e93f50b6eadc3c1e49e3b1481a6f551d1794fdd4227cf5f15c9a1d7aac7b6a79

Sharing

Copy URL Twitter E-mail

General

Target

e93f50b6eadc3c1e49e3b1481a6f551d1794fdd4227cf5f15c9a1d7aac7b6a79
Size

714KB
MD5

ae231fbb5afa680cda7a05be6a5625d8
SHA1

9511d1aadcc471ddd35914795ef9be2c25c9753b
SHA256

e93f50b6eadc3c1e49e3b1481a6f551d1794fdd4227cf5f15c9a1d7aac7b6a79
SHA512

e03f6ba3d3673d0d1fcbdecd53041412d1d14dcba850befa72b5fc6d74cebd30330d6b851f454a89d8cb92dad4fe3a534a718b35b239a44882a00428f049cb18
SSDEEP

12288:P2EipZw5yFYRumhzM3OQtmT7raO3iQmzOv8iSU65N14mbmtct:PCZj3IzM3KfaOSQmzOHObCmbmtq

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$SYSDIR/TXGYMailActiveX.dll
unpack001/$SYSDIR/TXGYMailCamera.dll
unpack001/mozcrt19.dll
unpack001/nptxftnWebKit.dll
unpack001/nspr4.dll
unpack001/plc4.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

e93f50b6eadc3c1e49e3b1481a6f551d1794fdd4227cf5f15c9a1d7aac7b6a79
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:a0:51:6c:26:f4:2f:16:7e:4b:d7:30:29:47:fa:2f:75:64:3a:81
Signer

Actual PE Digest

33:a0:51:6c:26:f4:2f:16:7e:4b:d7:30:29:47:fa:2f:75:64:3a:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/TXGYMailActiveX.dll
.dll regsvr32 windows:4 windows x86 arch:x86

7ee0450cec29c4d479fe7750616af63d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseActCtx
DeactivateActCtx
Sleep
GetTickCount
GetFileTime
GetTempPathW
GlobalSize
MoveFileExW
FindResourceExW
FreeLibrary
GetCurrentThread
VirtualQueryEx
GetShortPathNameW
GlobalLock
SizeofResource
LoadLibraryExW
DisableThreadLibraryCalls
HeapDestroy
DeleteCriticalSection
lstrcmpiA
ResumeThread
FindClose
FindNextFileW
CreateActCtxW
GetLongPathNameW
GetThreadSelectorEntry
ReadProcessMemory
EnterCriticalSection
LeaveCriticalSection
GlobalAlloc
FindResourceW
LoadResource
LockResource
GlobalHandle
GlobalFree
FreeResource
CreateThread
GlobalUnlock
GetSystemTime
SystemTimeToFileTime
lstrcmpW
WideCharToMultiByte
lstrlenA
lstrcpynA
GetFileSize
ActivateActCtx
InitializeCriticalSection
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
InterlockedCompareExchange
FindFirstFileW
InterlockedIncrement
SetLastError
GetLastError
ReadFile
VirtualQuery
GetModuleFileNameA
lstrcpyW
GetVersionExW
lstrcatW
GetCurrentThreadId
MultiByteToWideChar
lstrcmpiW
lstrlenW
lstrcpynW
GetModuleFileNameW
CreateFileW
SetFilePointer
GetACP
WriteFile
CloseHandle
DeleteFileW
WritePrivateProfileStringW
SetErrorMode
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
LoadLibraryW
GetProcAddress
HeapFree
GetProcessHeap
HeapAlloc
VirtualAlloc
VirtualFree
GetModuleHandleW

user32

MsgWaitForMultipleObjects
IntersectRect
OffsetRect
SetWindowRgn
UnionRect
PtInRect
GetKeyState
DrawTextW
LoadIconW
SetLayeredWindowAttributes
MoveWindow
TrackMouseEvent
CharNextW
IsWindowEnabled
EnableWindow
SetPropW
RemovePropW
GetPropW
IsClipboardFormatAvailable
PeekMessageW
TranslateMessage
DispatchMessageW
MessageBoxA
wsprintfW
GetClassNameW
GetDlgItem
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableW
GetDC
GetDesktopWindow
ReleaseDC
RedrawWindow
BeginPaint
FillRect
EndPaint
CallWindowProcW
GetFocus
IsChild
SetFocus
GetSysColor
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetWindowLongW
RegisterWindowMessageW
LoadCursorW
CreateDialogIndirectParamW
GetWindowLongW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
MapWindowPoints
SetDlgItemTextW
GetClientRect
GetClassInfoExW
RegisterClassExW
PostMessageW
OpenClipboard
GetClipboardData
CloseClipboard
IsIconic
ShowWindow
SetWindowPos
SendMessageW
IsWindow
CreateWindowExW
GetClassInfoW
RegisterClassW
DestroyWindow
DefWindowProcW
MessageBeep
EqualRect

comdlg32

GetOpenFileNameW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegEnumValueW

shell32

DragQueryFileW
StrStrIW
StrStrW

ole32

ReleaseStgMedium
CoTaskMemRealloc
WriteClassStm
OleSaveToStream
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
OleLoadFromStream
CoCreateGuid
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
RegisterDragDrop
StringFromGUID2
CreateOleAdviseHolder
CreateStreamOnHGlobal

oleaut32

OleCreatePropertyFrame
SysAllocStringByteLen
VariantChangeType
RegisterTypeLi
VarUI4FromStr
LoadTypeLi
SysStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
SysAllocString
VariantClear
VariantCopy
SysStringLen
VariantInit
SysFreeString

gdi32

RealizePalette
GetDIBits
CreateDCW
LPtoDP
SetTextAlign
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
RestoreDC
CreateRectRgnIndirect
CreateFontW
GetStockObject
GetObjectW
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
GetBkColor
SetBkColor
ExtTextOutW
GetDeviceCaps
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject
DeleteObject
TextOutW

msvcrt

fopen
fclose
__dllonexit
fread
fwrite
fseek
_purecall
_except_handler3
ftell
fflush
clock
getc
wcslen
memcmp
printf
sprintf
wcscat
abs
wcsftime
free
rand
malloc
memset
time
??3@YAXPAX@Z
localtime
wcsrchr
wcscpy
??2@YAPAXI@Z
memcpy
fputc
realloc
_CxxThrowException
_wfopen
floor
_ftol
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
longjmp
strncpy
_setjmp3
__CxxLongjmpUnwind
isprint
exit
fprintf
_iob
sscanf
getenv
abort
__CxxFrameHandler

imagehlp

SymGetModuleInfo
SymLoadModule
SymSetOptions
SymInitialize
SymFunctionTableAccess
SymGetSymFromAddr

ws2_32

gethostbyname

wininet

HttpAddRequestHeadersW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
InternetCrackUrlA
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW

msvcp60

?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??1_Winit@std@@QAE@XZ

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_StackWalk@36

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/TXGYMailCamera.dll
.dll windows:4 windows x86 arch:x86

5b6d5d79a0d569100606e78b0b12b483

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msimg32

AlphaBlend

mfc42u

ord3577
ord640
ord616
ord641
ord323
ord567
ord324
ord2294
ord4229
ord2859
ord3088
ord5276
ord6211
ord4294
ord800
ord858
ord5706
ord4124
ord2755
ord4155
ord540
ord2855
ord1633
ord2854
ord6195
ord4704
ord4470
ord2371
ord6193
ord6871
ord3087
ord3566
ord5679
ord6868
ord1172
ord4215
ord2576
ord3649
ord809
ord654
ord556
ord341
ord2430
ord2078
ord1143
ord6451
ord5871
ord3084
ord6115
ord3701
ord613
ord5777
ord3915
ord289
ord2423
ord6266
ord1637
ord2634
ord5977
ord3170
ord3494
ord2507
ord535
ord5568
ord2910
ord355
ord538
ord2810
ord860
ord3332
ord3806
ord2397
ord816
ord3744
ord6376
ord6191
ord2745
ord5781
ord3614
ord6238
ord823
ord1088
ord2114
ord4128
ord4292
ord283
ord472
ord6168
ord5785
ord3871
ord2567
ord4390
ord3569
ord4418
ord4270
ord4474
ord4279
ord2070
ord3605
ord656
ord922
ord942
ord941
ord6597
ord755
ord470
ord2746
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord1115
ord561
ord815
ord6466
ord3948
ord2717
ord1568
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord4621
ord4075
ord3074
ord3820
ord3826
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4392
ord1768
ord4073
ord6051
ord2570
ord4213
ord2015
ord2403
ord3592
ord4419
ord4401
ord1767
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord3568
ord3658
ord5784
ord5783
ord2444
ord2406
ord3621
ord3688
ord1634
ord1165
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord609
ord5059
ord825
ord1173
ord562
ord3733

msvcrt

_purecall
__CxxFrameHandler
fopen
fclose
fread
fwrite
fseek
ftell
fflush
fputc
getc
_wcsicmp
atan
sqrt
_ftol
abs
fabs
wcsncpy
wcscmp
memset
free
malloc
realloc
_wfopen
floor
_CxxThrowException
_CIpow
longjmp
strncpy
_setjmp3
__CxxLongjmpUnwind
strncmp
_CIfmod
printf
isprint
exit
fprintf
_iob
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
strtod
abort
getenv
sscanf
sprintf

kernel32

CreateMutexW
GetLastError
CloseHandle
GlobalLock
GlobalSize
LockResource
LoadResource
FindFirstFileW
FindClose
FindResourceW
SizeofResource
LocalFree
GlobalUnlock
LocalAlloc

user32

GetParent
ReleaseDC
PostMessageW
GetKeyState
FillRect
SetRect
OffsetRect
GetSystemMetrics
PtInRect
GetCapture
IsWindowVisible
ClientToScreen
ChildWindowFromPointEx
WindowFromPoint
CreatePopupMenu
AppendMenuW
ReleaseCapture
SetCapture
IsRectEmpty
SendMessageW
SetForegroundWindow
InflateRect
GetCursorPos
ScreenToClient
LoadCursorW
SetCursor
IsWindow
GetClipboardData
GetWindowDC
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDesktopWindow
EnableWindow
GetWindowRect
InvalidateRect
GetClientRect
GetDC

gdi32

GetStockObject
CreateCompatibleDC
DeleteDC
BitBlt
SelectObject
CreateBitmapIndirect
GetObjectW
Polyline
GetRgnBox
CombineRgn
CreateRectRgn
GetPixel
DeleteObject
GetDeviceCaps
CreateCompatibleBitmap
CreateFontIndirectW
Polygon
Ellipse
SetPixel
CreatePen
GetTextExtentPoint32W
CreateFontW
CreateDIBSection
GetDIBits
RealizePalette
SetDIBitsToDevice
SetStretchBltMode
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
GetTextColor
CreateSolidBrush
Rectangle

shell32

SHGetSpecialFolderPathW

comctl32

_TrackMouseEvent

imm32

ImmGetCompositionStringW
ImmSetCompositionStringW
ImmReleaseContext
ImmGetContext

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXABV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
CameraSubArea
CameraWindow
CameraWindowLikeSpy

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License
mozcrt19.dll
.dll windows:4 windows x86 arch:x86

7cea1bcca1ff18e164507fda5b70c620

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\xr19rel\WINNT_5.2_Depend\mozilla\obj-xulrunner\memory\jemalloc\src\build\intel\mozcrt19.pdb

Imports

msvcrt

_getdrives

kernel32

GetCurrentProcessId
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetCurrentThreadId
TlsGetValue
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
Sleep
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
GetSystemInfo
SetHandleCount
GetFileType
GetStartupInfoA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetStdHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
MultiByteToWideChar
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
SetLocalTime
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetLocaleInfoW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
FlushFileBuffers
CompareStringA
CompareStringW
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CreateProcessW
VirtualProtect
VirtualQuery
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetEndOfFile
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreatePipe
ReadFile
CreateFileW
LoadLibraryW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1exception@std@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?raw_name@type_info@@QBEPBDXZ
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@std@@UBEPBDXZ
@_calloc_crt@8
@_malloc_crt@4
@_realloc_crt@8
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osplatform
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_crt_debugger_hook
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_invalid_parameter_handler
_get_osfhandle
_get_osplatform
_get_osver
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_winmajor
_get_winminor
_get_winver
_get_wpgmptr
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getptd
_getsystime
_getw
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_global_unwind2

Sections

.text
Size: 476KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
npQQMailWebKit.dll
.dll windows:4 windows x86 arch:x86

68ae2444131183a18c5b75d9433fac7a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7f:7d:f1:d7:67:67:ec:75:cd:8e:13:14:eb:ca:5f:06:1f:94:ef:3e
Signer

Actual PE Digest

7f:7d:f1:d7:67:67:ec:75:cd:8e:13:14:eb:ca:5f:06:1f:94:ef:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
GetProcAddress
GetModuleHandleA
FreeLibrary
LoadLibraryW
GetModuleFileNameW
VirtualQuery
CloseHandle
CreateFileW
lstrlenW
CreateThread
WaitForSingleObject
ReleaseMutex
GetLastError
CreateMutexA
GetEnvironmentVariableA
OpenMutexA
MultiByteToWideChar
WideCharToMultiByte
DisableThreadLibraryCalls
InterlockedIncrement
lstrlenA
Sleep
lstrcmpiA

user32

DefWindowProcA
SetWindowLongA
GetParent
CallMsgFilterA
ShowWindow
wsprintfA

ole32

CoInitializeEx
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString

advapi32

RegCloseKey
RegOpenKeyW
RegOverridePredefKey
RegQueryValueExW

msvcp60

??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

ws2_32

gethostbyname

msvcrt

_purecall
free
_ftol
strcmp
vfprintf
fflush
fclose
fopen
_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
tolower
__CxxFrameHandler
strlen
??2@YAPAXI@Z
__RTDynamicCast
memcmp
wcslen
_except_handler3

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nptxftnWebKit.dll
.dll windows:4 windows x86 arch:x86

5eea1706379bbefd757e5fff56ffe4e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nspr4

PR_NewLogModule
PR_GetOSError
PR_GetError
PR_GetFileInfo
PR_DestroyCondVar
PR_NotifyAllCondVar
PR_NotifyCondVar
PR_MillisecondsToInterval
PR_IntervalNow
PR_WaitCondVar
PR_IntervalToMilliseconds
PR_NewCondVar
PR_Unlock
PR_Lock
PR_DestroyLock
PR_NewLock
PR_GetCurrentThread
PR_CreateThread
PR_JoinThread
PR_NewTCPSocket
PR_Connect
PR_GetHostByName
PR_EnumerateHostEnt
PR_Shutdown
PR_Recv
PR_Send
PR_Now
PR_GetFileInfo64
PR_Sleep
PR_Seek64
PR_htonl
PR_htons
PR_ntohl
PR_Open
PR_Close
PR_GetOpenFileInfo64
PR_Read
PR_LogPrint

plc4

PL_strlen
PL_strcpy
PL_strnlen

kernel32

LeaveCriticalSection
CreateFileA
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
LoadLibraryA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ReadFile
ExitProcess
HeapSize
GetOEMCP
HeapReAlloc
VirtualAlloc
WideCharToMultiByte
GetACP
MultiByteToWideChar
Sleep
CreateThread
VirtualFree
HeapCreate
HeapDestroy
GetModuleFileNameA
GetStdHandle
WriteFile
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetProcAddress
GetCPInfo
LCMapStringW
LCMapStringA
GetProcessHeap
HeapAlloc
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA

user32

ShowWindow
SetWindowPos
GetFocus
IsWindowEnabled
EnableWindow
CallMsgFilterA
IsWindow
SetFocus
MessageBoxA
GetParent
SetPropA
RemovePropA
SendMessageA
GetPropA
GetDesktopWindow
GetWindowRect

comdlg32

GetOpenFileNameA

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nspr4.dll
.dll windows:4 windows x86 arch:x86

157dbd1c41ecc520350dd0b31941f612

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\xr19rel\WINNT_5.2_Depend\mozilla\obj-xulrunner\nsprpub\pr\src\nspr4.pdb

Imports

advapi32

AllocateAndInitializeSid
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor

wsock32

recvfrom
sendto
send
recv
connect
accept
select
__WSAFDIsSet
setsockopt
getpeername
getsockname
shutdown
listen
bind
inet_ntoa
closesocket
WSAStartup
WSACleanup
gethostname
getsockopt
WSAGetLastError
ioctlsocket
ntohl
ntohs
htons
getprotobynumber
getprotobyname
gethostbyaddr
gethostbyname
htonl
socket

winmm

timeGetTime

mozcrt19

_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_encode_pointer
_time64
_stat64i32
_access
_mbspbrk
_mbsdec
_mbsinc
_beginthreadex
_exit
_environ
qsort
_stricmp
strpbrk
isalpha
_mktime64
_localtime64
strncmp
_errno
strerror
realloc
calloc
malloc
strrchr
strstr
getenv
memset
strchr
isdigit
strtoul
strtol
isspace
tolower
memchr
sprintf
abort
free
fwrite
fflush
fopen
setvbuf
__iob_func
fclose
sscanf
memcpy
atoi
_strdup
strftime
_putenv

kernel32

GetCurrentProcessId
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
OpenFileMappingA
GetTickCount
QueryPerformanceCounter
OpenSemaphoreA
LeaveCriticalSection
UnlockFile
LockFile
RemoveDirectoryA
CreateDirectoryA
MoveFileA
GetHandleInformation
SetHandleInformation
GetFileInformationByHandle
FindFirstFileA
GetFullPathNameA
GetDriveTypeA
DeleteFileA
FindNextFileA
FindClose
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
ResumeThread
SuspendThread
SetThreadPriority
GetCurrentThread
DuplicateHandle
TlsFree
TlsAlloc
GetThreadContext
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcess
UnmapViewOfFile
MapViewOfFile
FormatMessageA
CreateFileMappingA
GetVersionExA
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
TlsSetValue
DeleteCriticalSection
InitializeCriticalSection
TlsGetValue
Sleep
GetStdHandle
CreatePipe
CloseHandle
GlobalMemoryStatus
InterlockedExchange
GetSystemInfo
MultiByteToWideChar
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
FreeLibrary
GetLastError
SetLastError
WideCharToMultiByte
LoadLibraryA
LoadLibraryW
DebugBreak
EnterCriticalSection
OutputDebugStringA

Exports

Exports

GetExecutionEnvironment
LL_MaxInt
LL_MaxUint
LL_MinInt
LL_Zero
PRP_DestroyNakedCondVar
PRP_NakedBroadcast
PRP_NakedNotify
PRP_NakedWait
PRP_NewNakedCondVar
PRP_TryLock
PR_Abort
PR_Accept
PR_AcceptRead
PR_Access
PR_AddToCounter
PR_AddWaitFileDesc
PR_AllocFileDesc
PR_Assert
PR_AtomicAdd
PR_AtomicDecrement
PR_AtomicIncrement
PR_AtomicSet
PR_AttachSharedMemory
PR_AttachThread
PR_AttachThreadGCAble
PR_Available
PR_Available64
PR_Bind
PR_BlockClockInterrupts
PR_BlockInterrupt
PR_CEnterMonitor
PR_CExitMonitor
PR_CNotify
PR_CNotifyAll
PR_CSetOnMonitorRecycle
PR_CWait
PR_CallOnce
PR_CallOnceWithArg
PR_Calloc
PR_CancelJob
PR_CancelWaitFileDesc
PR_CancelWaitGroup
PR_CeilingLog2
PR_ChangeFileDescNativeHandle
PR_Cleanup
PR_ClearInterrupt
PR_ClearThreadGCAble
PR_Close
PR_CloseDir
PR_CloseFileMap
PR_CloseSemaphore
PR_CloseSharedMemory
PR_Connect
PR_ConnectContinue
PR_ConvertIPv4AddrToIPv6
PR_CreateAlarm
PR_CreateCounter
PR_CreateFileMap
PR_CreateIOLayer
PR_CreateIOLayerStub
PR_CreateMWaitEnumerator
PR_CreateOrderedLock
PR_CreatePipe
PR_CreateProcess
PR_CreateProcessDetached
PR_CreateSocketPollFd
PR_CreateStack
PR_CreateThread
PR_CreateThreadGCAble
PR_CreateThreadPool
PR_CreateTrace
PR_CreateWaitGroup
PR_DecrementCounter
PR_Delete
PR_DeleteSemaphore
PR_DeleteSharedMemory
PR_DestroyAlarm
PR_DestroyCondVar
PR_DestroyCounter
PR_DestroyLock
PR_DestroyMWaitEnumerator
PR_DestroyMonitor
PR_DestroyOrderedLock
PR_DestroyPollableEvent
PR_DestroyProcessAttr
PR_DestroyRWLock
PR_DestroySem
PR_DestroySocketPollFd
PR_DestroyStack
PR_DestroyTrace
PR_DestroyWaitGroup
PR_DetachProcess
PR_DetachSharedMemory
PR_DetachThread
PR_DisableClockInterrupts
PR_EmulateAcceptRead
PR_EmulateSendFile
PR_EnableClockInterrupts
PR_EnterMonitor
PR_EnumerateAddrInfo
PR_EnumerateHostEnt
PR_EnumerateThreads
PR_EnumerateWaitGroup
PR_ErrorInstallCallback
PR_ErrorInstallTable
PR_ErrorLanguages
PR_ErrorToName
PR_ErrorToString
PR_ExitMonitor
PR_ExplodeTime
PR_ExportFileMapAsString
PR_FD_CLR
PR_FD_ISSET
PR_FD_NCLR
PR_FD_NISSET
PR_FD_NSET
PR_FD_SET
PR_FD_ZERO
PR_FileDesc2NativeHandle
PR_FindFunctionSymbol
PR_FindFunctionSymbolAndLibrary
PR_FindNextCounterQname
PR_FindNextCounterRname
PR_FindNextTraceQname
PR_FindNextTraceRname
PR_FindSymbol
PR_FindSymbolAndLibrary
PR_FloorLog2
PR_FormatTime
PR_FormatTimeUSEnglish
PR_Free
PR_FreeAddrInfo
PR_FreeFileDesc
PR_FreeLibraryName
PR_GMTParameters
PR_GetAddrInfoByName
PR_GetCanonNameFromAddrInfo
PR_GetConnectStatus
PR_GetCounter
PR_GetCounterHandleFromName
PR_GetCounterNameFromHandle
PR_GetCurrentThread
PR_GetDefaultIOMethods
PR_GetDescType
PR_GetDirectorySeparator
PR_GetDirectorySepartor
PR_GetEnv
PR_GetError
PR_GetErrorText
PR_GetErrorTextLength
PR_GetFileInfo
PR_GetFileInfo64
PR_GetFileMethods
PR_GetGCRegisters
PR_GetHostByAddr
PR_GetHostByName
PR_GetIPNodeByName
PR_GetIdentitiesLayer
PR_GetInheritedFD
PR_GetInheritedFileMap
PR_GetLayersIdentity
PR_GetLibraryFilePathname
PR_GetLibraryName
PR_GetLibraryPath
PR_GetMemMapAlignment
PR_GetMonitorEntryCount
PR_GetNameForIdentity
PR_GetNumberOfProcessors
PR_GetOSError
PR_GetOpenFileInfo
PR_GetOpenFileInfo64
PR_GetPageShift
PR_GetPageSize
PR_GetPathSeparator
PR_GetPeerName
PR_GetPhysicalMemorySize
PR_GetPipeMethods
PR_GetProtoByName
PR_GetProtoByNumber
PR_GetRandomNoise
PR_GetSP
PR_GetSockName
PR_GetSocketOption
PR_GetSpecialFD
PR_GetStackSpaceLeft
PR_GetSysfdTableMax
PR_GetSystemInfo
PR_GetTCPMethods
PR_GetThreadAffinityMask
PR_GetThreadID
PR_GetThreadPriority
PR_GetThreadPrivate
PR_GetThreadScope
PR_GetThreadState
PR_GetThreadType
PR_GetTraceEntries
PR_GetTraceHandleFromName
PR_GetTraceNameFromHandle
PR_GetTraceOption
PR_GetUDPMethods
PR_GetUniqueIdentity
PR_ImplodeTime
PR_ImportFile
PR_ImportFileMapFromString
PR_ImportPipe
PR_ImportTCPSocket
PR_ImportUDPSocket
PR_IncrementCounter
PR_Init
PR_Initialize
PR_InitializeNetAddr
PR_Initialized
PR_Interrupt
PR_IntervalNow
PR_IntervalToMicroseconds
PR_IntervalToMilliseconds
PR_IntervalToSeconds
PR_IsNetAddrType
PR_JoinJob
PR_JoinThread
PR_JoinThreadPool
PR_KillProcess
PR_Listen
PR_LoadLibrary
PR_LoadLibraryWithFlags
PR_LoadStaticLibrary
PR_LocalTimeParameters
PR_Lock
PR_LockFile
PR_LockOrderedLock
PR_LogFlush
PR_LogPrint
PR_MakeDir
PR_Malloc
PR_MemMap
PR_MemUnmap
PR_MicrosecondsToInterval
PR_MillisecondsToInterval
PR_MkDir
PR_NetAddrToString
PR_NewCondVar
PR_NewLock
PR_NewLogModule
PR_NewMonitor
PR_NewNamedMonitor
PR_NewPollableEvent
PR_NewProcessAttr
PR_NewRWLock
PR_NewSem
PR_NewTCPSocket
PR_NewTCPSocketPair
PR_NewThreadPrivateIndex
PR_NewUDPSocket
PR_NormalizeTime
PR_Notify
PR_NotifyAll
PR_NotifyAllCondVar
PR_NotifyCondVar
PR_Now
PR_Open
PR_OpenAnonFileMap
PR_OpenDir
PR_OpenFile
PR_OpenSemaphore
PR_OpenSharedMemory
PR_OpenTCPSocket
PR_OpenUDPSocket
PR_ParseTimeString
PR_ParseTimeStringToExplodedTime
PR_Poll
PR_PopIOLayer
PR_PostSem
PR_PostSemaphore
PR_ProcessAttrSetCurrentDirectory
PR_ProcessAttrSetInheritableFD
PR_ProcessAttrSetInheritableFileMap
PR_ProcessAttrSetStdioRedirect
PR_ProcessExit
PR_PushIOLayer
PR_QueueJob
PR_QueueJob_Accept
PR_QueueJob_Connect
PR_QueueJob_Read
PR_QueueJob_Timer
PR_QueueJob_Write
PR_RWLock_Rlock
PR_RWLock_Unlock
PR_RWLock_Wlock
PR_Read
PR_ReadDir
PR_Realloc
PR_RecordTraceEntries
PR_Recv
PR_RecvFrom
PR_Rename
PR_ResetAlarm
PR_ResetProcessAttr
PR_ResumeAll
PR_RmDir
PR_ScanStackPointers
PR_SecondsToInterval
PR_Seek
PR_Seek64
PR_Select
PR_Send
PR_SendFile
PR_SendTo
PR_SetAlarm
PR_SetCPUAffinityMask
PR_SetConcurrency
PR_SetCounter
PR_SetEnv
PR_SetError
PR_SetErrorText
PR_SetFDCacheSize
PR_SetFDInheritable
PR_SetLibraryPath
PR_SetLogBuffering
PR_SetLogFile
PR_SetNetAddr
PR_SetPollableEvent
PR_SetSocketOption
PR_SetStdioRedirect
PR_SetSysfdTableSize
PR_SetThreadAffinityMask
PR_SetThreadDumpProc
PR_SetThreadGCAble
PR_SetThreadPriority
PR_SetThreadPrivate
PR_SetThreadRecycleMode
PR_SetTraceOption
PR_ShowStatus
PR_Shutdown
PR_ShutdownThreadPool
PR_Sleep
PR_Socket
PR_StackPop
PR_StackPush
PR_Stat
PR_StringToNetAddr
PR_SubtractFromCounter
PR_SuspendAll
PR_Sync
PR_TLockFile
PR_TestAndEnterMonitor
PR_TestAndLock
PR_ThreadScanStackPointers
PR_TicksPerSecond
PR_Trace
PR_TransmitFile
PR_USPacificTimeParameters
PR_UnblockClockInterrupts
PR_UnblockInterrupt
PR_UnloadLibrary
PR_Unlock
PR_UnlockFile
PR_UnlockOrderedLock
PR_VersionCheck
PR_Wait
PR_WaitCondVar
PR_WaitForPollableEvent
PR_WaitProcess
PR_WaitRecvReady
PR_WaitSem
PR_WaitSemaphore
PR_Write
PR_Writev
PR_Yield
PR_cnvtf
PR_dtoa
PR_fprintf
PR_htonl
PR_htonll
PR_htons
PR_ntohl
PR_ntohll
PR_ntohs
PR_smprintf
PR_smprintf_free
PR_snprintf
PR_sprintf_append
PR_sscanf
PR_strtod
PR_sxprintf
PR_vfprintf
PR_vsmprintf
PR_vsnprintf
PR_vsprintf_append
PR_vsxprintf
PT_FPrintStats
SetExecutionEnvironment
_PR_AddSleepQ
_PR_CreateThread
_PR_DelSleepQ
_PR_GetPrimordialCPU
_PR_MD_FREE_CV
_PR_MD_NEW_CV
_PR_MD_NOTIFYALL_CV
_PR_MD_NOTIFY_CV
_PR_MD_UNLOCK
_PR_MD_WAIT_CV
_PR_NativeCreateThread
_pr_push_ipv6toipv4_layer
_pr_test_ipv6_socket
libVersionPoint

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plc4.dll
.dll windows:4 windows x86 arch:x86

117580383d9705e2154f4772a3d7b5cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\xr19rel\WINNT_5.2_Depend\mozilla\obj-xulrunner\nsprpub\lib\libc\src\plc4.pdb

Imports

nspr4

PR_SetError
PR_Calloc
PR_GetSpecialFD
PR_GetError
PR_GetOSError
PR_ErrorToName
PR_fprintf
PR_Free
PR_Malloc

mozcrt19

strrchr
strpbrk
strstr
_encode_pointer
_malloc_crt
strchr
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_crt_debugger_hook
strncmp
free
memcpy
malloc
_encoded_null

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
QueryPerformanceCounter

Exports

Exports

PL_Base64Decode
PL_Base64Encode
PL_CreateLongOptState
PL_CreateOptState
PL_DestroyOptState
PL_FPrintError
PL_GetNextOpt
PL_PrintError
PL_strcasecmp
PL_strcaserstr
PL_strcasestr
PL_strcat
PL_strcatn
PL_strchr
PL_strcmp
PL_strcpy
PL_strdup
PL_strfree
PL_strlen
PL_strncasecmp
PL_strncaserstr
PL_strncasestr
PL_strncat
PL_strnchr
PL_strncmp
PL_strncpy
PL_strncpyz
PL_strndup
PL_strnlen
PL_strnpbrk
PL_strnprbrk
PL_strnrchr
PL_strnrstr
PL_strnstr
PL_strpbrk
PL_strprbrk
PL_strrchr
PL_strrstr
PL_strstr
PL_strtok_r
libVersionPoint

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

33:a0:51:6c:26:f4:2f:16:7e:4b:d7:30:29:47:fa:2f:75:64:3a:81Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 2KB

7ee0450cec29c4d479fe7750616af63d

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

gdi32

msvcrt

imagehlp

ws2_32

wininet

msvcp60

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 177KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 20KB - Virtual size: 18KB

.rsrc Size: 52KB - Virtual size: 49KB

.reloc Size: 16KB - Virtual size: 13KB

5b6d5d79a0d569100606e78b0b12b483

Headers

File Characteristics

Imports

msimg32

mfc42u

msvcrt

kernel32

user32

gdi32

shell32

comctl32

imm32

Exports

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

33:a0:51:6c:26:f4:2f:16:7e:4b:d7:30:29:47:fa:2f:75:64:3a:81
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 180KB - Virtual size: 177KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 20KB - Virtual size: 18KB

.rsrc
Size: 52KB - Virtual size: 49KB

.reloc
Size: 16KB - Virtual size: 13KB

.text
Size: 260KB - Virtual size: 259KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 52KB - Virtual size: 49KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 476KB - Virtual size: 472KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 20KB - Virtual size: 17KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

7f:7d:f1:d7:67:67:ec:75:cd:8e:13:14:eb:ca:5f:06:1f:94:ef:3e
Signer

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB