoxA
wsprintfA
GetWindowLongA
GetParent
SetWindowTextA
GetWindowTextA
GetWindow
SetDlgItemTextA
EndDialog
SendDlgItemMessageA
CharNextA
DialogBoxParamA
GetClassNameA
IsCharAlphaA
GetDesktopWindow
GetDlgItemTextA
KillTimer
EnableWindow
SetTimer
PostMessageA
SetFocus
CreateDialogParamA
DestroyWindow
GetDlgItem
GetDC
ReleaseDC
ScreenToClient
SetWindowLongA
CreateWindowExA
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
LoadStringA
MessageBeep
GetSysColor
DispatchMessageA
PeekMessageA
GetWindowRect

gdi32

CreateFontIndirectA
TextOutA
SetTextColor
SelectObject
SetBkMode
GetTextExtentPointA
GetDeviceCaps
GetObjectA
DeleteObject

comctl32

ord17
PropertySheetA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

lz32

LZOpenFileA
LZCopy
LZClose

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_e825852b443f82c0fba7a969f8f95bcc.vir
.dll windows:5 windows

Code Sign

33:00:00:01:0c:6c:23:05:0b:07:99:1e:cd:00:00:00:00:01:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2018 20:20

Not After

23-11-2019 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:FC41-4BD4-D220,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:c0:08:91:01:91:d5:75:10:b8:95:4f:b3:04:38:35:3e:1b:16:20
Signer

Actual PE Digest

5e:c0:08:91:01:91:d5:75:10:b8:95:4f:b3:04:38:35:3e:1b:16:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.CodeDom.ni.pdb
E:\A\_work\500\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.CodeDom\netstandard\System.CodeDom.pdb

Sections

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_e8beda64d3d1bbb8771fb57089f920ab.vir
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 16.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_e8c3d044b5fa7071bf66feea99e2d85f.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_e927185a9c346e083097dcbdfb163f24.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_ea02eb70240a11c07f1fdb2d845e93dd.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_ea6b4effabcddbe701bb7092d082b5e5.vir
.exe windows:6 windows x64 arch:x64

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 286KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_eca7b5c36bd95de60324caba223ffebf.vir
.exe windows:4 windows x86 arch:x86

726d8d1c60f1bc7886cc17405454c41f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__set_app_type
__p__commode
_controlfp
_except_handler3
__p__fmode
_initterm
_adjust_fdiv
__setusermatherr
exit
__getmainargs
__p__acmdln
malloc
free
_XcptFilter
_exit
sprintf

kernel32

GetFileSize
GetStartupInfoA
GetModuleHandleA
CloseHandle
MoveFileExA
CreateFileA
LocalLock
LocalUnlock
LocalAlloc
GetProcAddress
GetModuleHandleW
LocalFree
GetModuleFileNameA
FreeLibrary
GetSystemDirectoryA
LoadLibraryA

user32

SetForegroundWindow
DestroyWindow
MoveWindow
GetWindowRect
GetDesktopWindow
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassA
LoadIconA
LoadStringA
MessageBoxA
DefWindowProcA
BringWindowToTop
OpenIcon
IsIconic
GetLastActivePopup
FindWindowA
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_ecd1035989c072145e0b593066c799e3.vir
.exe windows:6 windows x86 arch:x86

2b5b909d0358d9fe7d7fa2d73aed7529

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateDialogParamW
ShowWindow
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW

kernel32

DecodePointer
WriteConsoleW
CloseHandle
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_ed962372639b952f3669de218abf77a1.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_edb15fae78e06173987f7e42ad8c5702.vir
.exe windows:4 windows x86 arch:x86

4d17be67c8d0394c5c1b8e725359ed89

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClassA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_edeb5157046a6069f0c5b50bb3e1457d.vir
.dll regsvr32 windows:5 windows x86 arch:x86

b6be5bc45311c7c853c412dac5f611f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipCloneBitmapAreaI
GdiplusStartup
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromGdiDib
GdiplusShutdown
GdipGetImageHeight

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

winhttp

WinHttpCrackUrl

kernel32

FreeLibrary
MultiByteToWideChar
GetLastError
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GlobalLock
GlobalUnlock
GetProcAddress
GetModuleHandleW
lstrcmpiW
RaiseException
SizeofResource
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
GetLocalTime
InitializeCriticalSectionAndSpinCount
LockResource
FindResourceExW
GetCurrentThreadId
SetLastError
GetThreadLocale
SetThreadLocale
DecodePointer
EncodePointer
lstrlenA
WideCharToMultiByte
LocalFree
LoadResource
FlushFileBuffers
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetCommandLineA
IsDebuggerPresent
VirtualQuery
VirtualProtect
GetSystemInfo
GetStringTypeW
Sleep
HeapSize
HeapReAlloc
HeapDestroy
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
InterlockedCompareExchange
FindResourceW
LoadLibraryExW
MulDiv
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetStdHandle
WriteFile
IsValidCodePage
GetACP
GetOEMCP
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
GetFileType
GetEnvironmentStringsW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
ReadConsoleW
GetProcessHeap
ReadFile
SetEndOfFile
CreateFileW
CloseHandle
WriteConsoleW
SetStdHandle
SetFilePointerEx
LoadLibraryW
OutputDebugStringW
FreeEnvironmentStringsW
HeapFree
HeapAlloc

user32

CallWindowProcW
OffsetRect
EqualRect
IntersectRect
RegisterClassExW
LoadCursorW
GetClassInfoExW
DefWindowProcW
FillRect
GetFocus
CharNextW
IsWindow
SetWindowRgn
GetKeyState
SetFocus
RedrawWindow
ShowWindow
InvalidateRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
SetWindowPos
PostMessageW
DestroyWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
PtInRect
IsChild
UnionRect
UnregisterClassW

gdi32

SetBkColor
SetTextColor
DeleteMetaFile
CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileW
CreateRectRgnIndirect
TextOutW
SetTextAlign
CreateSolidBrush
DeleteObject
SelectObject
GetDeviceCaps
CreateFontW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

ole32

StringFromGUID2
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
StringFromCLSID
CoTaskMemRealloc
CreateOleAdviseHolder
OleSaveToStream
WriteClassStm
ReadClassStm
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysStringLen
SysAllocString
LoadTypeLi
LoadRegTypeLi
VariantClear
SysAllocStringByteLen
VariantInit
VariantChangeType
SysStringByteLen
OleCreatePropertyFrame
VarUI4FromStr
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysAllocStringLen

shlwapi

PathIsDirectoryW

rpcrt4

IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubForwardingFunction
NdrOleAllocate
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrStubCall2
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
NdrDllGetClassObject
NdrDllUnregisterProxy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_ee4d945176fb5b490cadefaa5ac3f5cc.vir
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_ef1ad74ee6e0a93f02364b74890d99fd.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 644KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_efcedad19fd6c3defc267745b1ff0f54.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_f1392bea9a45643577f8fd36fb0dac31.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_f183c588510cf8b4476c36ea5c8b715c.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_f26261465a05f9bc985eeed34c35536b.vir
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AudioOn
Autofit
ChipClose
Connected
Detect
GetCurrentPg
GetDataLog
GetDllType
GetFRArray
GetParam
GetParamDetail
GetProgramNo
GetTinnitusFR
Initialize
Mute
PlayTone
ReadParam
SaveParam
SetAllParam
SetCurrentPg
SetDllType
SetInterfaceType
SetMicResponse
SetParam
SetProgramNo
SetRLChannel
SetRecResponse
SetValidationMode
TestTone
WriteParam
doFBCEnable
doHGainOver3K
doHGainOver4K
doHHGain
doHighGain
doLHGain
doLowGain
doMPO
doOverallGain
doSetHGain
doSetLGain

Sections

CODE
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 11KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_f2900aef0f5d3ebeaaa85ab81432253a.vir
.dll regsvr32 windows:5 windows x86 arch:x86

d758e8d9ad29f3b5938d07e7fd1be82c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
wcscmp
wcscat
swprintf
memchr
?terminate@@YAXXZ
__CxxFrameHandler
wcsstr
wcsrchr
wcscpy
swscanf
_wtoi
_purecall
free
malloc
_callnewh
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_except_handler3
wcslen
_wcsicmp

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?nothrow@std@@3Unothrow_t@1@B
??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z

atl

ord22
ord15
ord32
ord21
ord18
ord16

iaspolcy

IASAttributeRelease
IASAttributeAlloc
IASAttributeUnicodeAlloc

iassvcs

IASRegisterComponent
IASGetHostByName
IASAdler32
IASGetDictionary
IASGetLocalDictionary

kernel32

DisableThreadLibraryCalls
CloseHandle
SwitchToThread
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetLocaleInfoW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
GetFileSize
SetLastError
CreateDirectoryW
CreateFileW
InterlockedDecrement
FileTimeToSystemTime
InterlockedIncrement
LocalFree
GetSystemTimeAsFileTime
GetLocalTime
GetComputerNameW
DeleteCriticalSection
InitializeCriticalSection
GetLastError

ole32

CoTaskMemFree
CoTaskMemAlloc

oleaut32

VariantClear
SetErrorInfo
VariantInit
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_f2ac7d5bac6df866511a2255835883ef.vir
.dll windows:6 windows x64 arch:x64

b606dada6e918fa5080c5e892e065fab

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23-02-2024 00:00

Not After

22-02-2027 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:6f:cd:e6:9c:22:92:5f:97:32:51:2f:fd:23:6a:59:3c:81:b6:ae:48:12:11:5c:4f:e2:13:7a:bb:b3:30:65
Signer

Actual PE Digest

6e:6f:cd:e6:9c:22:92:5f:97:32:51:2f:fd:23:6a:59:3c:81:b6:ae:48:12:11:5c:4f:e2:13:7a:bb:b3:30:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

flutter_windows

FlutterDesktopTextureRegistrarMarkExternalTextureFrameAvailable
FlutterDesktopTextureRegistrarUnregisterExternalTexture
FlutterDesktopTextureRegistrarRegisterExternalTexture
FlutterDesktopMessengerUnlock
FlutterDesktopMessengerLock
FlutterDesktopMessengerIsAvailable
FlutterDesktopMessengerRelease
FlutterDesktopMessengerAddRef
FlutterDesktopPluginRegistrarSetDestructionHandler
FlutterDesktopMessengerSendResponse
FlutterDesktopMessengerSendWithReply
FlutterDesktopMessengerSend
FlutterDesktopRegistrarGetTextureRegistrar
FlutterDesktopPluginRegistrarGetMessenger
FlutterDesktopPluginRegistrarGetView
FlutterDesktopMessengerSetCallback

kernel32

GetCurrentProcessId
WriteConsoleW
CreateFileW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
RtlUnwind
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CloseHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose

Exports

Exports

FlutterRgbaRendererPluginOnRgba
TextureRgbaRendererPluginCApiRegisterWithRegistrar

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_f3215b94e68381b608f6527f9eb05d2c.vir
.exe windows:4 windows x86 arch:x86

ad956c353de971a0aa89d9bc509ebfd0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetEntryDialParamsA
RasEnumConnectionsA
RasGetConnectStatusA
RasHangUpA
RasDialA
RasEnumEntriesA

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
PlaySoundA
waveOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutUnprepareHeader

ws2_32

gethostname
inet_addr
inet_ntoa
gethostbyname
WSAStartup
WSACleanup
select
send
closesocket
WSAAsyncSelect
htons
bind
htonl
socket
setsockopt
sendto
recvfrom
ioctlsocket
connect
recv
getpeername
accept
WSASetLastError
__WSAFDIsSet
ntohs
getsockname
listen

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA
AVIStreamGetFrame

kernel32

GetVersion
SetSystemPowerState
WideCharToMultiByte
lstrcmpiA
InterlockedIncrement
InterlockedDecrement
LocalFree
FileTimeToLocalFileTime
lstrcpynA
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
OpenProcess
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateToolhelp32Snapshot
Process32First
Process32Next
SetLastError
GetTimeZoneInformation
FileTimeToSystemTime
TerminateThread
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
DeviceIoControl
SetEvent
FindResourceA
LoadResource
LockResource
lstrlenW
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
InterlockedExchange

user32

GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
IsDialogMessageA
ScrollWindowEx
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetScrollPos
RegisterClassA
GetMenuItemCount
GetMenuItemID
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetLastActivePopup
RegisterWindowMessageA
GetWindowPlacement
EndDialog
CreateDialogIndirectParamA
DestroyWindow
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
CharUpperA
GetSysColorBrush
GetWindowDC
CallWindowProcA
CallNextHookEx
EnumChildWindows
GetWindowTextLengthA
EnumThreadWindows
UnhookWindowsHookEx
SetWindowsHookExA
DrawTextA
FrameRect
GetNextDlgTabItem
ExitWindowsEx
GetForegroundWindow
EnumWindows
GetWindowTextA
GetDlgItem
FindWindowA
GetWindowThreadProcessId
GetClassNameA
GetDesktopWindow
SetWindowTextA
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
LoadStringA
CreateIconFromResourceEx
SetScrollRange
UnregisterClassA

gdi32

CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
CreateDCA
CreateBrushIndirect
GetWindowExtEx
CreateHatchBrush
CreateBitmap
CreatePatternBrush
SelectObject
CreatePen
PatBlt
GetDIBits
CombineRgn
CreateRectRgn
FillRgn
RealizePalette
CreateSolidBrush
MoveToEx
CreateEllipticRgnIndirect
GetTextMetricsA
SaveDC
RestoreDC
SetPolyFillMode
CreateFontIndirectA
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetStockObject
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
ExtTextOutA
Escape
StretchDIBits
SetTextColor
SetBkMode
TextOutA
SetBkColor
CreateRectRgnIndirect
CreateDIBSection
SetPixel
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
SetWindowOrgEx
LineTo
GetPixel
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
Arc
GetTextExtentPoint32A
SetROP2
GetDeviceCaps
SetDIBitsToDevice

msimg32

GradientFill

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comdlg32

ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
OpenProcessToken
RegQueryValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
LookupPrivilegeValueA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CLSIDFromProgID
OleUninitialize
CLSIDFromString
CoCreateInstance
OleRun
OleInitialize

oleaut32

SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopy
VariantClear
VariantChangeType
SafeArrayGetUBound
VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
UnRegisterTypeLi

comctl32

ImageList_Destroy
_TrackMouseEvent
ord17

wininet

InternetCloseHandle

Sections

.text
Size: 900KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_f3810b12a6f5b8c11f92a17d90e37952.vir
.dll windows:4 windows x86 arch:x86

74440b5e33ce20156c2ae67c07172dc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
MulDiv
lstrcmpiA
LoadLibraryA
GetProcAddress
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
VirtualAlloc
HeapFree
HeapReAlloc
HeapAlloc
SetStdHandle
WideCharToMultiByte
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetLastError
SetFilePointer
DebugBreak
WriteFile
InterlockedDecrement
lstrcpyA
GetEnvironmentStringsW
RaiseException
InterlockedIncrement
GetModuleFileNameA
IsBadWritePtr
IsBadReadPtr
HeapValidate
CloseHandle
FlushFileBuffers
GetModuleHandleA
HeapCreate
GetCPInfo
GetACP
GetOEMCP
HeapDestroy
VirtualFree
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings

ltkrn13n

ord285
ord192
ord190
ord313
ord189
ord283
ord312
ord282
ord116
ord134
ord100
ord129
ord137
ord141
ord125
ord188
ord191
ord167

Exports

Exports

DllMain
fltComment
fltInfo
fltLoad
fltSave

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_f50ff9f71c09842089e05b23484c3a33.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_f54b625caa41a00c7fbc66743c7f2de2.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_f6fc5efcf1038827d34c243fd837b6b3.vir
.exe windows:5 windows x86 arch:x86

08f6a1b121da8cedde2d1089d0906ed8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellAboutW

msvcrt

__CxxFrameHandler
_CxxThrowException
wcstoul
toupper
wcschr
memmove
wcslen
_wcsrev
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_controlfp
_except_handler3
?terminate@@YAXXZ

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
GlobalCompact
GlobalAlloc
GlobalFree
GlobalReAlloc
lstrcmpW
Sleep
WriteProfileStringW
GetStartupInfoA
GlobalSize
GlobalUnlock
CreateEventW
CreateThread
ResetEvent
lstrcpynW
SetEvent
WaitForSingleObject
CloseHandle
lstrcatW
lstrlenW
LocalReAlloc
LocalFree
LocalAlloc
GetProfileStringW
GlobalLock
GetCommandLineW
lstrcpyW
GetProfileIntW

gdi32

SetBkColor
SetTextColor
SetBkMode

user32

GetMenu
SetDlgItemInt
GetWindowTextW
CheckDlgButton
HideCaret
CallWindowProcW
DrawTextW
WinHelpW
PostQuitMessage
GetDlgCtrlID
ScreenToClient
ChildWindowFromPoint
DefWindowProcW
IsClipboardFormatAvailable
EnableMenuItem
TrackPopupMenuEx
GetDesktopWindow
OpenClipboard
GetClipboardData
CharNextA
CloseClipboard
GetSysColor
DialogBoxParamW
EndDialog
MessageBeep
GetSubMenu
CheckRadioButton
SetWindowTextW
SetFocus
SetCursor
CharNextW
RegisterClassExW
GetSysColorBrush
LoadCursorW
LoadIconW
InvalidateRect
UpdateWindow
ShowWindow
SendMessageW
SetDlgItemTextW
CheckMenuItem
CheckMenuRadioItem
SetWindowPos
OffsetRect
MapWindowPoints
GetClientRect
EnableWindow
LoadMenuW
SetWindowLongW
GetWindowLongW
CreateDialogParamW
GetDlgItem
DestroyMenu
DestroyWindow
SetMenu
GetWindowRect
SystemParametersInfoW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
GetMessageW
LoadAcceleratorsW
CreateWindowExW
MessageBoxW
LoadStringW
SetProcessDefaultLayout
GetProcessDefaultLayout

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_f71b860a6ab4380b58418f34ce5edad8.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_f8916d4c6902dbae4ba946ee0596a61b.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_f954e458d99b3fe1cc9e4c7f18047f7f.vir
.exe windows:6 windows x64 arch:x64

7fb8c747ae0a03236518646a0b885e92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\工具源码\工具免杀专用文件夹\PDBEdit\x64\Release\PDBEdit.pdb

Imports

kernel32

GetConsoleOutputCP
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetStringTypeW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
IsValidCodePage
VirtualQuery
VirtualAlloc
GetSystemInfo
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
GetConsoleMode
SetFilePointerEx
FindFirstFileExW
QueryPerformanceFrequency
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateFileW
WriteConsoleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FindNextFileW
CreateEventW
WaitForSingleObjectEx
ResetEvent
FindResourceExW
GetTempFileNameA
GetWindowsDirectoryA
SearchPathA
GetProfileIntA
Sleep
GetTickCount
SetErrorMode
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
VirtualProtect
FileTimeToSystemTime
GetTempPathA
GetACP
GetFileAttributesA
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
GetThreadLocale
lstrcmpiA
GetCurrentProcess
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
CreateFileA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetSystemDirectoryW
EncodePointer
CopyFileA
FormatMessageA
MulDiv
LocalFree
GlobalSize
GetCurrentProcessId
GlobalAddAtomA
ResumeThread
SetThreadPriority
WaitForSingleObject
SetEvent
CloseHandle
VerifyVersionInfoA
lstrcpyA
VerSetConditionMask
GlobalUnlock
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleW
GetModuleHandleA
GetProcAddress
FindResourceA
GlobalFree
CompareStringA
MultiByteToWideChar
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryW
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
GetVersionExA
GetCurrentThreadId
GetCurrentThread
SetLastError
OutputDebugStringA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
HeapFree
EnterCriticalSection
HeapQueryInformation

user32

InvalidateRgn
CopyAcceleratorTableA
CharNextA
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
CopyImage
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
CharUpperA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
GetTopWindow
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
SetWindowLongA
EqualRect
AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
CallWindowProcA
GetMessageTime
GetMessagePos
GetMenuItemInfoA
SetRect
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
SetScrollPos
SetFocus
UnhookWindowsHookEx
PtInRect
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutA
GrayStringA
GetIconInfo
DrawTextA
RemoveMenu
InsertMenuA
EnableScrollBar
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
GetClassNameA
InvalidateRect
UpdateWindow
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxA
SetCursor
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExA
GetCursorPos
ValidateRect
GetKeyState
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadBitmapW
CopyIcon
GetMenuDefaultItem
SetMenuDefaultItem
UnregisterClassA
LoadIconW
GetSystemMenu
AppendMenuA
SendMessageA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
EnumDisplayMonitors
GetMonitorInfoA
SystemParametersInfoA
LoadCursorW
LoadCursorA
CopyRect
SetRectEmpty
SetLayeredWindowAttributes
GetClassInfoA
DefWindowProcA
GetDesktopWindow
IntersectRect
GetNextDlgGroupItem
MessageBeep
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DestroyIcon
LoadImageA
LoadImageW
SetParent
MonitorFromPoint
TrackMouseEvent
IsZoomed
GetWindowLongA
SetActiveWindow
GetAsyncKeyState
LoadMenuW
NotifyWinEvent
SetCursorPos
UnionRect
BringWindowToTop
CreatePopupMenu
DestroyMenu
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
EnableWindow
PostMessageA
PostQuitMessage
SetWindowPos
SetWindowContextHelpId
GetParent
GetWindow
MapDialogRect
RegisterWindowMessageA
DrawEdge
DrawFrameControl
IsWindowVisible
GetFocus
DrawStateA
SetWindowRgn
RedrawWindow
GetWindowRect
MapWindowPoints
GetSysColor
GetSysColorBrush
DrawFocusRect
FillRect
InflateRect
OffsetRect
IsRectEmpty
DrawIconEx
IsWindow
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
ModifyMenuA
DestroyAcceleratorTable
LockWindowUpdate
GetMenuItemCount
GetDoubleClickTime
InvertRect
HideCaret
GetWindowRgn
DestroyCursor
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
MapVirtualKeyExA
IsCharLowerA
PostThreadMessageA
IsClipboardFormatAvailable
FrameRect
CharUpperBuffA
SubtractRect
GetKeyNameTextA
RegisterClipboardFormatA
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
UpdateLayeredWindow
CreateAcceleratorTableA
LoadAcceleratorsW
MapVirtualKeyA
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
GetUpdateRect
DrawTextExA
SetClassLongPtrA

gdi32

CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectA
CreatePen
CreatePatternBrush
DeleteObject
EnumFontFamiliesA
GetDeviceCaps
GetStockObject
GetTextCharsetInfo
GetObjectA
CreateBitmap
CopyMetaFileA
CreateDCA
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
CreateCompatibleBitmap
TextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetRgnBox
GetMapMode
SetRectRgn
DPtoLP
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceA
BitBlt
GetTextMetricsA
Polyline
Polygon
CreatePolygonRgn
ExtTextOutA
PatBlt
GetTextExtentPoint32A
GetTextColor
GetBkColor
Ellipse
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CombineRgn
MoveToEx
CreateEllipticRgn
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
RegCloseKey
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
SHGetFileInfoA
SHAppBarMessage
ShellExecuteA
DragFinish
DragQueryFileA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
PathIsUNCA
PathFindFileNameA

uxtheme

GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeText
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
DrawThemeParentBackground
IsAppThemed

ole32

OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoInitializeEx
CoRevokeClassObject
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoDisconnectObject
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoGetClassObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
LoadTypeLi
OleCreateFontIndirect
VariantCopy
VarBstrFromDate
VariantChangeType
VariantClear
SysStringLen
VariantInit
SysAllocStringByteLen
SysFreeString
SysAllocStringLen

oledlg

ord8

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

dbghelp

ImageDirectoryEntryToData

rpcrt4

UuidFromStringA

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_f96df1c5e830e27d0e6334b4cabfc2e7.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Visual Basic Programs\JC_Numerology\JC_Numerology\obj\x86\Debug\JC Numerology.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 137B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_f9742636142c99400a9dbfb92c8babcb.vir
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 64B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_f9f6151db3e37a90733c80be54d06725.vir
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Borhan\Tfs\Team1\Source-8.5\CCCom\CCCom.Globalization\obj\Debug\CCCom.Globalization.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_fa70f3b27921f712359c628d4325641f.vir
.exe windows:5 windows x86 arch:x86

2af7446deb1c3f94f90d33dad47b595a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

upnpcont.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
exit
_cexit
_XcptFilter
_exit
_c_exit
_purecall
??3@YAXPAX@Z
_beginthreadex
??2@YAPAXI@Z
free
_endthreadex

atl

ord20
ord17
ord23
ord57
ord18
ord21
ord16
ord32

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW

kernel32

GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
GetCommandLineW
lstrcmpiW
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoW
GetLastError
InterlockedCompareExchange
ExitProcess
UnregisterWait
CreateThread
RegisterWaitForSingleObject
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
SetEvent
CloseHandle
WaitForSingleObject
GetModuleFileNameW
CreateEventW
GetFullPathNameW
OpenProcess

user32

GetMessageW
DispatchMessageW
DestroyWindow
CharNextW
PostThreadMessageW

ole32

CoInitializeEx
CoInitializeSecurity
CoResumeClassObjects
CoUninitialize
CoSuspendClassObjects
CoCreateInstance

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_faf494ba2ec6b695538b827e471e819a.vir
.vir .xll windows:6 windows x64 arch:x64
Virussign.2024.06.08/virussign.com_fb8a09c2bf4a306dc3ca4195658196f6.vir
Virussign.2024.06.08/virussign.com_fbe5f9f39094e1453dcd1101dc897020.vir
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

difxapi.pdb

Sections

.text
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Virussign.2024.06.08/virussign.com_fd6d30d2f1d435ab90d478ab11ed9353.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 32B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Virussign.2024.06.08/virussign.com_fdbef77f8caa182acf4aeb63541223b3.vir
.dll windows:5 windows x86 arch:x86

d0b0ab81bf0e4cd20070f6525db9fd67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Project\Windows\winscan_r\Release\ptm6500psrctr.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 233KB - Virtual size: 233KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 130KB - Virtual size: 130KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 96B

.rdata Size: 5KB - Virtual size: 4KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 1024B - Virtual size: 816B

.xdata Size: 1024B - Virtual size: 784B

.bss Size: - Virtual size: 512B

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

/4 Size: 512B - Virtual size: 20B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 72KB - Virtual size: 71KB

.data Size: 512B - Virtual size: 160B

.rdata Size: 19KB - Virtual size: 18KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 3KB - Virtual size: 3KB

.xdata Size: 4KB - Virtual size: 3KB

.bss Size: - Virtual size: 832B

.idata Size: 13KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

/4 Size: 512B - Virtual size: 20B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 72KB - Virtual size: 71KB

.data Size: 512B - Virtual size: 160B

.rdata Size: 19KB - Virtual size: 18KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 3KB - Virtual size: 3KB

.xdata Size: 4KB - Virtual size: 3KB

.bss Size: - Virtual size: 832B

.idata Size: 13KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

/4 Size: 512B - Virtual size: 20B

Headers

File Characteristics

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.data Size: 192KB - Virtual size: 281KB

/4 Size: 512B - Virtual size: 278B

/18 Size: 183KB - Virtual size: 183KB

/30 Size: 148KB - Virtual size: 147KB

/43 Size: 76KB - Virtual size: 76KB

/59 Size: 123KB - Virtual size: 123KB

/75 Size: 512B - Virtual size: 32B

/90 Size: 512B - Virtual size: 34B

/109 Size: 749KB - Virtual size: 748KB

.idata Size: 1024B - Virtual size: 882B

.text
Size: 233KB - Virtual size: 233KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 130KB - Virtual size: 130KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 96B

.rdata
Size: 5KB - Virtual size: 4KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 1024B - Virtual size: 816B

.xdata
Size: 1024B - Virtual size: 784B

.bss
Size: - Virtual size: 512B

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

/4
Size: 512B - Virtual size: 20B

.text
Size: 72KB - Virtual size: 71KB

.data
Size: 512B - Virtual size: 160B

.rdata
Size: 19KB - Virtual size: 18KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 3KB - Virtual size: 3KB

.xdata
Size: 4KB - Virtual size: 3KB

.bss
Size: - Virtual size: 832B

.idata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

/4
Size: 512B - Virtual size: 20B

.text
Size: 72KB - Virtual size: 71KB

.data
Size: 512B - Virtual size: 160B

.rdata
Size: 19KB - Virtual size: 18KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 3KB - Virtual size: 3KB

.xdata
Size: 4KB - Virtual size: 3KB

.bss
Size: - Virtual size: 832B

.idata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

/4
Size: 512B - Virtual size: 20B

.text
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 192KB - Virtual size: 281KB

/4
Size: 512B - Virtual size: 278B

/18
Size: 183KB - Virtual size: 183KB

/30
Size: 148KB - Virtual size: 147KB

/43
Size: 76KB - Virtual size: 76KB

/59
Size: 123KB - Virtual size: 123KB

/75
Size: 512B - Virtual size: 32B

/90
Size: 512B - Virtual size: 34B

/109
Size: 749KB - Virtual size: 748KB

.idata
Size: 1024B - Virtual size: 882B

.symtab
Size: 317KB - Virtual size: 316KB

.rsrc
Size: 95KB - Virtual size: 94KB

.text
Size: 652KB - Virtual size: 651KB

.rdata
Size: 936KB - Virtual size: 932KB

.data
Size: 72KB - Virtual size: 298KB

.rsrc
Size: 40KB - Virtual size: 36KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.msvcjmc
Size: 512B - Virtual size: 260B

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 44B

.rsrc
Size: 46KB - Virtual size: 48KB