Alloc
Call
Copy
Free
Get
Int64Op
Store
Overview
overview
7Static
static
7abd4ebc7de...18.exe
windows7-x64
7abd4ebc7de...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/Ultr...SO.exe
windows7-x64
3$TEMP/Ultr...SO.exe
windows10-2004-x64
1$TEMP/Ultr...ve.sys
windows7-x64
1$TEMP/Ultr...ve.sys
windows10-2004-x64
1$TEMP/Ultr...64.sys
windows7-x64
1$TEMP/Ultr...64.sys
windows10-2004-x64
1$TEMP/Ultr...md.exe
windows7-x64
1$TEMP/Ultr...md.exe
windows10-2004-x64
1$TEMP/Ultr...rt.exe
windows7-x64
1$TEMP/Ultr...rt.exe
windows10-2004-x64
1$TEMP/Ultr...rt.sys
windows7-x64
1$TEMP/Ultr...rt.sys
windows10-2004-x64
1$TEMP/Ultr...64.sys
windows7-x64
1$TEMP/Ultr...64.sys
windows10-2004-x64
1$TEMP/Ultr...ll.dll
windows7-x64
1$TEMP/Ultr...ll.dll
windows10-2004-x64
1$TEMP/Ultr...64.dll
windows7-x64
7$TEMP/Ultr...64.dll
windows10-2004-x64
7$TEMP/Ultr...cn.dll
windows7-x64
1$TEMP/Ultr...cn.dll
windows10-2004-x64
1Behavioral task
behavioral1
Sample
abd4ebc7de524df7df09438534a2dd31_JaffaCakes118.exe
Resource
win7-20240220-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
abd4ebc7de524df7df09438534a2dd31_JaffaCakes118.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
$TEMP/UltraISO/UltraISO.exe
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
$TEMP/UltraISO/UltraISO.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral7
Sample
$TEMP/UltraISO/drivers/ISODrive.sys
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
$TEMP/UltraISO/drivers/ISODrive.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral9
Sample
$TEMP/UltraISO/drivers/ISODrv64.sys
Resource
win7-20231129-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
$TEMP/UltraISO/drivers/ISODrv64.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral11
Sample
$TEMP/UltraISO/drivers/IsoCmd.exe
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral12
Sample
$TEMP/UltraISO/drivers/IsoCmd.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral13
Sample
$TEMP/UltraISO/drivers/bootpart.exe
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral14
Sample
$TEMP/UltraISO/drivers/bootpart.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral15
Sample
$TEMP/UltraISO/drivers/bootpart.sys
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral16
Sample
$TEMP/UltraISO/drivers/bootpart.sys
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral17
Sample
$TEMP/UltraISO/drivers/bootpt64.sys
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral18
Sample
$TEMP/UltraISO/drivers/bootpt64.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral19
Sample
$TEMP/UltraISO/isoshell.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral20
Sample
$TEMP/UltraISO/isoshell.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral21
Sample
$TEMP/UltraISO/isoshl64.dll
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral22
Sample
$TEMP/UltraISO/isoshl64.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral23
Sample
$TEMP/UltraISO/lang/lang_cn.dll
Resource
win7-20240611-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral24
Sample
$TEMP/UltraISO/lang/lang_cn.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
abd4ebc7de524df7df09438534a2dd31_JaffaCakes118
-
Size
1.4MB
-
MD5
abd4ebc7de524df7df09438534a2dd31
-
SHA1
c561cb219ed2fddae92cb4dfa63e6019d635882b
-
SHA256
fc5a9a253ec58e8fe63a57230df75df18ae0971810f6ed8c37b1d56ba1a2addb
-
SHA512
7091e30292dd775979196765ce67e657b8cf0fc8748e35708f892683019b238c9b43304b43fec582c827e339e2028a74e35d5c7e8b757f177238209001dca740
-
SSDEEP
24576:gpLcN3sVMycDsnO9bcP3HWSEeio1JW3xGIOYvUFqJQF2rYiveP5yOd9SVMEr+z:gpdVMycon+i32YJWrvUF3AvEyW9SVME4
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/$TEMP/UltraISO/UltraISO.exe aspack_v212_v242 -
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource abd4ebc7de524df7df09438534a2dd31_JaffaCakes118 unpack001/$PLUGINSDIR/System.dll unpack001/$TEMP/UltraISO/UltraISO.exe -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
abd4ebc7de524df7df09438534a2dd31_JaffaCakes118.exe windows:4 windows x86 arch:x86
099c0646ea7282d232219f8807883be0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 48KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
2017f2acbdaa42ab3e4adeb8b4c37e7b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 520B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/UltraISO/UltraISO.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Exports
Exports
@$xp$10TCCalendar
@$xp$17TPerformanceGraph
@$xp$17Taocntrr@TtaoKind
@$xp$17Taofrmts@ItaoLink
@$xp$17Taofrmts@TtaoLink
@$xp$18Taocntrr@EtaoError
@$xp$18Taofrmts@ItaoCells
@$xp$18Taofrmts@TtaoCells
@$xp$18Taofrmts@TtaoInURL
@$xp$19Taocntrr@TtaoFormat
@$xp$19Taocntrr@TtaoInKind
@$xp$19Taofrmts@TtaoInBiff
@$xp$19Taofrmts@TtaoInText
@$xp$19Taofrmts@TtaoIntArr
@$xp$19Taofrmts@TtaoOutRtf
@$xp$19Taofrmts@TtaoOutURL
@$xp$19Taofrmts@TtaoStrArr
@$xp$19Taofrmts@TtaoVarArr
@$xp$20Taocntrr@TtaoFormats
@$xp$20Taocntrr@TtaoOutKind
@$xp$20Taofrmts@TtaoInBiff5
@$xp$20Taofrmts@TtaoInBiff8
@$xp$20Taofrmts@TtaoInCells
@$xp$20Taofrmts@TtaoInHDrop
@$xp$20Taofrmts@TtaoOutText
@$xp$20Taofrmts@taoFrmts__1
@$xp$21Taocntrr@TtaoInFormat
@$xp$21Taocntrr@TtaoOleUIDlg
@$xp$21Taocntrr@taoCntrr__31
@$xp$21Taocntrr@taoCntrr__41
@$xp$21Taofrmts@TtaoAlignArr
@$xp$21Taofrmts@TtaoOutBiff8
@$xp$21Taofrmts@TtaoOutCells
@$xp$21Taofrmts@TtaoOutHDrop
@$xp$22Taocntrr@TtaoDirection
@$xp$22Taocntrr@TtaoOutFormat
@$xp$22Taofrmts@ItaoPropCells
@$xp$22Taofrmts@TtaoVarArrArr
@$xp$23Taocntrr@TtaoController
@$xp$23Taocntrr@TtaoDropEffect
@$xp$23Taocntrr@TtaoFormatList
@$xp$23Taocntrr@TtaoWinControl
@$xp$24Taocntrr@TtaoDragCursors
@$xp$24Taocntrr@TtaoFormatClass
@$xp$24Taofrmts@ItaoHeadedCells
@$xp$24Taofrmts@TtaoHeadedCells
@$xp$24Taofrmts@TtaoInOEMessage
@$xp$25Taocntrr@TtaoGetDataEvent
@$xp$25Taocntrr@TtaoPasteSpclDlg
@$xp$25Taocntrr@TtaoSetDataEvent
@$xp$25Taocntrr@TtaoTypeOfMedium
@$xp$25Taocntrr@TtaoUpdateAction
@$xp$26Taocntrr@TtaoExecuteAction
@$xp$26Taocntrr@TtaoPickTestEvent
@$xp$26Taocntrr@TtaoTypeOfMediums
@$xp$26Taofrmts@ItaoColumnarCells
@$xp$26Taofrmts@TtaoColumnarCells
@$xp$26Taofrmts@TtaoInShellIDList
@$xp$26Taofrmts@TtaoInUnicodeText
@$xp$27Cdiroutl@TCDirectoryOutline
@$xp$27Taocntrr@TtaoDataViewAspect
@$xp$27Taocntrr@TtaoInCustomFormat
@$xp$27Taofrmts@TtaoInFileContents
@$xp$27Taofrmts@TtaoInURLNetscape4
@$xp$27Taofrmts@TtaoOutFileNameMap
@$xp$27Taofrmts@TtaoOutShellIDList
@$xp$27Taofrmts@TtaoOutURLShortcut
@$xp$27Taofrmts@TtaoOutUnicodeText
@$xp$28Taocntrr@TtaoGetDataOutEvent
@$xp$28Taocntrr@TtaoOutCustomFormat
@$xp$28Taocntrr@TtaoPasteSpecialDlg
@$xp$28Taocntrr@TtaoScrollDirection
@$xp$28Taofrmts@TtaoInFileContentsW
@$xp$28Taofrmts@TtaoOutFileContents
@$xp$28Taofrmts@TtaoOutURLNetscape4
@$xp$29Taocntrr@TtaoControllerOption
@$xp$29Taocntrr@TtaoPasteSpecialFlag
@$xp$29Taocntrr@TtaoScrollDirections
@$xp$30Taocntrr@TtaoControllerOptions
@$xp$30Taocntrr@TtaoPasteSpecialFlags
@$xp$30Taocntrr@TtaoSetDataPasteEvent
@$xp$30Taocntrr@TtaoUpdateActionEvent
@$xp$30Taofrmts@TtaoOutFileDescriptor
@$xp$31Taocntrr@TtaoExecuteActionEvent
@$xp$31Taocntrr@TtaoSetDataTargetEvent
@$xp$31Taofrmts@TtaoOutFileDescriptorW
@$xp$31Taofrmts@TtaoOutPreferredEffect
@$xp$32Taocntrr@TtaoFlushClipboardEvent
@$xp$32Taocntrr@TtaoTargetFeedbackEvent
@$xp$32Taofrmts@TtaoOutURLShortcutTitle
@$xp$38Taocntrr@TtaoPasteSpecialLinkTypeRange
@$xp$7TCGauge
@@Ccalendr@Finalize
@@Ccalendr@Initialize
@@Cdiroutl@Finalize
@@Cdiroutl@Initialize
@@Cgauges@Finalize
@@Cgauges@Initialize
@@Perfgrap@Finalize
@@Perfgrap@Initialize
@@Ufrmabout@Finalize
@@Ufrmabout@Initialize
@@Ufrmburn@Finalize
@@Ufrmburn@Initialize
@@Ufrmcdiso@Finalize
@@Ufrmcdiso@Initialize
@@Ufrmchangelabel@Finalize
@@Ufrmchangelabel@Initialize
@@Ufrmcheck@Finalize
@@Ufrmcheck@Initialize
@@Ufrmchecksum@Finalize
@@Ufrmchecksum@Initialize
@@Ufrmcompress@Finalize
@@Ufrmcompress@Initialize
@@Ufrmconfig@Finalize
@@Ufrmconfig@Initialize
@@Ufrmconvert@Finalize
@@Ufrmconvert@Initialize
@@Ufrmcustomimage@Finalize
@@Ufrmcustomimage@Initialize
@@Ufrmdialog@Finalize
@@Ufrmdialog@Initialize
@@Ufrmdiskimage@Finalize
@@Ufrmdiskimage@Initialize
@@Ufrmdiskproperty@Finalize
@@Ufrmdiskproperty@Initialize
@@Ufrmencrypt@Finalize
@@Ufrmencrypt@Initialize
@@Ufrmfileattribute@Finalize
@@Ufrmfileattribute@Initialize
@@Ufrmfloppy@Finalize
@@Ufrmfloppy@Initialize
@@Ufrmghost@Finalize
@@Ufrmghost@Initialize
@@Ufrmimageformat@Finalize
@@Ufrmimageformat@Initialize
@@Ufrmlog@Finalize
@@Ufrmlog@Initialize
@@Ufrmmain@Finalize
@@Ufrmmain@Initialize
@@Ufrmopencd@Finalize
@@Ufrmopencd@Initialize
@@Ufrmpart@Finalize
@@Ufrmpart@Initialize
@@Ufrmpassword@Finalize
@@Ufrmpassword@Initialize
@@Ufrmpro@Finalize
@@Ufrmpro@Initialize
@@Ufrmprogress@Finalize
@@Ufrmprogress@Initialize
@@Ufrmregister@Finalize
@@Ufrmregister@Initialize
@@Ufrmsearch@Finalize
@@Ufrmsearch@Initialize
@@Ufrmsession@Finalize
@@Ufrmsession@Initialize
@@Ufrmsimsave@Finalize
@@Ufrmsimsave@Initialize
@@Ufrmstartup@Finalize
@@Ufrmstartup@Initialize
@@Ufrmusbwrite@Finalize
@@Ufrmusbwrite@Initialize
@@Ufrmvcd@Finalize
@@Ufrmvcd@Initialize
@@Ufrmwaitmedia@Finalize
@@Ufrmwaitmedia@Initialize
@Cdiroutl@TCDirectoryOutline@
@Cdiroutl@TCDirectoryOutline@$bctr$qqrp18Classes@TComponent
@Cdiroutl@TCDirectoryOutline@APointer
@Cdiroutl@TCDirectoryOutline@AssignCaseProc$qqrv
@Cdiroutl@TCDirectoryOutline@BuildOneLevel$qqrl
@Cdiroutl@TCDirectoryOutline@BuildSubTree$qqrl
@Cdiroutl@TCDirectoryOutline@BuildTree$qqrv
@Cdiroutl@TCDirectoryOutline@Change$qqrv
@Cdiroutl@TCDirectoryOutline@Click$qqrv
@Cdiroutl@TCDirectoryOutline@CreateWnd$qqrv
@Cdiroutl@TCDirectoryOutline@CurDir$qv
@Cdiroutl@TCDirectoryOutline@DriveToInt$qqrc
@Cdiroutl@TCDirectoryOutline@Expand$qqri
@Cdiroutl@TCDirectoryOutline@ForceCase$qqrrx17System@AnsiString
@Cdiroutl@TCDirectoryOutline@GetChildNamed$qqrrx17System@AnsiStringl
@Cdiroutl@TCDirectoryOutline@InvalidIndex
@Cdiroutl@TCDirectoryOutline@Loaded$qqrv
@Cdiroutl@TCDirectoryOutline@RootIndex
@Cdiroutl@TCDirectoryOutline@SetDirectory$qqr17System@AnsiString
@Cdiroutl@TCDirectoryOutline@SetDrive$qqrc
@Cdiroutl@TCDirectoryOutline@SetTextCase$qqr18Cdiroutl@TTextCase
@Cdiroutl@TCDirectoryOutline@WalkTree$qqrrx17System@AnsiString
@System@TObject@ClassNameIs$qqrx17System@AnsiString
@TCCalendar@
@TCCalendar@$bctr$qqrp18Classes@TComponent
@TCCalendar@Change$qqrv
@TCCalendar@ChangeMonth$qqri
@TCCalendar@Click$qqrv
@TCCalendar@DaysPerMonth$qqrii
@TCCalendar@DaysThisMonth$qqrv
@TCCalendar@Dispatch$qqrpv
@TCCalendar@DrawCell$qqriirx11Types@TRect42System@%Set$t14Grids@Grids__3$iuc$0$iuc$2%
@TCCalendar@GetCellText$qqrii
@TCCalendar@GetDateElement$qqri
@TCCalendar@IsLeapYear$qqri
@TCCalendar@NextMonth$qqrv
@TCCalendar@NextYear$qqrv
@TCCalendar@PrevMonth$qqrv
@TCCalendar@PrevYear$qqrv
@TCCalendar@SeTCCalendarDate$qqr16System@TDateTime
@TCCalendar@SelectCell$qqrii
@TCCalendar@SetDateElement$qqrii
@TCCalendar@SetStartOfWeek$qqrs
@TCCalendar@SetUseCurrentDate$qqro
@TCCalendar@StoreCalendarDate$qqrv
@TCCalendar@UpdateCalendar$qqrv
@TCCalendar@WMSize$qqrr16Messages@TWMSize
@TCGauge@
@TCGauge@$bctr$qqrp18Classes@TComponent
@TCGauge@AddProgress$qqrl
@TCGauge@GetPercentDone$qqrv
@TCGauge@Paint$qqrv
@TCGauge@PaintAsBar$qqrp16Graphics@TBitmaprx11Types@TRect
@TCGauge@PaintAsNeedle$qqrp16Graphics@TBitmaprx11Types@TRect
@TCGauge@PaintAsNothing$qqrp16Graphics@TBitmaprx11Types@TRect
@TCGauge@PaintAsPie$qqrp16Graphics@TBitmaprx11Types@TRect
@TCGauge@PaintAsText$qqrp16Graphics@TBitmaprx11Types@TRect
@TCGauge@PaintBackground$qqrp16Graphics@TBitmap
@TCGauge@SeTCGaugeKind$qqr11TCGaugeKind
@TCGauge@SetBackColor$qqr15Graphics@TColor
@TCGauge@SetBaseSize$qqrl
@TCGauge@SetBorderStyle$qqr22Forms@TFormBorderStyle
@TCGauge@SetForeColor$qqr15Graphics@TColor
@TCGauge@SetMaxValue$qqrl
@TCGauge@SetMediaName$qqrpc
@TCGauge@SetMinValue$qqrl
@TCGauge@SetProgress$qqrl
@TCGauge@SetShowText$qqro
@TPerformanceGraph@
@TPerformanceGraph@$bctr$qqrp18Classes@TComponent
@TPerformanceGraph@$bdtr$qqrv
@TPerformanceGraph@DataPoint$qqr15Graphics@TColorl
@TPerformanceGraph@DisplayPoints$qqrl
@TPerformanceGraph@FirstY$qqrv
@TPerformanceGraph@GetBandCount$qqrv
@TPerformanceGraph@Initialize$qqrl
@TPerformanceGraph@LastY$qqri
@TPerformanceGraph@NextY$qqri
@TPerformanceGraph@Paint$qqrv
@TPerformanceGraph@PaintBar$qqr15Graphics@TColorll
@TPerformanceGraph@PaintLine$qqr15Graphics@TColorll
@TPerformanceGraph@ReallocHistory$qqrv
@TPerformanceGraph@Replay$qqrv
@TPerformanceGraph@RoundUp$qqrll
@TPerformanceGraph@ScrollGraph$qqrv
@TPerformanceGraph@SetBackColor$qqr15Graphics@TColor
@TPerformanceGraph@SetForeColor$qqr15Graphics@TColor
@TPerformanceGraph@SetGradient$qqrl
@TPerformanceGraph@SetGraphKind$qqr10TGraphKind
@TPerformanceGraph@SetGridSize$qqrl
@TPerformanceGraph@SetGridlines$qqro
@TPerformanceGraph@SetPenWidth$qqrl
@TPerformanceGraph@SetScale$qqrl
@TPerformanceGraph@SetStepSize$qqrl
@TPerformanceGraph@ShiftY$qqrv
@TPerformanceGraph@Update$qqrv
@Taocntrr@AutoDragDrop$qqrp14System@TObjectt1ii
@Taocntrr@AutoDragOver$qqrp14System@TObjectt1ii19Controls@TDragStatero
@Taocntrr@DropEffectToInt$qqr23Taocntrr@TtaoDropEffect
@Taocntrr@EtaoError@
@Taocntrr@Finalization$qqrv
@Taocntrr@FindController$qqrp14System@TObject
@Taocntrr@IntToDropEffect$qqri
@Taocntrr@KeyStateToDropEffect$qqriri
@Taocntrr@TransferError$qqrx17System@AnsiStringp18Classes@TComponent
@Taocntrr@TtaoController@
@Taocntrr@TtaoController@$bctr$qqrp18Classes@TComponent
@Taocntrr@TtaoController@$bdtr$qqrv
@Taocntrr@TtaoController@AcceptableDataObject$qqrx39System@%DelphiInterface$t11IDataObject%17Taocntrr@TtaoKindoop23Taocntrr@TtaoFormatList
@Taocntrr@TtaoController@CanCopy$qqrv
@Taocntrr@TtaoController@CanDelete$qqrv
@Taocntrr@TtaoController@CanFlushClipboard$qqrv
@Taocntrr@TtaoController@CanPaste$qqrv
@Taocntrr@TtaoController@CanPickUp$qqrrx12Types@TPoint
@Taocntrr@TtaoController@CanRedo$qqrv
@Taocntrr@TtaoController@CanSelectAll$qqrv
@Taocntrr@TtaoController@CanUndo$qqrv
@Taocntrr@TtaoController@ControlOnEndDrag$qqrp14System@TObjectt1ii
@Taocntrr@TtaoController@ControlOnStartDrag$qqrp14System@TObjectrp20Controls@TDragObject
@Taocntrr@TtaoController@ControlRemoveHook$qqrv
@Taocntrr@TtaoController@ControlSetHook$qqrv
@Taocntrr@TtaoController@Copy$qqrv
@Taocntrr@TtaoController@CreateFormats$qqrv
@Taocntrr@TtaoController@CreateTargetDragObject$qqrv
@Taocntrr@TtaoController@CursorPos$qqrv
@Taocntrr@TtaoController@CustomizableFormatClass$qqr22Taocntrr@TtaoDirection
@Taocntrr@TtaoController@Cut$qqrv
@Taocntrr@TtaoController@DataObject_EnumFormatEtc$qqrr42System@%DelphiInterface$t14IEnumFORMATETC%17Taocntrr@TtaoKind
@Taocntrr@TtaoController@DataObject_GetCanonicalFormatEtc$qqrrx12tagFORMATETCr12tagFORMATETC17Taocntrr@TtaoKind
@Taocntrr@TtaoController@DataObject_GetData$qqrrx12tagFORMATETCr12tagSTGMEDIUM17Taocntrr@TtaoKind
@Taocntrr@TtaoController@DataObject_GetDataHere$qqrrx12tagFORMATETCr12tagSTGMEDIUM17Taocntrr@TtaoKind
@Taocntrr@TtaoController@DataObject_QueryGetData$qqrrx12tagFORMATETC17Taocntrr@TtaoKind
@Taocntrr@TtaoController@DataObject_SetData$qqrrx12tagFORMATETCr12tagSTGMEDIUMo17Taocntrr@TtaoKind
@Taocntrr@TtaoController@DefaultHandler$qqrpv
@Taocntrr@TtaoController@Delete$qqrv
@Taocntrr@TtaoController@DoBeforeLeftButtonDown$qqr46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%ii
@Taocntrr@TtaoController@DragCaptureSetHook$qqrui
@Taocntrr@TtaoController@DragCaptureWndMethod$qqrr17Messages@TMessage
@Taocntrr@TtaoController@DragCursor$qqri
@Taocntrr@TtaoController@DragDone$qqro
@Taocntrr@TtaoController@DragDrop$qqrp14System@TObjectii
@Taocntrr@TtaoController@DragMessage$qqr21Controls@TDragMessagepvrx12Types@TPoint
@Taocntrr@TtaoController@DragOver$qqrp14System@TObjectii19Controls@TDragStatero
@Taocntrr@TtaoController@DragTo$qqrrx12Types@TPoint
@Taocntrr@TtaoController@DropEffectsSource$qqro
@Taocntrr@TtaoController@DropEffectsTarget$qqro
@Taocntrr@TtaoController@DropSource_GiveFeedback$qqri
@Taocntrr@TtaoController@DropSource_QueryContinueDrag$qqroi
@Taocntrr@TtaoController@DropTarget_DragEnter$qqrx39System@%DelphiInterface$t11IDataObject%irx12Types@TPointri
@Taocntrr@TtaoController@DropTarget_Drop$qqrx39System@%DelphiInterface$t11IDataObject%irx12Types@TPointri
@Taocntrr@TtaoController@EMCanRedo$qqrr17Messages@TMessage
@Taocntrr@TtaoController@EMCanUndo$qqrr17Messages@TMessage
@Taocntrr@TtaoController@EMRedo$qqrr17Messages@TMessage
@Taocntrr@TtaoController@EMUndo$qqrr17Messages@TMessage
@Taocntrr@TtaoController@ExecutePasteSpecial$qqrx39System@%DelphiInterface$t11IDataObject%
@Taocntrr@TtaoController@FlushClipboard$qqrv
@Taocntrr@TtaoController@FormatList$qqr17Taocntrr@TtaoKind
@Taocntrr@TtaoController@FormatList$qqr22Taocntrr@TtaoDirection
@Taocntrr@TtaoController@FreeTargetDragObject$qqrv
@Taocntrr@TtaoController@GetChildren$qqrynpqqrp18Classes@TComponent$vp18Classes@TComponent
@Taocntrr@TtaoController@GetControlClass$qqrv
@Taocntrr@TtaoController@GetData$qqr17Taocntrr@TtaoKind
@Taocntrr@TtaoController@GetDefaultFormats$qqr22Taocntrr@TtaoDirectionp16Classes@TStrings
@Taocntrr@TtaoController@GetInPrefferedEffect$qqrv
@Taocntrr@TtaoController@GetOptionsAllowed$qqrv
@Taocntrr@TtaoController@GetOptionsDefault$qqrv
@Taocntrr@TtaoController@GiveFeedback$qqrxi
@Taocntrr@TtaoController@HoverTimerOnTimer$qqrp14System@TObject
@Taocntrr@TtaoController@IDropTarget_DragLeave$qqrv
@Taocntrr@TtaoController@IDropTarget_DragOver$qqrirx12Types@TPointri
@Taocntrr@TtaoController@KeepDragOrigin$qqrv
@Taocntrr@TtaoController@LeftButtonDown$qqr46System@%Set$t18Classes@Classes__1$iuc$0$iuc$6%rx12Types@TPoint
@Taocntrr@TtaoController@Notification$qqrp18Classes@TComponent18Classes@TOperation
@Taocntrr@TtaoController@OleDragDrop$qqrv
@Taocntrr@TtaoController@Paste$qqro
@Taocntrr@TtaoController@Perform$qqruiii
@Taocntrr@TtaoController@PopulateList$qqrp16Classes@TStringspxp17System@TMetaClassxi
@Taocntrr@TtaoController@QdCanCopy$qqrr17Messages@TMessage
@Taocntrr@TtaoController@QdCanCut$qqrr17Messages@TMessage
@Taocntrr@TtaoController@QdCanDelete$qqrr17Messages@TMessage
@Taocntrr@TtaoController@QdCanPaste$qqrr17Messages@TMessage
@Taocntrr@TtaoController@QdCanSelectAll$qqrr17Messages@TMessage
@Taocntrr@TtaoController@QdFindController$qqrr17Messages@TMessage
@Taocntrr@TtaoController@QdPasteSpecial$qqrr17Messages@TMessage
@Taocntrr@TtaoController@Redo$qqrv
@Taocntrr@TtaoController@RegisterTarget$qqrv
@Taocntrr@TtaoController@ReleaseSnapshot$qqrv
@Taocntrr@TtaoController@RevokeTarget$qqrv
@Taocntrr@TtaoController@ScrollTest$qqrrx12Types@TPoint
@Taocntrr@TtaoController@ScrollTimerOnTimer$qqrp14System@TObject
@Taocntrr@TtaoController@SelectAll$qqrv
@Taocntrr@TtaoController@SetControl$qqrpx20Controls@TWinControl
@Taocntrr@TtaoController@SetCursor$qqrr21Messages@TWMSetCursor
@Taocntrr@TtaoController@SetData$qqr17Taocntrr@TtaoKindx45System@%DelphiInterface$t17System@IInterface%rx12Types@TPoint
@Taocntrr@TtaoController@SetFeedbackBrush$qqrp15Graphics@TBrush
@Taocntrr@TtaoController@SetFormats$qqrp20Taocntrr@TtaoFormats
@Taocntrr@TtaoController@SetInPrefferedEffect$qqr23Taocntrr@TtaoDropEffect
@Taocntrr@TtaoController@SetOptions$qqrx58System@%Set$t29Taocntrr@TtaoControllerOption$iuc$0$iuc$18%
@Taocntrr@TtaoController@SetPasteSpecialDlg$qqrp28Taocntrr@TtaoPasteSpecialDlg
@Taocntrr@TtaoController@SetScrollDirections$qqrx56System@%Set$t28Taocntrr@TtaoScrollDirection$iuc$0$iuc$3%
@Taocntrr@TtaoController@TargetFeedback$qqr19Controls@TDragStateorx12Types@TPoint
@Taocntrr@TtaoController@Undo$qqrv
@Taocntrr@TtaoController@WMClear$qqrr17Messages@TMessage
@Taocntrr@TtaoController@WMCopy$qqrr17Messages@TMessage
@Taocntrr@TtaoController@WMCut$qqrr17Messages@TMessage
@Taocntrr@TtaoController@WMPaste$qqrr17Messages@TMessage
@Taocntrr@TtaoController@WMSetSel$qqrr17Messages@TMessage
@Taocntrr@TtaoController@WndProc$qqrr17Messages@TMessage
@Taocntrr@TtaoDragCursors@
@Taocntrr@TtaoDragCursors@$bctr$qqrp18Classes@TComponent
@Taocntrr@TtaoDragCursors@$bdtr$qqrv
@Taocntrr@TtaoFormat@
@Taocntrr@TtaoFormat@$bctr$qqrp18Classes@TComponent
@Taocntrr@TtaoFormat@$bdtr$qqrv
@Taocntrr@TtaoFormat@Direction$qqrp17System@TMetaClass
@Taocntrr@TtaoFormat@FormatEtc$qqrv
@Taocntrr@TtaoFormat@GetAspect$qqrv
@Taocntrr@TtaoFormat@GetFormatName$qqrv
@Taocntrr@TtaoFormat@GetMediums$qqrv
@Taocntrr@TtaoFormat@GetParentComponent$qqrv
@Taocntrr@TtaoFormat@HasParent$qqrv
@Taocntrr@TtaoFormat@SetAspect$qqrx27Taocntrr@TtaoDataViewAspect
@Taocntrr@TtaoFormat@SetController$qqrpx18Classes@TComponent
@Taocntrr@TtaoFormat@SetFormatName$qqrx17System@AnsiString
@Taocntrr@TtaoFormat@SetMediums$qqrx53System@%Set$t25Taocntrr@TtaoTypeOfMedium$iuc$0$iuc$7%
@Taocntrr@TtaoFormat@SetParentComponent$qqrp18Classes@TComponent
@Taocntrr@TtaoFormat@ValidFormatEtc$qqrrx12tagFORMATETC
@Taocntrr@TtaoFormatList@
@Taocntrr@TtaoFormatList@GetFormat$qqri
@Taocntrr@TtaoFormats@
@Taocntrr@TtaoFormats@$bctr$qqrp23Taocntrr@TtaoController
@Taocntrr@TtaoFormats@$bdtr$qqrv
@Taocntrr@TtaoFormats@Assign$qqrp19Classes@TPersistent
@Taocntrr@TtaoFormats@DefineProperties$qqrp14Classes@TFiler
@Taocntrr@TtaoFormats@FormatList$qqr17Taocntrr@TtaoKind
@Taocntrr@TtaoFormats@FormatList$qqr22Taocntrr@TtaoDirection
@Taocntrr@TtaoFormats@ReadDefault$qqrp15Classes@TReader
@Taocntrr@TtaoFormats@WriteDefault$qqrp15Classes@TWriter
@Taocntrr@TtaoInCustomFormat@
@Taocntrr@TtaoInCustomFormat@$bctr$qqrp18Classes@TComponent
@Taocntrr@TtaoInCustomFormat@GetPasteSpecialFlags$qqrv
@Taocntrr@TtaoInCustomFormat@SetData$qqrx39System@%DelphiInterface$t11IDataObject%
@Taocntrr@TtaoInCustomFormat@SetPasteSpecialFlags$qqrx57System@%Set$t29Taocntrr@TtaoPasteSpecialFlag$iuc$0$iuc$3%
@Taocntrr@TtaoInFormat@
@Taocntrr@TtaoInFormat@SetData$qqrx39System@%DelphiInterface$t11IDataObject%
@Taocntrr@TtaoOleUIDlg@
@Taocntrr@TtaoOleUIDlg@Execute$qqrv
@Taocntrr@TtaoOleUIDlg@FillCommonInfo$qqrpvi
@Taocntrr@TtaoOutCustomFormat@
@Taocntrr@TtaoOutCustomFormat@DataObjectSetData$qqrrx12tagFORMATETCr12tagSTGMEDIUMo17Taocntrr@TtaoKindro
@Taocntrr@TtaoOutCustomFormat@GetData$qqrx45System@%DelphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo
@Taocntrr@TtaoOutFormat@
@Taocntrr@TtaoOutFormat@GetData$qqrx45System@%DelphiInterface$t17System@IInterface%rx12tagFORMATETCr12tagSTGMEDIUMo
@Taocntrr@TtaoPasteSpclDlg@
@Taocntrr@TtaoPasteSpclDlg@$bctr$qqrp23Taocntrr@TtaoControllerx39System@%DelphiInterface$t11IDataObject%
@Taocntrr@TtaoPasteSpclDlg@$bdtr$qqrv
@Taocntrr@TtaoPasteSpclDlg@Execute$qqrv
@Taocntrr@TtaoPasteSpclDlg@FillClsidExclude$qqrpx16Classes@TStrings
@Taocntrr@TtaoPasteSpclDlg@FillFormats$qqrpx13Classes@TList
@Taocntrr@TtaoPasteSpecialDlg@
@Taocntrr@TtaoPasteSpecialDlg@$bctr$qqrp23Taocntrr@TtaoController
@Taocntrr@TtaoPasteSpecialDlg@$bdtr$qqrv
@Taocntrr@TtaoPasteSpecialDlg@Assign$qqrp19Classes@TPersistent
@Taocntrr@TtaoPasteSpecialDlg@Flags$qqrv
@Taocntrr@TtaoPasteSpecialDlg@SetClsidExclude$qqrpx16Classes@TStrings
@Taocntrr@TtaoWinControl@
@Taocntrr@TtaoWinControl@CanCopy$qqrv
@Taocntrr@TtaoWinControl@CanDelete$qqrv
@Taocntrr@TtaoWinControl@CanPaste$qqrv
@Taocntrr@TtaoWinControl@CanPickUp$qqrrx12Types@TPoint
@Taocntrr@TtaoWinControl@CanRedo$qqrv
@Taocntrr@TtaoWinControl@CanSelectAll$qqrv
@Taocntrr@TtaoWinControl@CanUndo$qqrv
@Taocntrr@TtaoWinControl@Delete$qqrv
@Taocntrr@TtaoWinControl@DoExecuteAction$qqr26Taocntrr@TtaoExecuteAction
@Taocntrr@TtaoWinControl@DoUpdateAction$qqr25Taocntrr@TtaoUpdateAction
@Taocntrr@TtaoWinControl@GetControlClass$qqrv
@Taocntrr@TtaoWinControl@GetData$qqr17Taocntrr@TtaoKind
@Taocntrr@TtaoWinControl@GetDefaultFormats$qqr22Taocntrr@TtaoDirectionp16Classes@TStrings
@Taocntrr@TtaoWinControl@Redo$qqrv
@Taocntrr@TtaoWinControl@SelectAll$qqrv
@Taocntrr@TtaoWinControl@SetData$qqr17Taocntrr@TtaoKindx45System@%DelphiInterface$t17System@IInterface%rx12Types@TPoint
@Taocntrr@TtaoWinControl@TargetFeedback$qqr19Controls@TDragStateorx12Types@TPoint
@Taocntrr@TtaoWinControl@Undo$qqrv
@Taocntrr@initialization$qqrv
@Taofrmts@Finalization$qqrv
@Taofrmts@ObjectToText$qqrp18Classes@TComponent
@Taofrmts@QueryPrefferedEffect$qqrp27Taocntrr@TtaoInCustomFormatx39System@%DelphiInterface$t11IDataObject%
@Taofrmts@SingleCell$qqrx46System@%DelphiInterface$t18Taofrmts@ItaoCells%
@Taofrmts@StreamToText$qqrp15Classes@TStreami
@Taofrmts@TextToObject$qqrx17System@AnsiStringp18Classes@TComponent
@Taofrmts@TextToStream$qqrx17System@AnsiStringp15Classes@TStream
@Taofrmts@TtaoCells@
@Taofrmts@TtaoCells@$bctr$qqrii
@Taofrmts@TtaoCells@$bdtr$qqrv
@Taofrmts@TtaoCells@CellsRow$qqri
@Taofrmts@TtaoCells@CheckCoords$qqrii
@Taofrmts@TtaoCells@CheckCoords$qqriiii
@Taofrmts@TtaoCells@ColCount$qqrv
@Taofrmts@TtaoCells@DeleteRow$qqri
@Taofrmts@TtaoCells@GetProperty$qqrx17System@AnsiString
@Taofrmts@TtaoCells@GetValue$qqrii
@Taofrmts@TtaoCells@PropertyNames$qqrv
@Taofrmts@TtaoCells@RowCount$qqrv
@Taofrmts@TtaoCells@SetProperty$qqrx17System@AnsiStringrx14System@Variant
@Taofrmts@TtaoCells@SetValue$qqriirx14System@Variant
@Taofrmts@TtaoColumnarCells@
@Taofrmts@TtaoColumnarCells@$bdtr$qqrv
@Taofrmts@TtaoColumnarCells@DefaultValue$qqrxipxv
@Taofrmts@TtaoColumnarCells@DisplayStyles$qqrv
@Taofrmts@TtaoColumnarCells@GetAlignment$qqri
@Taofrmts@TtaoColumnarCells@GetDisplayFormat$qqrix17System@AnsiString
@Taofrmts@TtaoColumnarCells@GetFont$qqrv
@Taofrmts@TtaoColumnarCells@GetWidth$qqri
@Taofrmts@TtaoColumnarCells@SetAlignment$qqri18Classes@TAlignment
@Taofrmts@TtaoColumnarCells@SetDisplayFormat$qqri17System@AnsiStringrx14System@Variant
@Taofrmts@TtaoColumnarCells@SetFont$qqrp14Graphics@TFont
@Taofrmts@TtaoColumnarCells@SetWidth$qqrii
@Taofrmts@TtaoHeadedCells@
@Taofrmts@TtaoHeadedCells@GetTitle$qqri
@Taofrmts@TtaoHeadedCells@SetTitle$qqri17System@AnsiString
@Taofrmts@TtaoInBiff5@
@Taofrmts@TtaoInBiff5@$bctr$qqrp18Classes@TComponent
@Taofrmts@TtaoInBiff8@
@Taofrmts@TtaoInBiff8@$bctr$qqrp18Classes@TComponent
@Taofrmts@TtaoInBiff@
@Taofrmts@TtaoInBiff@Parse$qqrx34System@%DelphiInterface$t7IStream%
@Taofrmts@TtaoInBiff@SetData$qqrx39System@%DelphiInterface$t11IDataObject%
@Taofrmts@TtaoInCells@
@Taofrmts@TtaoInCells@$bctr$qqrp18Classes@TComponent
@Taofrmts@TtaoInCells@SetData$qqrx39System@%DelphiInterface$t11IDataObject%
@Taofrmts@TtaoInFileContents@
@Taofrmts@TtaoInFileContents@$bctr$qqrp18Classes@TComponent
@Taofrmts@TtaoInFileContents@CopyStream$qqrx34System@%DelphiInterface$t7IStream%
Sections
.text Size: 748KB - Virtual size: 2.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 212KB - Virtual size: 5.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 35KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 223KB - Virtual size: 684KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: - Virtual size: 152KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ezbexe Size: 23KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
$TEMP/UltraISO/drivers/ISODrive.sys.sys windows:5 windows x86 arch:x86
92ceb94f309a340920bfdd2ca5a3b1c7
Code Sign
04:00:00:00:00:01:2f:4e:e1:52:d7Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After28/01/2028, 12:00SubjectCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:2f:4e:e1:35:5cCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After13/04/2019, 10:00SubjectCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate
IssuerCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BENot Before23/08/2013, 00:00Not After23/09/2024, 00:00SubjectCN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SGExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
11:21:1b:6c:1d:76:87:d7:89:b2:b9:11:8c:0d:96:22:c4:2fCertificate
IssuerCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BENot Before19/11/2013, 03:22Not After19/11/2016, 03:22SubjectCN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0b:7f:6b:00:00:00:00:00:19Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:00Not After23/05/2016, 17:10SubjectCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
dd:de:b4:2a:d6:d7:aa:c4:83:b0:a6:c1:83:05:ea:94:b7:43:5b:72Signer
Actual PE Digestdd:de:b4:2a:d6:d7:aa:c4:83:b0:a6:c1:83:05:ea:94:b7:43:5b:72Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\winddk\isodrive\driver\objfre_wnet_x86\i386\ISODrive.pdb
Imports
ntoskrnl.exe
IoDeleteDevice
ZwOpenSymbolicLinkObject
IoCreateSymbolicLink
KeSetEvent
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
KeInitializeSpinLock
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlQueryRegistryValues
RtlInitUnicodeString
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
IoDeleteSymbolicLink
IofCompleteRequest
RtlCopyUnicodeString
ProbeForWrite
_except_handler3
MmMapLockedPagesSpecifyCache
IofCallDriver
KeGetCurrentThread
IoAllocateIrp
IoGetRelatedDeviceObject
NtAdjustPrivilegesToken
ZwOpenProcessToken
RtlCompareMemory
ZwReadFile
_allmul
_allshr
ExfInterlockedRemoveHeadList
PsRevertToSelf
SeImpersonateClient
PsTerminateSystemThread
IoSetHardErrorOrVerifyDevice
ExfInterlockedInsertTailList
SeCreateClientSecurity
ZwQueryInformationFile
ZwCreateFile
_alldiv
KeTickCount
KeBugCheckEx
Sections
.text Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 512B - Virtual size: 366B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/UltraISO/drivers/ISODrv64.sys.sys windows:5 windows x64 arch:x64
ca96b7f2935e037ae9b674cc940efc40
Code Sign
04:00:00:00:00:01:2f:4e:e1:52:d7Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After28/01/2028, 12:00SubjectCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:2f:4e:e1:35:5cCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After13/04/2019, 10:00SubjectCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate
IssuerCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BENot Before23/08/2013, 00:00Not After23/09/2024, 00:00SubjectCN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SGExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
11:21:1b:6c:1d:76:87:d7:89:b2:b9:11:8c:0d:96:22:c4:2fCertificate
IssuerCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BENot Before19/11/2013, 03:22Not After19/11/2016, 03:22SubjectCN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0b:7f:6b:00:00:00:00:00:19Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:00Not After23/05/2016, 17:10SubjectCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d3:88:77:8f:92:1a:09:c3:82:ed:c0:d5:da:70:19:f0:00:96:93:77Signer
Actual PE Digestd3:88:77:8f:92:1a:09:c3:82:ed:c0:d5:da:70:19:f0:00:96:93:77Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
d:\winddk\isodrive\driver\objfre_wnet_AMD64\amd64\ISODrive.pdb
Imports
ntoskrnl.exe
ZwOpenSymbolicLinkObject
IoCreateSymbolicLink
KeSetEvent
ZwClose
ObReferenceObjectByHandle
IoDeleteDevice
PsCreateSystemThread
KeInitializeEvent
IoCreateDevice
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlAppendUnicodeToString
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlQueryRegistryValues
RtlInitUnicodeString
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
IoDeleteSymbolicLink
IofCompleteRequest
RtlCopyUnicodeString
__C_specific_handler
ProbeForWrite
IoIs32bitProcess
MmMapLockedPagesSpecifyCache
NtAdjustPrivilegesToken
ZwOpenProcessToken
RtlCompareMemory
ZwReadFile
IofCallDriver
IoAllocateIrp
IoGetRelatedDeviceObject
IoSetHardErrorOrVerifyDevice
PsRevertToSelf
SeImpersonateClient
ExInterlockedRemoveHeadList
PsTerminateSystemThread
ExInterlockedInsertTailList
SeCreateClientSecurity
ZwQueryInformationFile
ZwCreateFile
KeBugCheckEx
Sections
.text Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/UltraISO/drivers/IsoCmd.exe.exe windows:5 windows x86 arch:x86
5d30fe8c13c8cfc987eeeaa6a0eddb98
Code Sign
04:00:00:00:00:01:2f:4e:e1:52:d7Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After28/01/2028, 12:00SubjectCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:2f:4e:e1:35:5cCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After13/04/2019, 10:00SubjectCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate
IssuerCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BENot Before23/08/2013, 00:00Not After23/09/2024, 00:00SubjectCN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SGExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
11:21:1b:6c:1d:76:87:d7:89:b2:b9:11:8c:0d:96:22:c4:2fCertificate
IssuerCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BENot Before19/11/2013, 03:22Not After19/11/2016, 03:22SubjectCN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0b:7f:6b:00:00:00:00:00:19Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:00Not After23/05/2016, 17:10SubjectCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
64:6f:73:73:0f:11:e5:c3:2e:b4:de:74:94:ba:22:93:c0:00:d6:d8Signer
Actual PE Digest64:6f:73:73:0f:11:e5:c3:2e:b4:de:74:94:ba:22:93:c0:00:d6:d8Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\winddk\isodrive\isocmd\objfre_wnet_x86\i386\isocmd.pdb
Imports
msvcrt
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
wcslen
toupper
printf
_iob
fprintf
_vsnprintf
advapi32
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
RegCreateKeyExA
RegCloseKey
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
kernel32
WideCharToMultiByte
CreateFileA
DeviceIoControl
CloseHandle
QueryDosDeviceA
GetLogicalDriveStringsA
GetLastError
FormatMessageA
LocalFree
GetModuleHandleA
GetProcAddress
Sleep
MultiByteToWideChar
GetCurrentDirectoryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DefineDosDeviceA
GetCurrentProcess
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 864B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/UltraISO/drivers/bootpart.exe.exe windows:5 windows x86 arch:x86
cf316e25eeca39dfcf28358629c34deb
Code Sign
04:00:00:00:00:01:2f:4e:e1:52:d7Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After28/01/2028, 12:00SubjectCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:2f:4e:e1:35:5cCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After13/04/2019, 10:00SubjectCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate
IssuerCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BENot Before23/08/2013, 00:00Not After23/09/2024, 00:00SubjectCN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SGExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
11:21:1b:6c:1d:76:87:d7:89:b2:b9:11:8c:0d:96:22:c4:2fCertificate
IssuerCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BENot Before19/11/2013, 03:22Not After19/11/2016, 03:22SubjectCN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0b:7f:6b:00:00:00:00:00:19Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:00Not After23/05/2016, 17:10SubjectCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:bf:36:65:a2:f2:e5:ea:56:19:14:08:5b:90:ab:38:20:d5:e5:3cSigner
Actual PE Digest33:bf:36:65:a2:f2:e5:ea:56:19:14:08:5b:90:ab:38:20:d5:e5:3cDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\winddk\bootpart\cmd\objfre_wnet_x86\i386\bootpart.pdb
Imports
msvcrt
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
exit
_cexit
_XcptFilter
_exit
_c_exit
strtol
toupper
vfprintf
fputc
fflush
__initenv
strncmp
malloc
free
_iob
fprintf
printf
sprintf
advapi32
OpenSCManagerA
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
ControlService
kernel32
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetErrorMode
Sleep
GetCurrentDirectoryA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
ReadFile
SetLastError
CreateFileA
QueryDosDeviceA
LocalFree
FormatMessageA
GetLastError
CloseHandle
GetFileSize
DefineDosDeviceA
DeviceIoControl
shell32
SHChangeNotify
setupapi
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 824B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/UltraISO/drivers/bootpart.sys.sys windows:5 windows x86 arch:x86
7106415a9b05d4b9cfc02293d39a9a38
Code Sign
04:00:00:00:00:01:2f:4e:e1:52:d7Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After28/01/2028, 12:00SubjectCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:2f:4e:e1:35:5cCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After13/04/2019, 10:00SubjectCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate
IssuerCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BENot Before23/08/2013, 00:00Not After23/09/2024, 00:00SubjectCN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SGExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
11:21:1b:6c:1d:76:87:d7:89:b2:b9:11:8c:0d:96:22:c4:2fCertificate
IssuerCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BENot Before19/11/2013, 03:22Not After19/11/2016, 03:22SubjectCN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0b:7f:6b:00:00:00:00:00:19Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:00Not After23/05/2016, 17:10SubjectCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
6a:f8:8e:ef:ab:36:e2:84:78:5c:e0:60:1b:75:c0:a8:70:ab:2b:e5Signer
Actual PE Digest6a:f8:8e:ef:ab:36:e2:84:78:5c:e0:60:1b:75:c0:a8:70:ab:2b:e5Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\winddk\bootpart\drv\objfre_wnet_x86\i386\bootpart.pdb
Imports
ntoskrnl.exe
ZwDeleteKey
ZwOpenKey
IoDeleteDevice
ZwOpenSymbolicLinkObject
RtlAppendUnicodeToString
ExAllocatePoolWithTag
ZwClose
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
ExFreePoolWithTag
IoDeleteSymbolicLink
IofCompleteRequest
ExfInterlockedInsertTailList
KeInitializeEvent
DbgPrint
ZwCreateFile
SeCreateClientSecurity
KeGetCurrentThread
ZwQueryInformationFile
IoCreateSymbolicLink
ZwReadFile
RtlInitUnicodeString
swprintf
_allmul
NtAdjustPrivilegesToken
ZwOpenProcessToken
ExfInterlockedRemoveHeadList
ZwWriteFile
MmMapLockedPagesSpecifyCache
PsRevertToSelf
SeImpersonateClient
PsTerminateSystemThread
KeSetPriorityThread
RtlCopyUnicodeString
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeSpinLock
KeTickCount
KeBugCheckEx
MmGetSystemRoutineAddress
wcslen
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 929B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 408B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 848B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 686B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/UltraISO/drivers/bootpt64.sys.sys windows:5 windows x64 arch:x64
447f1cd11f0211ba9fe52ce23371cafe
Code Sign
04:00:00:00:00:01:2f:4e:e1:52:d7Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After28/01/2028, 12:00SubjectCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:2f:4e:e1:35:5cCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After13/04/2019, 10:00SubjectCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate
IssuerCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BENot Before23/08/2013, 00:00Not After23/09/2024, 00:00SubjectCN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SGExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
11:21:1b:6c:1d:76:87:d7:89:b2:b9:11:8c:0d:96:22:c4:2fCertificate
IssuerCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BENot Before19/11/2013, 03:22Not After19/11/2016, 03:22SubjectCN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0b:7f:6b:00:00:00:00:00:19Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:00Not After23/05/2016, 17:10SubjectCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e1:d8:c8:6e:1f:53:4d:d5:64:b1:ff:77:91:4f:26:a2:5d:fe:50:14Signer
Actual PE Digeste1:d8:c8:6e:1f:53:4d:d5:64:b1:ff:77:91:4f:26:a2:5d:fe:50:14Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
d:\winddk\bootpart\drv\objfre_wnet_AMD64\amd64\bootpart.pdb
Imports
ntoskrnl.exe
ZwDeleteKey
ZwOpenKey
IoDeleteDevice
ZwOpenSymbolicLinkObject
RtlAppendUnicodeToString
ExAllocatePoolWithTag
ZwClose
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
ExFreePoolWithTag
IoDeleteSymbolicLink
IofCompleteRequest
ExInterlockedInsertTailList
KeInitializeEvent
DbgPrint
ZwCreateFile
SeCreateClientSecurity
ZwQueryInformationFile
IoCreateSymbolicLink
ZwReadFile
RtlInitUnicodeString
swprintf
NtAdjustPrivilegesToken
ZwOpenProcessToken
ZwWriteFile
MmMapLockedPagesSpecifyCache
PsRevertToSelf
SeImpersonateClient
ExInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetPriorityThread
RtlCopyUnicodeString
ObReferenceObjectByHandle
PsCreateSystemThread
KeBugCheckEx
MmGetSystemRoutineAddress
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 764B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 756B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 848B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/UltraISO/isoshell.dll.dll regsvr32 windows:4 windows x86 arch:x86
7c74863037feb824f5529aae329b8db8
Code Sign
04:00:00:00:00:01:2f:4e:e1:52:d7Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After28/01/2028, 12:00SubjectCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:2f:4e:e1:35:5cCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After13/04/2019, 10:00SubjectCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate
IssuerCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BENot Before23/08/2013, 00:00Not After23/09/2024, 00:00SubjectCN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SGExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
11:21:1b:6c:1d:76:87:d7:89:b2:b9:11:8c:0d:96:22:c4:2fCertificate
IssuerCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BENot Before19/11/2013, 03:22Not After19/11/2016, 03:22SubjectCN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0b:7f:6b:00:00:00:00:00:19Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:00Not After23/05/2016, 17:10SubjectCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
68:8a:98:c7:b8:48:18:d1:10:76:d7:8d:f0:bb:a3:3d:08:e7:4b:dcSigner
Actual PE Digest68:8a:98:c7:b8:48:18:d1:10:76:d7:8d:f0:bb:a3:3d:08:e7:4b:dcDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
DisableThreadLibraryCalls
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
GetVersion
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrlenW
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetDriveTypeA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
DebugBreak
HeapReAlloc
HeapFree
GlobalUnlock
GlobalLock
GetFileAttributesA
lstrcpynW
WinExec
SetCurrentDirectoryA
ReadFile
LocalAlloc
GetFileInformationByHandle
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
CreateFileA
DeviceIoControl
CloseHandle
WideCharToMultiByte
QueryDosDeviceA
DefineDosDeviceA
Sleep
GetLastError
FormatMessageA
lstrcmpiA
LocalFree
RtlUnwind
user32
CharNextA
wsprintfA
LoadImageA
InsertMenuItemA
InsertMenuA
CreatePopupMenu
MessageBoxA
SetMenuItemBitmaps
advapi32
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
DragQueryFileA
ole32
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
oleaut32
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr
LoadRegTypeLi
SysStringLen
RegisterTypeLi
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/UltraISO/isoshl64.dll.dll regsvr32 windows:5 windows x64 arch:x64
cbc1e923185663d97dcb6695ccfa95a2
Code Sign
04:00:00:00:00:01:2f:4e:e1:52:d7Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After28/01/2028, 12:00SubjectCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:2f:4e:e1:35:5cCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After13/04/2019, 10:00SubjectCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate
IssuerCN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BENot Before23/08/2013, 00:00Not After23/09/2024, 00:00SubjectCN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SGExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
11:21:1b:6c:1d:76:87:d7:89:b2:b9:11:8c:0d:96:22:c4:2fCertificate
IssuerCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BENot Before19/11/2013, 03:22Not After19/11/2016, 03:22SubjectCN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0b:7f:6b:00:00:00:00:00:19Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:00Not After23/05/2016, 17:10SubjectCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
71:ae:7b:b5:bf:d1:78:9b:1f:97:f2:ac:e7:7a:cb:f0:46:89:cd:4dSigner
Actual PE Digest71:ae:7b:b5:bf:d1:78:9b:1f:97:f2:ac:e7:7a:cb:f0:46:89:cd:4dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
lstrlenA
lstrcmpiA
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
IsDBCSLeadByte
GetVersion
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GlobalUnlock
GetDriveTypeA
GetFileAttributesA
lstrcpynA
lstrcpynW
WinExec
SetCurrentDirectoryA
ReadFile
LocalAlloc
GetFileInformationByHandle
lstrcatA
lstrcpyA
LoadLibraryW
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
MultiByteToWideChar
CreateFileA
DeviceIoControl
CloseHandle
WideCharToMultiByte
QueryDosDeviceA
DefineDosDeviceA
Sleep
GetLastError
FormatMessageA
GlobalLock
LocalFree
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
HeapSetInformation
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
FlsAlloc
SetLastError
HeapAlloc
HeapFree
RtlPcToFileHeader
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
DecodePointer
EncodePointer
RtlLookupFunctionEntry
RtlUnwindEx
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
user32
CreatePopupMenu
CharNextA
CharNextW
SetMenuItemBitmaps
LoadImageA
InsertMenuItemA
MessageBoxA
wsprintfA
InsertMenuA
advapi32
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyA
shell32
DragQueryFileA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ole32
ReleaseStgMedium
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
oleaut32
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 69KB - Virtual size: 68KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/UltraISO/lang/lang_cn.dll.dll windows:4 windows x86 arch:x86
a760606a533af4814ef9283c1ca3b322
Code Sign
04:00:00:00:00:01:2f:4e:e1:35:5cCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before13/04/2011, 10:00Not After13/04/2019, 10:00SubjectCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
11:21:1b:6c:1d:76:87:d7:89:b2:b9:11:8c:0d:96:22:c4:2fCertificate
IssuerCN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BENot Before19/11/2013, 03:22Not After19/11/2016, 03:22SubjectCN=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,O=SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD.,L=Shenzhen,ST=Guangdong,C=CN,1.2.840.113549.1.9.1=#0c136365727440657a6273797374656d732e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:0b:7f:6b:00:00:00:00:00:19Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:00Not After23/05/2016, 17:10SubjectCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
2e:19:29:f3:98:71:a6:86:09:0c:ea:59:a8:c9:36:68:ee:98:f8:27Signer
Actual PE Digest2e:19:29:f3:98:71:a6:86:09:0c:ea:59:a8:c9:36:68:ee:98:f8:27Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LoadLibraryA
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WriteFile
user32
EnumThreadWindows
MessageBoxA
wsprintfA
Exports
Exports
GetFontName
GetFontSize
GetLangID
GetLangName
GetLangStr
___CPPdebugHook
Sections
.text Size: 31KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.edata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/UltraISO/uikey.ini
-
$TEMP/UltraISO/ultraiso.ini