b0be29bcccbc18b29f43856553f34076_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0be29bcccbc18b29f43856553f34076_JaffaCakes118
Size

25.3MB
MD5

b0be29bcccbc18b29f43856553f34076
SHA1

f4bbbc4ee08cace02cbc7fda073a8860a5ab1760
SHA256

582f723c5bdac70067b3a531e4cbd8b45e1854ccd91655c7542a3bfa0281c48d
SHA512

7fe7c9f5a1abf9ab7bffec8c11efd8878f4373c19a838aaf801f314a5aac502880d11e49f9a1a867c907599c5c03c654450b538b2ddadf381f92cc577c73b26a
SSDEEP

786432:QxWHpYT67B40PJveY/WANVbqFCKZb3FWbbo7g:A8Gm7uSePecBZbV5g

Score

10^/10

Malware Config

Signatures

Nirsoft 2 IoCs

resource	yara_rule
static1/unpack001/��⨢��/LastActivityView.exe	Nirsoft
static1/unpack001/��㧥�/BrowsingHistoryView.exe	Nirsoft

Unsigned PE 60 IoCs

Checks for missing Authenticode signature.

resource
unpack001/USB/usbHistory.exe
unpack001/��㧥�/BrowsingHistoryView.exe
unpack001/�㢠/lang/lang-1025.dll
unpack001/�㢠/lang/lang-1026.dll
unpack001/�㢠/lang/lang-1027.dll
unpack001/�㢠/lang/lang-1028.dll
unpack001/�㢠/lang/lang-1029.dll
unpack001/�㢠/lang/lang-1030.dll
unpack001/�㢠/lang/lang-1031.dll
unpack001/�㢠/lang/lang-1032.dll
unpack001/�㢠/lang/lang-1034.dll
unpack001/�㢠/lang/lang-1035.dll
unpack001/�㢠/lang/lang-1036.dll
unpack001/�㢠/lang/lang-1037.dll
unpack001/�㢠/lang/lang-1038.dll
unpack001/�㢠/lang/lang-1040.dll
unpack001/�㢠/lang/lang-1041.dll
unpack001/�㢠/lang/lang-1043.dll
unpack001/�㢠/lang/lang-1044.dll
unpack001/�㢠/lang/lang-1045.dll
unpack001/�㢠/lang/lang-1046.dll
unpack001/�㢠/lang/lang-1048.dll
unpack001/�㢠/lang/lang-1049.dll
unpack001/�㢠/lang/lang-1050.dll
unpack001/�㢠/lang/lang-1051.dll
unpack001/�㢠/lang/lang-1052.dll
unpack001/�㢠/lang/lang-1053.dll
unpack001/�㢠/lang/lang-1054.dll
unpack001/�㢠/lang/lang-1055.dll
unpack001/�㢠/lang/lang-1057.dll
unpack001/�㢠/lang/lang-1058.dll
unpack001/�㢠/lang/lang-1059.dll
unpack001/�㢠/lang/lang-1060.dll
unpack001/�㢠/lang/lang-1061.dll
unpack001/�㢠/lang/lang-1062.dll
unpack001/�㢠/lang/lang-1063.dll
unpack001/�㢠/lang/lang-1066.dll
unpack001/�㢠/lang/lang-1067.dll
unpack001/�㢠/lang/lang-1068.dll
unpack001/�㢠/lang/lang-1071.dll
unpack001/�㢠/lang/lang-1079.dll
unpack001/�㢠/lang/lang-2052.dll
unpack001/�㢠/lang/lang-2074.dll
unpack001/�㢠/lang/lang-3098.dll
unpack001/�㢠/lang/lang-5146.dll
unpack001/�㢠/lang/lang-9999.dll
unpack001/��⬠�/Resources/LoadRAW.dll
unpack001/��⬠�/Resources/MagicPDF.dll
unpack001/��⬠�/Resources/magic_cmp.dll
unpack001/��⬠�/Resources/magic_jbig.exe
unpack001/��⬠�/Resources/wp_type1ttf.dll
unpack001/��⬠�/media_dll/SDL-2.dll
unpack001/��⬠�/media_dll/SDL.dll
unpack001/��⬠�/media_dll/avcodec-54.dll
unpack001/��⬠�/media_dll/avdevice-54.dll
unpack001/��⬠�/media_dll/avfilter-3.dll
unpack001/��⬠�/media_dll/avformat-54.dll
unpack001/��⬠�/media_dll/avutil-52.dll
unpack001/��⬠�/media_dll/swresample-0.dll
unpack001/��⬠�/media_dll/swscale-2.dll

Files

b0be29bcccbc18b29f43856553f34076_JaffaCakes118
.zip
PHacker 32 bit/ProcessHacker.exe
.exe windows:5 windows x86 arch:x86

04de0ad9c37eb7bd52043d2ecac958df

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0d:50:34:d9:d5:b2:74:e3:7b:42:9c:b2:20:c0:e4:f0:a0:be:42:30:5f:68:9d:f1:2c:5e:79:08:f0:27:e1
Signer

Actual PE Digest

04:0d:50:34:d9:d5:b2:74:e3:7b:42:9c:b2:20:c0:e4:f0:a0:be:42:30:5f:68:9d:f1:2c:5e:79:08:f0:27:e1

Digest Algorithm

sha256

PE Digest Matches

true

be:c9:d8:3f:06:9b:df:1c:14:7d:4a:b1:44:ad:e3:46:1e:7a:46:c3
Signer

Actual PE Digest

be:c9:d8:3f:06:9b:df:1c:14:7d:4a:b1:44:ad:e3:46:1e:7a:46:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\processhacker2\bin\Release32\ProcessHacker.pdb

Imports

ntdll

NtCreateTimer
NtAlertThread
NtSetTimer
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
NtCreateSemaphore
LdrGetProcedureAddress
NtQueryObject
NtClearEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlGetVersion
NtDeviceIoControlFile
NtSetInformationObject
NtQueryFullAttributesFile
NtQueryValueKey
NtOpenFile
NtQuerySecurityObject
NtOpenSection
NtQueryDirectoryFile
NtCreateFile
NtCreateKey
RtlCreateUserThread
NtQueryDirectoryObject
NtFsControlFile
NtOpenDirectoryObject
RtlPrefixUnicodeString
NtSetSecurityObject
NtOpenProcess
NtQuerySymbolicLinkObject
RtlConvertSidToUnicodeString
NtOpenKey
NtQueueApcThread
NtUnloadDriver
RtlEqualUnicodeString
NtOpenSymbolicLinkObject
NtOpenThread
NtDeleteKey
NtQueryKey
NtGetContextThread
NtQueryInformationFile
NtFlushBuffersFile
NtLockFile
NtSetInformationFile
NtUnlockFile
RtlInterlockedPopEntrySList
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
NtAllocateVirtualMemory
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteN
RtlExpandEnvironmentStrings_U
RtlGetDaclSecurityDescriptor
RtlCreateUserProcess
RtlNtStatusToDosError
RtlCreateProcessParameters
NtFilterToken
RtlStringFromGUID
RtlFindMessage
NtQueryAttributesFile
RtlAddAce
RtlDestroyProcessParameters
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlGetAce
RtlRandomEx
NtDuplicateToken
RtlGetFullPathName_U
NtSetInformationToken
NtPowerInformation
NtTestAlert
NtOpenThreadToken
RtlTimeToSecondsSince1980
RtlEqualSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlFirstEntrySList
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
NtSuspendThread
NtQueryInformationProcess
NtRemoveProcessDebug
NtTerminateThread
NtResumeProcess
RtlAbsoluteToSelfRelativeSD
RtlLengthSid
RtlUnwind
NtCreateSection
NtQueryMutant
NtReleaseSemaphore
NtSetHighEventPair
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlSecondsSince1970ToTime
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
NtQueryInformationToken
NtCreateMutant
NtOpenProcessToken
NtAdjustPrivilegesToken
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtMapViewOfSection
NtQuerySection
RtlSetHeapInformation
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlQueryEnvironmentVariable_U
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
NtSetValueKey
RtlDetermineDosPathNameType_U
NtDeleteValueKey
NtAddAtom
RtlGUIDFromString
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtDelayExecution
NtSetInformationThread
NtFreeVirtualMemory

winsta

WinStationSendMessageW
WinStationShadow
WinStationGetAllProcesses
WinStationFreeGAPMemory
WinStationRegisterConsoleNotification
WinStationQueryInformationW
WinStationFreeMemory
WinStationEnumerateW
WinStationReset
WinStationDisconnect
WinStationConnectW

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ImageList_Remove
CreatePropertySheetPageW
InitCommonControlsEx
PropertySheetW
ImageList_Replace

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

uxtheme

IsThemeActive
GetThemeInt
SetWindowTheme
CloseThemeData
DrawThemeBackground
OpenThemeData
IsThemePartDefined
EnableThemeDialogTexture

kernel32

GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
IsValidCodePage
GetOEMCP
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
CreateFileW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
ReadFile
SizeofResource
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
GlobalLock
GlobalUnlock
LocalAlloc
VirtualQuery
GlobalSize
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
GetACP
GetStdHandle
WriteFile
WideCharToMultiByte
GetModuleHandleExW
HeapFree
CreateRemoteThread
CreateThread
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
GetSystemDefaultLangID
GetSystemDirectoryW
GetLocaleInfoW
GetUserDefaultLangID
SearchPathW
LocalFree
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
ExitProcess
SetErrorMode
GetTickCount
AllocConsole
GetConsoleWindow
FreeConsole
SetConsoleCtrlHandler
CreateProcessW
FileTimeToLocalFileTime
FileTimeToSystemTime
ReadConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
WriteConsoleW
DecodePointer
RaiseException
HeapAlloc
GetModuleHandleW
GetProcAddress
GetLastError

user32

ReleaseCapture
PtInRect
SetScrollPos
ShowCaret
EnableScrollBar
SetCapture
DestroyCaret
DragDetect
GetClipboardData
CreateCaret
SetCaretPos
GetScrollInfo
RegisterClipboardFormatW
SetScrollInfo
GetDCEx
BeginPaint
ScreenToClient
SetCursorPos
ScrollWindowEx
GetUpdateRect
GetMessageTime
DrawFocusRect
GetCapture
GetAsyncKeyState
InvalidateRgn
WaitMessage
MessageBeep
GetMessagePos
GetUpdateRgn
GetIconInfo
EndPaint
EmptyClipboard
CloseClipboard
OpenClipboard
GetActiveWindow
GetFocus
TrackPopupMenu
DestroyMenu
CreatePopupMenu
FrameRect
InsertMenuItemW
DialogBoxParamW
SetDlgItemTextW
EndDialog
LockWorkStation
ExitWindowsEx
SendMessageW
IsWindowVisible
EnableWindow
GetParent
GetDlgItem
SetPropW
IsWindowEnabled
RemovePropW
GetPropW
GetClassNameW
GetWindowThreadProcessId
IsIconic
InvalidateRect
SetForegroundWindow
GetClientRect
SetWindowLongW
FindWindowW
SetLayeredWindowAttributes
MoveWindow
ClientToScreen
GetMonitorInfoW
GetWindowInfo
RedrawWindow
ShowWindow
GetSubMenu
GetWindowPlacement
GetMenuItemCount
MonitorFromRect
SetWindowPos
GetMenu
FindWindowExW
PostMessageW
GetKeyState
GetMenuItemInfoW
GetWindowLongW
MapWindowPoints
SetWindowTextW
GetWindowRect
MapDialogRect
DestroyIcon
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
SetCursor
LoadCursorW
CreateDialogParamW
GetSysColorBrush
GetSysColor
CopyIcon
SetDlgItemInt
SetTimer
DestroyWindow
ReleaseDC
SystemParametersInfoW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
DispatchMessageW
LoadAcceleratorsW
GetSystemMetrics
GetDC
SendMessageTimeoutW
GetMessageW
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
AppendMenuW
EndDeferWindowPos
DrawMenuBar
LoadIconW
SetFocus
SetMenuInfo
SetMenuItemInfoW
BeginDeferWindowPos
IsWindow
RegisterClassExW
CreateWindowExW
ShowWindowAsync
LoadMenuW
DefWindowProcW
DeferWindowPos
GetCursorPos
DrawIconEx
DrawTextW
TrackMouseEvent
IsHungAppWindow
SetActiveWindow
MonitorFromWindow
MonitorFromPoint
CallWindowProcW
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
FillRect
GetDlgItemInt
GetGuiResources
GetWindowTextLengthW
OpenWindowStationW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
CloseWindowStation
EnumDesktopsW
GetGUIThreadInfo
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
GetWindowTextW
CreateDialogIndirectParamW
GetDesktopWindow
SetClipboardData
InternalGetWindowText

gdi32

GetDeviceCaps
CreateFontW
DeleteObject
GetTextColor
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
SetDCPenColor
SetDCBrushColor
Polyline
GetStockObject
CreateCompatibleDC
CreateDIBSection
DeleteDC
BitBlt
SetTextColor
Rectangle
GetCharWidthW
TextOutW
SetBoundsRect
CreateCompatibleBitmap
GdiAlphaBlend
IntersectClipRect
CombineRgn
RestoreDC
ExcludeClipRect
SelectClipRgn
GetClipRgn
SaveDC
GetDIBits
SetBkColor
GetObjectW
CreateRectRgn
CreateFontIndirectW
SetBkMode

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
ChooseFontW

advapi32

LogonUserW
SystemFunction036
SetSecurityInfo
GetSecurityInfo
LsaLookupSids
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaOpenPolicy
LsaLookupPrivilegeName
StartServiceW
ControlService
DeleteService
CloseServiceHandle
LsaClose
LsaAddAccountRights
ChangeServiceConfigW
ChangeServiceConfig2W
OpenSCManagerW
CreateServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
LsaFreeMemory
LsaEnumerateAccounts
RegisterServiceCtrlHandlerExW
OpenServiceW
QueryServiceConfig2W
CreateProcessAsUserW
EnumServicesStatusExW
LsaEnumeratePrivilegesOfAccount
LsaOpenAccount
CreateProcessWithLogonW
QueryServiceConfigW

shell32

SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
ExtractIconExW
DuplicateIcon

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

Exports

Exports

PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewItem
PhAddTabControlTab
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhAutoDereferenceObject
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearList
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateEMenu
PhCreateEMenuItem
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateKey
PhCreateList
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhDecodeUnicodeDecoder
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteStringBuilder
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDestroyEMenu
PhDestroyEMenuItem
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseName
PhGetComboBoxString
PhGetDllFileName
PhGetDrawInfoGraphBuffers
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFullPath
PhGetGenericTreeNewLines
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetJobProcessIdList
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetMessage
PhGetModuleFromAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStockApplicationIcon
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHashBytes
PhHashStringRef
PhHeapHandle
PhHexStringToBuffer
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeStringBuilder
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInjectDllProcess
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvokeCallback
PhIsExecutablePacked
PhIsExecutingInWow64
PhLayoutManagerLayout
PhLibImageBase
PhListenNamedPipe
PhLoadIcon
PhLoadListViewColumnSettings
PhLoadModuleSymbolProvider
PhLoadResourceEMenuItem
PhLocalTimeToSystemTime
PhLockFileStream
PhLoggedCallback
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhLowerBoundElementAvlTree
PhLowerDualBoundElementAvlTree
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhModalPropertySheet
PhModifyEMenuItem
PhNetworkItemAddedEvent
PhNetworkItemModifiedEvent
PhNetworkItemRemovedEvent
PhNetworkItemsUpdatedEvent
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPredecessorElementAvlTree
PhPrintTimeSpan
PhProcessAddedEvent
PhProcessModifiedEvent
PhProcessRemovedEvent
PhProcessesUpdatedEvent
PhQueryFullAttributesFileWin32
PhQueryKey
PhQueryRegistryString
PhQueryServiceVariableSize
PhQuerySystemTime
PhQueryTimeZoneBias
PhQueryValueKey
PhQueueItemWorkQueue
PhQueueItemWorkQueueEx
PhReAllocate
PhReAllocateSafe
PhReadFileStream
PhReferenceEmptyString
PhReferenceObject
PhReferenceObjectEx
PhReferenceObjectSafe
PhReferenceObjects
PhRegisterCallback
PhRegisterCallbackEx
PhRemoveAllEMenuItems
PhRemoveEMenuItem
PhRemoveElementAvlTree
PhRemoveEntryHashtable
PhRemoveItemArray
PhRemoveItemList
PhRemoveItemPointerList
PhRemoveItemSimpleHashtable
PhRemoveItemsArray
PhRemoveItemsList
PhRemoveListViewItem
PhRemoveStringBuilder
PhResizeArray
PhResizeCircularBuffer_FLOAT
PhResizeCircularBuffer_PVOID
PhResizeCircularBuffer_ULONG
PhResizeCircularBuffer_ULONG64
PhResizeList
PhResolveDevicePrefix
PhRoundUpToPowerOfTwo
PhSaveListViewColumnSettings
PhSeekFileStream
PhSelectComboBoxString
PhServiceAddedEvent
PhServiceModifiedEvent
PhServiceRemovedEvent
PhServicesUpdatedEvent
PhSetClipboardString
PhSetControlTheme
PhSetExtendedListView
PhSetFileDialogFileName
PhSetFileDialogFilter
PhSetFileDialogOptions
PhSetFileSize
PhSetFlagsAllEMenuItems
PhSetFlagsEMenuItem
PhSetGraphText
PhSetHeaderSortIcon
PhSetImageListBitmap
PhSetListViewItemImageIndex
PhSetListViewSubItem
PhSetObjectSecurity
PhSetOptionsSymbolProvider
PhSetSeObjectSecurity
PhSetSearchPathSymbolProvider
PhSetServiceDelayedAutoStart
PhSetStateAllListViewItems
PhSetTokenIsVirtualizationEnabled
PhSetTokenPrivilege
PhSetTokenPrivilege2
PhSetTokenSessionId
PhShellExecute
PhShellExecuteEx
PhShellExploreFile
PhShellOpenKey
PhShellProperties
PhShowConfirmMessage
PhShowContinueStatus
PhShowEMenu
PhShowFileDialog
PhShowMessage
PhShowMessage_V
PhShowStatus
PhSidToStringSid
PhSplitStringRefAtChar
PhSplitStringRefAtLastChar
PhSplitStringRefAtString
PhSplitStringRefEx
PhStackWalk
PhStdGetClientIdName
PhStdGetObjectSecurity
PhStdSetObjectSecurity
PhStringToDouble
PhStringToInteger64
PhSuccessorElementAvlTree
PhSystemBasicInformation
PhSystemTimeToLocalTime
PhTerminateProcess
PhTransceiveNamedPipe
PhTrimStringRef
PhUnloadDllProcess
PhUnloadDriver
PhUnlockFileStream
PhUnregisterCallback
PhUpdateDosDevicePrefixes
PhUpdateHash
PhUpdateMupDevicePrefixes
PhUpperBoundElementAvlTree
PhUpperDualBoundElementAvlTree
PhVerifyFile
PhVerifyFileStream
PhWaitForNamedPipe
PhWaitForWorkQueue
PhWalkThreadStack
PhWriteFileStream
PhWriteMiniDumpProcess
PhWriteStringAsUtf8FileStream
PhWriteStringAsUtf8FileStream2
PhWriteStringAsUtf8FileStreamEx
PhWriteStringFormatAsUtf8FileStream
PhWriteStringFormatAsUtf8FileStream_V
PhWriteUnicodeDecoder

Sections

.text
Size: 865KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/ProcessHacker.sig
PHacker 32 bit/kprocesshacker.sys
.sys windows:6 windows x86 arch:x86

f4bb5c922d37f0e22b46ddcb970a0a3a

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:98:20:57:ba:e3:80:8a:bd:34:17:d0:82:7f:cf:59:6f:97:9f:82:4c:ff:14:9b:2f:8c:dc:f2:5b:86:39:6f
Signer

Actual PE Digest

57:98:20:57:ba:e3:80:8a:bd:34:17:d0:82:7f:cf:59:6f:97:9f:82:4c:ff:14:9b:2f:8c:dc:f2:5b:86:39:6f

Digest Algorithm

sha256

PE Digest Matches

true

63:3d:86:e3:de:24:2f:57:82:4a:48:82:99:25:ae:95:57:07:83:11
Signer

Actual PE Digest

63:3d:86:e3:de:24:2f:57:82:4a:48:82:99:25:ae:95:57:07:83:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\projects\processhacker2\kprocesshacker\bin\i386\kprocesshacker.pdb

Imports

ntoskrnl.exe

RtlGetVersion
PsReleaseProcessExitSynchronization
PsAcquireProcessExitSynchronization
ExfUnblockPushLock
ObGetObjectType
ExEnumHandleTable
ObfDereferenceObject
ObReferenceObjectByHandle
PsProcessType
ObQueryNameString
KeUnstackDetachProcess
ObSetHandleAttributes
KeStackAttachProcess
PsInitialSystemProcess
ObOpenObjectByName
IoFileObjectType
ObOpenObjectByPointer
IoDriverObjectType
RtlEqualUnicodeString
ZwQueryInformationThread
ZwQueryInformationProcess
ExAllocatePoolWithQuotaTag
ZwQueryObject
PsLookupProcessByProcessId
PsLookupProcessThreadByCid
PsDereferencePrimaryToken
SeTokenObjectType
PsReferencePrimaryToken
PsJobType
ProbeForRead
ZwTerminateProcess
IoGetCurrentProcess
KeGetCurrentThread
PsThreadType
PsLookupThreadByThreadId
IoThreadToProcess
RtlWalkFrameChain
KeSetEvent
KeWaitForSingleObject
KeInsertQueueApc
KeInitializeApc
ZwQuerySystemInformation
ZwQueryVirtualMemory
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
SeLocateProcessImageName
MmHighestUserAddress
RtlRandomEx
KeQueryInterruptTime
KeDelayExecutionThread
MmUnlockPages
MmUnmapLockedPages
ExRaiseStatus
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
MmIsAddressValid
KeTickCount
KeBugCheckEx
RtlUnwind
IoCreateDevice
ProbeForWrite
memcpy
RtlInitUnicodeString
ZwOpenKey
ZwClose
ZwQueryValueKey
ExFreePoolWithTag
memset
PsGetCurrentProcessId
SePrivilegeCheck
ExAllocatePoolWithTag
IofCompleteRequest
IoDeleteDevice
PsGetProcessJob
KeInitializeEvent

hal

KfLowerIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfRaiseIrql

ksecdd.sys

BCryptCreateHash
BCryptFinishHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptVerifySignature
BCryptDestroyHash
BCryptImportKeyPair

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/peview.exe
.exe windows:5 windows x86 arch:x86

18b893d812345fefafd644b870f18c61

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:18:37:f1:d6:ef:25:08:a7:0a:cd:46:90:ca:7f:ba:63:64:95:b0:20:67:e9:d1:f8:d1:0f:3e:3b:5a:77:9a
Signer

Actual PE Digest

f1:18:37:f1:d6:ef:25:08:a7:0a:cd:46:90:ca:7f:ba:63:64:95:b0:20:67:e9:d1:f8:d1:0f:3e:3b:5a:77:9a

Digest Algorithm

sha256

PE Digest Matches

true

9d:43:78:67:ff:93:b1:11:4c:0b:8f:71:36:fd:c8:07:45:a2:08:10
Signer

Actual PE Digest

9d:43:78:67:ff:93:b1:11:4c:0b:8f:71:36:fd:c8:07:45:a2:08:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\processhacker2\bin\Release32\peview.pdb

Imports

ntdll

NtCreateFile
NtQueryInformationFile
RtlRaiseStatus
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlUnwind
NtSetEvent
NtCreateEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
NtReleaseSemaphore
NtCreateSemaphore
NtSetInformationThread
NtMapViewOfSection
NtCreateSection
RtlCreateHeap
RtlGetVersion
NtQuerySystemInformation
NtAddAtom
LdrGetProcedureAddress
NtWaitForSingleObject
RtlNtStatusToDosError
RtlFindMessage
NtClose
RtlDosPathNameToNtPathName_U
NtUnmapViewOfSection
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlSecondsSince1970ToTime

uxtheme

SetWindowTheme
EnableThemeDialogTexture

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetOEMCP
IsValidCodePage
GetCPInfo
GetFileType
HeapAlloc
HeapFree
GetModuleHandleExW
WideCharToMultiByte
WriteFile
GetStdHandle
GetACP
MultiByteToWideChar
GetStringTypeW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
TlsFree
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
VirtualQuery
ExitProcess
SetLastError
GlobalUnlock
GlobalLock
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW
RaiseException
CreateFileW
FreeLibrary
GlobalFree
GlobalAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsSetValue
TlsAlloc
TlsGetValue
CreateThread
GetUserDefaultLangID
GetLocaleInfoW
GetSystemDefaultLangID
GetLastError
LoadLibraryW
GetProcAddress
GetTimeFormatW
GetModuleHandleW
GetDateFormatW

user32

CallWindowProcW
GetPropW
RemovePropW
SetPropW
GetParent
GetDlgItem
SendMessageW
ReleaseDC
GetDC
GetKeyState
SetWindowLongW
SetDlgItemTextW
ShowWindow
PostMessageW
MoveWindow
GetMonitorInfoW
MonitorFromWindow
MessageBoxW
GetWindowRect
InvalidateRect
GetClientRect
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowPos
GetWindowLongW
SetCursor

gdi32

SelectObject
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SystemFunction036

shell32

SHGetFileInfoW
ExtractIconExW
SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

comctl32

PropertySheetW
CreatePropertySheetPageW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/plugins/DotNetTools.dll
.dll windows:5 windows x86 arch:x86

e17ba1da8b79afe0943501b2878fa8aa

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:97:f5:3c:1c:9b:91:67:27:f3:3f:9c:4e:83:8f:30:6e:8a:ca:b8:74:77:fa:ff:89:b7:b9:b2:9c:63:72:9f
Signer

Actual PE Digest

16:97:f5:3c:1c:9b:91:67:27:f3:3f:9c:4e:83:8f:30:6e:8a:ca:b8:74:77:fa:ff:89:b7:b9:b2:9c:63:72:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\DotNetTools.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

_PhPluginGetObjectExtension@12
_PhPluginAddTreeNewColumn@24
PhAddItemSimpleHashtable
PhRemoveItemSimpleHashtable
PhfWakeForReleaseQueuedLock
PhFindItemSimpleHashtable
PhfAcquireQueuedLockExclusive
PhCreateSimpleHashtable
PhFormatToBuffer
PhFormatSize
PhSetListViewSubItem
PhAddListViewColumn
_PhLoadListViewColumnsFromSetting@8
_PhAddPropPageLayoutItem@16
PhUnregisterCallback
_PhSaveListViewColumnsToSetting@8
_PhHandleListViewNotifyForCopy@8
PhAddListViewItem
PhAddComboBoxStrings
_PhSetIntegerSetting@8
_PhGetIntegerSetting@4
PhFormatUInt64
PhGetProcessIsDotNet
_PhAddSettings@8
_PhGetGeneralCallback@4
PhSetFlagsEMenuItem
_PhGetProcessIsSuspended@4
PhDereferenceObject
PhAppendStringBuilder2
PhShowMessage
PhEnumProcesses
_PhCreateProcessPropPageContextEx@16
_PhPluginSetObjectExtension@20
PhRegisterCallback
_PhRegisterPlugin@12
_PhGetPluginCallback@8
WindowsVersion
PhFormatString_V
PhAutoDereferenceObject
PhEnumProcessModules
PhGetSystemRoot
PhOpenProcess
PhfEndInitOnce
ProcessQueryAccess
PhOpenThread
PhConcatStringRef2
PhfBeginInitOnce
PhFindLastCharInStringRef
PhCreateList
PhCreateString
PhGetTreeNewText
PhSetControlTheme
PhFormatString
PhAllocate
PhCreateThread
PhFindProcessInformation
PhLoadResourceEMenuItem
PhCountStringZ
PhInitializeStringBuilder
_PhCmLoadSettings@8
_PhPropPageDlgProcHeader@24
PhCompareStringRef
PhConcatStrings2
PhCreateEMenu
PhAddItemList
PhGetWin32Message
PhShellExploreFile
_PhGetStringSetting@4
PhSetClipboardString
PhGetProcessIsDotNetEx
_PhSetStringSetting2@8
PhSplitStringRefAtChar
_PhAddProcessPropPage@8
PhRemoveStringBuilder
PhCreateStringEx
_PhPropPageDlgProcDestroy@4
_PhDoPropPageLayout@4
PhFinalStringBuilderString
PhShowEMenu
PhDestroyEMenu
PhFree
PhConcatStrings
_PhCmSaveSettings@4
PhReferenceObject

ntdll

RtlUnwind
NtMapViewOfSection
NtOpenSection
NtUnmapViewOfSection
RtlFreeSid
NtDuplicateObject
RtlAllocateAndInitializeSid
LdrGetDllHandle
NtReleaseMutant
NtOpenProcessToken
RtlNtStatusToDosError
NtReadVirtualMemory
RtlEqualUnicodeString
LdrGetProcedureAddress
NtGetContextThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtClose
NtQueryInformationToken

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
EnterCriticalSection
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
RaiseException

user32

GetKeyState
PostMessageW
SendMessageW
IsWindow
GetDlgItem
InvalidateRect

advapi32

SystemFunction036
ControlTraceW
CloseTrace
ProcessTrace
StartTraceW
OpenTraceW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/plugins/ExtendedNotifications.dll
.dll windows:5 windows x86 arch:x86

a38628b6f28117aef252a51755a56458

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:03:8d:1d:1f:31:83:8d:33:b5:91:22:21:b9:3e:c2:4c:75:39:18:bb:60:e6:54:cf:7a:e7:e4:5e:76:14:61
Signer

Actual PE Digest

a3:03:8d:1d:1f:31:83:8d:33:b5:91:22:21:b9:3e:c2:4c:75:39:18:bb:60:e6:54:cf:7a:e7:e4:5e:76:14:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\ExtendedNotifications.pdb

Imports

processhacker.exe

PhGetGlobalWorkQueue
PhRegisterCallback
PhAutoDereferenceObject
_PhFormatLogEntry@4
PhWriteStringFormatAsUtf8FileStream
PhCreateFileStream
_PhGetStringSetting@4
PhLoggedCallback
PhFree
_PhReferenceProcessItemForParent@12
PhCreateList
PhFreeFileDialog
PhAllocate
PhShowFileDialog
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhInsertItemList
PhClearList
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhSetFileDialogFilter
PhAddItemList
_PhAddSettings@8
PhRemoveItemList
PhGetFileDialogFileName
PhSetFileDialogFileName
_PhGetGeneralCallback@4
PhCreateSaveFileDialog
_PhSetStringSetting2@8
PhFormatDateTime
PhQueueItemWorkQueue
PhFinalStringBuilderString
PhFormatString_V
_PhSetIntegerSetting@8
PhAppendCharStringBuilder
PhMatchWildcards
_PhGetIntegerSetting@4
_PhRegisterPlugin@12
PhReferenceObject
PhAppendStringBuilderEx
_PhGetPluginCallback@8
PhDeleteStringBuilder
PhGetFileName
PhConvertUtf8ToUtf16
PhDereferenceObject
PhFindCharInStringRef
PhModalPropertySheet
PhDuplicateBytesZSafe
PhAllocateSafe

ntdll

RtlUnwind

user32

SetWindowLongW
SendMessageW
EnableWindow
GetParent
GetDlgItem
SetDlgItemTextW

comctl32

ord412
ord410
ord413
CreatePropertySheetPageW

kernel32

HeapSize
WriteConsoleW
FlushFileBuffers
CreateFileW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapReAlloc
GetConsoleCP
WriteFile
SetStdHandle
GetACP
CloseHandle
LCMapStringW
GetFileType
GetStdHandle
GetConsoleMode
SetFilePointerEx
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
InterlockedFlushSList
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleFileNameW

advapi32

SystemFunction036

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/plugins/ExtendedServices.dll
.dll windows:5 windows x86 arch:x86

227df7ae8435d542b182ed859f1fc4eb

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:22:03:a8:39:01:8d:cc:58:6f:e3:8b:80:aa:a6:98:17:5f:a8:c1:ac:b6:ed:24:95:6e:87:ce:e4:8e:43:b5
Signer

Actual PE Digest

92:22:03:a8:39:01:8d:cc:58:6f:e3:8b:80:aa:a6:98:17:5f:a8:c1:ac:b6:ed:24:95:6e:87:ce:e4:8e:43:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\ExtendedServices.pdb

Imports

processhacker.exe

PhFinalStringBuilderString
PhReferenceEmptyString
PhDeleteAutoPool
PhFormatGuid
PhGetSelectedListViewItemParam
PhClearList
PhFormatString
PhLayoutManagerLayout
PhFree
PhAutoDereferenceObject
PhAddLayoutItem
PhReAllocate
PhQueryRegistryString
PhInitializeAutoPool
PhConcatStringRef2
PhAppendStringBuilderEx
PhCreateAlloc
PhGetServiceConfig
_PhReferenceServiceItem@4
PhGetWin32Message
PhAddItemList
PhConcatStrings2
PhCountStringZ
PhOpenService
PhAllocate
PhDeleteLayoutManager
PhInitializeLayoutManager
PhCreateList
_PhUiPauseService@8
_PhGetPluginCallback@8
PhReferenceObject
_PhRegisterPlugin@12
_PhUiStartService@8
_PhGetIntegerSetting@4
PhRegisterCallback
PhFormatString_V
PhIndexOfEMenuItem
PhfAcquireQueuedLockShared
_PhGetGeneralCallback@4
PhOpenKey
PhCreateString
PhFreeFileDialog
PhShowFileDialog
PhSetFileDialogFilter
PhCreateOpenFileDialog
PhGetComboBoxString
PhGetFileDialogFileName
PhSetFileDialogFileName
PhCenterWindow
_PhaChoiceDialog@40
PhShowStatus
PhGetNtMessage
PhSetListViewSubItem
PhLookupPrivilegeDisplayName
PhSetControlTheme
PhQueryServiceVariableSize
PhDereferenceObjects
PhFindIntegerSiKeyValuePairs
PhEqualStringRef
PhSelectComboBoxString
PhSetExtendedListView
PhInitializeStringBuilder
PhGetWindowText
PhAddListViewColumn
PhRemoveItemList
PhSidToStringSid
PhRemoveListViewItem
_PhUiDisconnectFromPhSvc@0
_PhUiConnectToPhSvc@8
PhCreateStringEx
PhGetListViewItemParam
PhFindItemList
PhFindStringSiKeyValuePairs
PhAddListViewItem
_PhSvcCallChangeServiceConfig2@12
PhAddComboBoxStrings
PhAppendCharStringBuilder
PhDeleteStringBuilder
PhNtStatusToDosError
PhOpenLsaPolicy
PhShowMessage
PhAppendStringBuilder
PhDereferenceObject
PhGetOwnTokenAttributes
_PhSetIntegerSetting@8
PhMainWndHandle
PhInsertEMenuItem
_PhUiContinueService@8
_PhUiStopService@8
PhfReleaseQueuedLockShared
PhEscapeStringForMenuPrefix
_PhPluginCreateEMenuItem@20
PhCompareStringRef
PhFindEMenuItem
PhDestroyEMenuItem
_PhAddSettings@8
WindowsVersion
_PhCreateServiceListControl@12

ntdll

NtClose
NtEnumerateKey
RtlGUIDFromString
RtlUnwind

kernel32

GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
SetFilePointerEx
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
RaiseException
GetComputerNameW
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError

user32

IsWindowEnabled
GetWindowTextLengthW
GetWindowLongW
SetTimer
GetParent
GetDlgItemInt
SetWindowLongW
SetDlgItemInt
EnableWindow
EndDialog
DialogBoxParamW
SendMessageW
GetWindowRect
GetPropW
RemovePropW
ShowWindow
SetDlgItemTextW
MapWindowPoints
MoveWindow
SetPropW
GetDlgItem

advapi32

SystemFunction036
CloseServiceHandle
LsaEnumeratePrivileges
LsaClose
QueryServiceConfig2W
ChangeServiceConfig2W
LsaFreeMemory
QueryServiceStatus
EnumDependentServicesW

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/plugins/ExtendedTools.dll
.dll windows:5 windows x86 arch:x86

1f66a56d141224712ec7adb923bf37bc

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:bf:c7:65:3d:a1:16:63:57:3c:aa:b0:bb:6b:ff:5e:41:1f:6c:4f:63:29:43:a8:47:fe:a0:ca:af:75:dd:18
Signer

Actual PE Digest

cc:bf:c7:65:3d:a1:16:63:57:3c:aa:b0:bb:6b:ff:5e:41:1f:6c:4f:63:29:43:a8:47:fe:a0:ca:af:75:dd:18

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\ExtendedTools.pdb

Imports

processhacker.exe

PhSetGraphText
_PhDoPropPageLayout@4
_PhPropPageDlgProcDestroy@4
_PhAddProcessPropPage@8
PhAddLayoutItemEx
PhGlobalDpi
PhDeleteCircularBuffer_ULONG
_PhSiSetColorsGraphDrawInfo@12
_PhPropPageDlgProcHeader@24
PhPrintTimeSpan
PhDivideSinglesBySingle
PhApplicationFont
PhFormatSize
_PhGetStatisticsTime@12
PhAppendStringBuilder
PhAppendStringBuilder2
PhGetDrawInfoGraphBuffers
_PhFindProcessRecord@8
PhFinalStringBuilderString
PhRemoveStringBuilder
PhInitializeStringBuilder
_PhPluginRegisterIcon@24
PhDrawGraphDirect
PhfBeginInitOnce
_PhPluginAddTreeNewColumn@24
PhfEndInitOnce
_PhPluginEnableTreeNewNotify@8
PhNetworkItemsUpdatedEvent
PhEnumProcesses
_PhFindNetworkNode@4
_PhReferenceNetworkItem@16
PhInitializeCircularBuffer_ULONG64
_PhSiSizeLabelYFunction@16
PhDeleteCircularBuffer_ULONG64
_PhPluginGetObjectExtension@12
PhInitializeLayoutManager
_PhRegisterPlugin@12
PhIndexOfEMenuItem
_PhPluginSetObjectExtension@20
_PhGetGeneralCallback@4
_PhAddSettings@8
_PhPluginCreateEMenuItem@20
PhInsertEMenuItem
_PhCreateServiceListControl@12
PhShowStatus
_PhReferenceServiceItem@4
PhCreateSymbolProvider
PhCreateAlloc
PhEnumGenericModules
_PhLoadSymbolProviderOptions@4
PhGetSymbolFromAddress
PhOpenProcess
PhLoadModuleSymbolProvider
PhOpenThread
PhShowConfirmMessage
PhFormatDateTime
PhAddListViewItem
_PhHandleListViewNotifyForCopy@8
PhAllocateSafe
PhAddListViewColumn
PhSetExtendedListView
PhSetListViewSubItem
PhCopyStringZ
PhFindListViewItemByParam
PhFindItemSimpleHashtable
PhQueueItemWorkQueue
PhGetGlobalWorkQueue
PhGetBaseName
PhSystemBasicInformation
PhGetModuleFromAddress
PhAddItemSimpleHashtable
PhDeleteLayoutManager
_PhCreateProcessPropPageContextEx@16
PhUnregisterCallback
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhCopyCircularBuffer_FLOAT
PhAddLayoutItem
PhCenterWindow
PhLayoutManagerLayout
_PhGetStatisticsTimeString@8
PhBufferToHexString
PhCountStringZ
PhInitializeCircularBuffer_ULONG
PhHexStringToBuffer
_PhSetIntegerSetting@8
PhInitializeCircularBuffer_FLOAT
_PhReferenceProcessRecordForStatistics@4
PhFormatString
PhFormatString_V
PhCreateThread
WindowsVersion
PhHashStringRef
PhfReleaseQueuedLockShared
PhCreateObjectType
PhEqualStringRef
PhAddEntryHashtableEx
PhfWakeForReleaseQueuedLock
PhInvokeCallback
PhAllocateFromFreeList
PhfAcquireQueuedLockShared
PhInitializeFreeList
_PhDereferenceProcessRecord@4
PhCreateObject
_PhReferenceProcessItem@4
PhGetFileName
PhfAcquireQueuedLockExclusive
PhFreeToFreeList
PhProcessesUpdatedEvent
_PhReferenceProcessRecord@4
PhCreateSimpleHashtable
PhAddEntryHashtable
PhGetStockApplicationIcon
PhMainWndHandle
PhCreateList
_PhShellProcessHacker@28
PhCreateString
PhGetTreeNewText
_PhShowProcessRecordDialog@8
PhFormat
_PhInitializeTreeNewFilterSupport@12
PhSetControlTheme
PhAllocate
_PhFindProcessNode@4
PhLoadResourceEMenuItem
_PhSetIntegerPairSetting@12
PhRemoveEntryHashtable
PhSetFlagsAllEMenuItems
_PhCmLoadSettings@8
PhCompareStringRef
_PhDeleteTreeNewColumnMenu@4
PhFindEMenuItem
PhCreateEMenu
_PhGetPluginInformation@4
PhAddItemList
_PhReferenceProcessItemForRecord@4
PhShellExploreFile
_PhGetStringSetting@4
_PhHandleTreeNewColumnMenu@4
_PhInitializeTreeNewColumnMenu@4
PhRemoveItemList
PhSetClipboardString
_PhAddTreeNewFilter@12
_PhApplyTreeNewFiltersToNode@8
_PhGetIntegerPairSetting@4
PhCreateHashtable
PhDeleteCircularBuffer_FLOAT
_PhAddPropPageLayoutItem@16
PhInitializeGraphState
PhFormatUInt64
_PhFindPlugin@4
_PhSetStringSetting2@8
PhCreateStringEx
_PhApplyTreeNewFilters@4
PhFindItemList
PhShowEMenu
PhAutoDereferenceObject
PhRegisterCallback
_PhSelectAndEnsureVisibleProcessNode@4
_PhGetIntegerSetting@4
PhDestroyEMenu
PhFree
_PhCmSaveSettings@4
PhReferenceObject
PhWriteStringAsUtf8FileStream
PhShowMessage
PhGetGenericTreeNewLines
PhShellProperties
PhDereferenceObject
PhGetOwnTokenAttributes
PhWriteStringAsUtf8FileStream2
PhFindEntryHashtable
_PhGetPluginCallback@8
PhSetFlagsEMenuItem

ntdll

RtlClearAllBits
RtlInterlockedPushEntrySList
NtSetInformationProcess
NtQueryInformationProcess
RtlGetUnloadEventTraceEx
NtReadVirtualMemory
RtlSecondsSince1970ToTime
NtCancelSynchronousIoFile
NtDuplicateObject
NtAlpcQueryInformation
NtQueryInformationWorkerFactory
RtlUnwind
RtlSetBits
RtlNumberOfSetBits
RtlInitializeBitMap
LdrGetDllHandle
LdrGetProcedureAddress
NtClose
RtlInterlockedFlushSList
NtQueryPerformanceCounter
RtlInitializeSListHead

kernel32

LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter
GetCurrentProcess
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetSystemInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleW
LocalFree
GetProcAddress
Sleep
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
GetModuleFileNameW

user32

InvalidateRect
GetSysColorBrush
SetTimer
EnableWindow
MoveWindow
CopyIcon
DestroyIcon
DestroyWindow
GetPropW
RemovePropW
SetPropW
DeferWindowPos
GetWindowRect
SetWindowPos
EndDialog
GetSystemMetrics
BeginDeferWindowPos
MapWindowPoints
EndDeferWindowPos
MapDialogRect
GetClientRect
GetParent
DialogBoxParamW
CreateDialogParamW
GetKeyState
PostMessageW
CreateWindowExW
SendMessageW
ShowWindow
SetDlgItemTextW
SetFocus
LoadCursorW
SetCursor
GetDlgItem

gdi32

SelectObject
SetBkMode

advapi32

SystemFunction036
StartTraceW
OpenTraceW
ControlTraceW
EnableTraceEx
CloseTrace
ProcessTrace

ole32

CoCreateInstance

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/plugins/HardwareDevices.dll
.dll windows:5 windows x86 arch:x86

df6ce4cfb0f22ad2fc0e01b732d88f54

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:45:ea:f7:31:95:80:c0:16:33:fd:74:73:6b:46:07:eb:1a:5b:9d:0e:95:52:9b:0d:46:74:23:02:e1:e2:3c
Signer

Actual PE Digest

81:45:ea:f7:31:95:80:c0:16:33:fd:74:73:6b:46:07:eb:1a:5b:9d:0e:95:52:9b:0d:46:74:23:02:e1:e2:3c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\HardwareDevices.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

PhSystemBasicInformation
PhDereferenceObject
PhfAcquireQueuedLockExclusive
PhReferenceObject
PhCreateObject
_PhGetIntegerSetting@4
PhFindItemList
PhReferenceObjectSafe
PhfAcquireQueuedLockShared
PhInitializeCircularBuffer_ULONG64
PhRemoveItemList
WindowsVersion
PhAddItemList
PhReAllocate
PhGetOwnTokenAttributes
PhStringToInteger64
PhConcatStrings_V
PhCreateFileWin32
PhInsertEMenuItem
PhTrimStringRef
PhfWakeForReleaseQueuedLock
PhCountStringZ
PhCreateObjectType
PhfReleaseQueuedLockShared
PhDeleteCircularBuffer_ULONG64
PhCreateString
PhDereferenceObjectDeferDelete
PhCreateList
PhConvertMultiByteToUtf16
PhModalPropertySheet
PhFormatUInt64
PhLayoutManagerLayout
PhFree
PhCenterWindow
PhFormatDateTime
PhAutoDereferenceObject
PhFormatString_V
PhAddListViewItem
PhAddLayoutItem
PhCreateStringEx
PhAddListViewColumn
PhGetSelectedListViewItemParam
PhSetExtendedListView
PhCreateThread
PhAllocate
PhCreateEMenuItem
PhCreateEMenu
_PhAddSettings@8
_PhGetGeneralCallback@4
PhShowEMenu
PhSetControlTheme
PhDestroyEMenu
_PhRegisterPlugin@12
_PhGetPluginCallback@8
PhQueryValueKey
PhEqualStringRef
PhFindListViewItemByFlags
_PhGetStringSetting@4
_PhSetStringSetting2@8
PhSplitStringRefAtChar
PhGetListViewItemParam
PhFormatString
PhDivideSinglesBySingle
PhInitializeGraphState
PhConcatStrings2
_PhSiSizeLabelYFunction@16
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhGetDrawInfoGraphBuffers
_PhGetStatisticsTimeString@8
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhUnregisterCallback
PhRemoveStringBuilder
PhDrainAutoPool
PhFinalStringBuilderString
PhRegisterCallback
PhQueryRegistryString
PhInitializeAutoPool
PhConcatStringRef2
PhDeleteStringBuilder
PhProcessesUpdatedEvent
PhOpenKey
PhMainWndHandle
PhFormatSize
PhInitializeLayoutManager
PhBufferToHexString
PhDeleteLayoutManager
PhSetListViewSubItem

ntdll

NtQueryVolumeInformationFile
NtFsControlFile
NtQueryInformationProcess
NtDeviceIoControlFile
RtlGUIDFromString
LdrGetProcedureAddress
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
NtClose
RtlUnwind

kernel32

CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW
DecodePointer
CreateFileW
GetLogicalDrives
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime

user32

SendMessageW
EnableWindow
GetCursorPos
CreateWindowExW
InvalidateRect
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
TranslateMessage
PostQuitMessage
SetForegroundWindow
IsIconic
DefWindowProcW
GetPropW
GetDlgItem
RemovePropW
SetDlgItemTextW
SetPropW
GetParent

comctl32

ord413
ord410
ord412
CreatePropertySheetPageW

advapi32

SystemFunction036

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/plugins/NetworkTools.dll
.dll windows:5 windows x86 arch:x86

e32684bf82cc05bafae420aa4e52ec9a

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:f2:31:17:24:b5:c5:76:be:e5:cd:05:aa:25:96:74:e4:14:cf:74:ce:08:de:03:a2:1f:f4:8e:82:22:93:c5
Signer

Actual PE Digest

c5:f2:31:17:24:b5:c5:76:be:e5:cd:05:aa:25:96:74:e4:14:cf:74:ce:08:de:03:a2:1f:f4:8e:82:22:93:c5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\NetworkTools.pdb

Imports

processhacker.exe

WindowsVersion
PhReAllocate
PhCreateProcessWin32Ex
PhFormatString
PhApplicationFont
PhDivideSinglesBySingle
_PhGetPluginCallback@8
PhInitializeGraphState
PhInitializeCircularBuffer_ULONG
_PhGetPhVersion@0
_PhSiSetColorsGraphDrawInfo@12
PhUnregisterCallback
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhQueueItemWorkQueue
PhDeleteWorkQueue
PhSetGraphText
PhInitializeWorkQueue
PhProcessesUpdatedEvent
PhCreateBytesEx
PhMainWndHandle
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhCreateThread
_PhSaveWindowPlacementToSetting@12
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhTerminateProcess
_PhGetIntegerPairSetting@4
_PhLoadWindowPlacementFromSetting@12
PhRemoveStringBuilder
PhDrainAutoPool
PhAddLayoutItem
PhFormatString_V
PhAutoDereferenceObject
_PhGetScalableIntegerPairSetting@8
PhAppendCharStringBuilder
PhInitializeAutoPool
PhCenterWindow
PhFree
PhDeleteStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilder
PhLayoutManagerLayout
PhDereferenceObject
PhShellExecute
_PhSetIntegerSetting@8
_PhGetIntegerSetting@4
PhInsertEMenuItem
_PhPluginCreateEMenuItem@20
PhFindEMenuItem
_PhAddSettings@8
_PhGetGeneralCallback@4
PhIndexOfEMenuItem
PhRegisterCallback
_PhRegisterPlugin@12

ntdll

NtReadFile
NtSetInformationObject
RtlOemStringToUnicodeString
RtlIpv6AddressToStringW
NtClose
RtlIpv4AddressToStringW
RtlFreeUnicodeString
RtlUnwind

kernel32

TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TlsGetValue
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
WideCharToMultiByte
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TerminateProcess
ExitProcess
HeapFree
HeapAlloc
GetACP
GetFileType
LCMapStringW
IsValidCodePage
GetOEMCP
FreeLibrary
CreateFileW
CloseHandle
WriteConsoleW
MulDiv
GetStdHandle
CreatePipe
DecodePointer
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
MultiByteToWideChar

user32

ShowWindow
GetWindowLongW
PostMessageW
GetDC
CreateWindowExW
GetSystemMetrics
DestroyIcon
GetDlgCtrlID
SetWindowLongW
GetSysColorBrush
SystemParametersInfoW
LoadImageW
InvalidateRect
ReleaseDC
GetMessageW
CreateDialogParamW
DestroyWindow
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
SetDlgItemTextW
DispatchMessageW
IsDialogMessageW
SetPropW
TranslateMessage
MapDialogRect
GetDlgItem
PostQuitMessage
GetParent
SetForegroundWindow
EndDialog
GetDlgItemInt
SetDlgItemInt
DialogBoxParamW

gdi32

SetBkColor
GetStockObject
DeleteObject
SetBkMode
GetDeviceCaps
CreateFontW
SelectObject
SetTextColor

advapi32

SystemFunction036

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/plugins/OnlineChecks.dll
.dll windows:5 windows x86 arch:x86

7eb18c04e761984313671403452257bb

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:6b:87:84:3c:33:e3:83:2a:76:7e:8c:48:a1:6f:96:85:9a:c9:63:41:d9:4d:2e:ed:f2:c8:5b:0e:5c:a0:7f
Signer

Actual PE Digest

63:6b:87:84:3c:33:e3:83:2a:76:7e:8c:48:a1:6f:96:85:9a:c9:63:41:d9:4d:2e:ed:f2:c8:5b:0e:5c:a0:7f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\OnlineChecks.pdb

Imports

processhacker.exe

_PhRegisterPlugin@12
PhRegisterCallback
PhIndexOfEMenuItem
_PhGetGeneralCallback@4
PhMainWndHandle
PhCreateString
PhGetFileSize
PhQuerySystemTime
PhFormatSize
PhBufferToHexString
PhFormatString
PhAllocate
PhCreateThread
PhCountStringZ
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
_PhGetPhVersion@0
WindowsVersion
PhDeleteAutoPool
PhGetBaseName
PhCreateFileWin32
PhCreateStringEx
PhDrainAutoPool
PhReAllocate
PhInitializeAutoPool
PhCenterWindow
PhConvertUtf16ToAsciiEx
PhFree
PhDeleteStringBuilder
PhZeroExtendToUtf16Ex
PhDereferenceObject
PhShellExecute
PhInsertEMenuItem
_PhPluginCreateEMenuItem@20
PhFindEMenuItem
_PhGetPluginCallback@8

ntdll

RtlNtStatusToDosError
NtClose
NtReadFile
NtSetInformationFile
RtlRandomEx
RtlUnwind

kernel32

LCMapStringW
HeapReAlloc
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
DecodePointer
GetLocaleInfoW
GetLastError
MulDiv
CreateFileW
WriteConsoleW
SetFilePointerEx
CloseHandle
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetSystemInfo
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
RaiseException
SetUnhandledExceptionFilter
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
GetFileType

user32

GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
GetDlgCtrlID
SetPropW
TranslateMessage
GetDlgItem
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
GetParent
SetForegroundWindow
IsIconic
ReleaseDC

gdi32

GetDeviceCaps
SetTextColor
SetBkMode
DeleteObject
CreateFontW

advapi32

SystemFunction036
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/plugins/SbieSupport.dll
.dll windows:5 windows x86 arch:x86

ac5d7667a131f049a9c88e2f0ce087aa

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:7e:32:d7:22:1d:6e:91:68:3c:8b:a6:e3:a2:a9:79:8f:cf:6d:43:eb:95:ff:7f:3c:43:84:bc:fa:3f:b2:35
Signer

Actual PE Digest

69:7e:32:d7:22:1d:6e:91:68:3c:8b:a6:e3:a2:a9:79:8f:cf:6d:43:eb:95:ff:7f:3c:43:84:bc:fa:3f:b2:35

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\SbieSupport.pdb

Imports

processhacker.exe

PhSetFileDialogFilter
PhEnumHashtable
PhfAcquireQueuedLockExclusive
PhGetFileName
_PhGetPluginCallback@8
_PhRegisterPlugin@12
PhRegisterCallback
PhAutoDereferenceObject
_PhUpdateProcessNode@4
_PhSetStringSetting2@8
PhfAcquireQueuedLockShared
PhAddEntryHashtable
PhMainWndHandle
PhInsertEMenuItem
PhShowConfirmMessage
PhfReleaseQueuedLockShared
PhOpenProcess
PhFreeFileDialog
_PhPluginCreateEMenuItem@20
PhShowFileDialog
_PhFindProcessNode@4
PhGetWindowText
PhFindEntryHashtable
PhAppendFormatStringBuilder
PhCreateOpenFileDialog
PhfWakeForReleaseQueuedLock
_PhAddSettings@8
_PhGetStringSetting@4
PhGetFileDialogFileName
PhTerminateProcess
PhSetFileDialogFileName
_PhGetGeneralCallback@4
PhClearHashtable
PhCreateHashtable

ntdll

NtClose
RtlCreateTimerQueue
RtlCreateTimer
LdrGetProcedureAddress
RtlUnwind

kernel32

RaiseException
CreateFileW
DecodePointer
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
LoadLibraryW
HeapAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
GetModuleFileNameW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte

user32

DialogBoxParamW
EndDialog
SetDlgItemTextW
GetDlgItem

advapi32

SystemFunction036

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/plugins/ToolStatus.dll
.dll windows:5 windows x86 arch:x86

3f41780f59b78ef27ce4b4cde955e570

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:93:10:e2:e3:99:3b:67:fa:21:78:83:fb:97:44:0e:26:54:51:91:33:c3:b8:f3:5f:ef:65:c8:b5:c9:e9:01
Signer

Actual PE Digest

48:93:10:e2:e3:99:3b:67:fa:21:78:83:fb:97:44:0e:26:54:51:91:33:c3:b8:f3:5f:ef:65:c8:b5:c9:e9:01

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\ToolStatus.pdb

Imports

uxtheme

OpenThemeData
CloseThemeData
IsThemeActive
GetThemeInt

processhacker.exe

PhSplitStringRefAtChar
PhCenterWindow
PhGlobalDpi
PhRemoveItemList
PhInsertItemList
PhAllocate
PhMainWndHandle
_PhGetIntegerSetting@4
_PhSetIntegerSetting@8
PhAddComboBoxStrings
WindowsVersion
_PhGetStatisticsTimeString@8
_PhGetStatisticsTime@12
PhDereferenceObject
_PhFindProcessRecord@8
PhAutoDereferenceObject
PhFormatString_V
_PhDereferenceProcessRecord@4
PhCopyCircularBuffer_FLOAT
PhGraphStateGetDrawInfo
PhDeleteGraphState
_PhSiSetColorsGraphDrawInfo@12
PhInitializeGraphState
PhDivideSinglesBySingle
PhSystemBasicInformation
PhFormatString
_PhShowProcessRecordDialog@8
PhFormatSize
_PhDeselectAllProcessNodes@0
PhCreateSimpleHashtable
PhSetFlagsEMenuItem
_PhCreateProcessPropContext@8
PhGetOwnTokenAttributes
PhShowMessage
PhCreateAlloc
_PhGetPluginCallback@8
PhReferenceObject
_PhRegisterPlugin@12
_PhReferenceProcessItem@4
_PhGetFilterSupportNetworkTreeList@0
PhDestroyEMenu
_PhDeselectAllServiceNodes@0
_PhGetFilterSupportServiceTreeList@0
PhRegisterCallback
_PhExpandAllProcessNodes@4
PhShowEMenu
PhFindItemSimpleHashtable
_PhApplyTreeNewFilters@4
_PhShowProcessProperties@4
_PhRegisterMessageLoopFilter@8
PhIconToBitmap
_PhAddTreeNewFilter@12
PhReferenceEmptyString
PhLoadIcon
PhCreateString
PhQuerySystemTime
PhClearList
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhStringToInteger64
_PhGetStringSetting@4
_PhSetStringSetting2@8
PhRemoveStringBuilder
PhFinalStringBuilderString
PhFormatUInt64
PhCreateList
PhfReleaseQueuedLockShared
PhDereferenceObjects
PhGetServiceTypeString
PhAddItemList
_PhGetProtocolTypeName@4
PhfAcquireQueuedLockShared
PhFree
PhGetServiceErrorControlString
PhFindStringInStringRef
PhGetServiceStateString
_PhGetProcessPriorityClassString@4
_PhGetTcpStateName@4
PhGetServiceStartTypeString
PhSetImageListBitmap
PhAddItemSimpleHashtable
PhInsertEMenuItem
_PhGetFilterSupportProcessTreeList@0
_PhSetSelectThreadIdProcessPropContext@8
_PhFindProcessNode@4
_PhPluginGetSystemStatistics@4
PhEqualStringRef
PhCreateEMenuItem
PhGetWindowText
_PhUiTerminateProcesses@12
PhConcatStrings2
PhCreateEMenu
PhInvokeCallback
_PhAddSettings@8
_PhGetGeneralCallback@4

kernel32

LCMapStringW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetProcAddress
GetModuleHandleW
SizeofResource
FreeResource
LockResource
LoadResource
FindResourceW
DecodePointer
CreateFileW
RaiseException
CloseHandle

user32

EnableWindow
DialogBoxParamW
GetSysColorBrush
DrawTextW
GetDlgItem
DestroyIcon
GetParent
GetKeyState
GetDC
OffsetRect
GetCapture
RedrawWindow
TrackMouseEvent
PtInRect
GetWindowThreadProcessId
DefWindowProcW
GetWindowRect
GetMenu
SetWindowPos
SetWindowTextW
WindowFromPoint
LoadAcceleratorsW
IsChild
MapWindowPoints
SetFocus
TranslateAcceleratorW
LoadCursorW
SetCapture
GetWindowDC
SetCursor
GetClientRect
ReleaseCapture
SetPropW
GetCursorPos
DestroyWindow
IsWindowVisible
CreateWindowExW
ShowWindow
GetSystemMetrics
SetMenu
DrawMenuBar
InvalidateRect
GetPropW
FillRect
SendMessageW
EndDialog
RemovePropW
FrameRect
GetSysColor
ReleaseDC

gdi32

SetROP2
RestoreDC
Rectangle
BitBlt
SaveDC
CreateSolidBrush
CreateDIBSection
GetTextExtentPoint32W
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
SetTextColor
SetBkMode
GetObjectW
DeleteObject
CreatePen
CreateFontIndirectW

ole32

CoCreateInstance

comctl32

ord412
ImageList_SetImageCount
ord410
ord413
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_Add
ImageList_Replace

ntdll

RtlUnwind

advapi32

SystemFunction036

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/plugins/Updater.dll
.dll windows:5 windows x86 arch:x86

c87b61009338c7192fdd5855a4632125

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:12:79:c4:8a:47:02:8b:fd:84:ad:23:d1:e9:d7:2f:ff:60:d2:23:f3:9f:c0:81:f0:32:28:35:bd:63:af:b6
Signer

Actual PE Digest

be:12:79:c4:8a:47:02:8b:fd:84:ad:23:d1:e9:d7:2f:ff:60:d2:23:f3:9f:c0:81:f0:32:28:35:bd:63:af:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\Updater.pdb

Imports

processhacker.exe

PhMainWndHandle
PhInitializeHash
PhQuerySystemTime
PhOpenKey
PhFormatSize
PhFinalHash
PhBufferToHexString
PhFormatString
PhfWaitForEvent
_mxmlLoadString@12
PhIconToBitmap
PhAllocate
PhVerifyFile
PhCreateThread
PhGetFullPath
_mxmlFindElement@24
PhEqualStringRef
PhConcatStrings2
PhFormatGuid
PhStringToInteger64
WindowsVersion
PhDeleteAutoPool
_PhGetStringSetting@4
PhShowStatus
_PhGetPhVersionNumbers@16
PhUpdateHash
_PhSetStringSetting2@8
PhGenerateGuid
PhCreateFileWin32
PhSplitStringRefAtChar
PhCreateStringEx
PhDrainAutoPool
PhfSetEvent
PhFormatString_V
PhAutoDereferenceObject
PhReAllocate
PhQueryRegistryString
PhInitializeAutoPool
PhCenterWindow
PhFree
PhReferenceObject
_mxmlDelete@4
PhDereferenceObject
PhGetOwnTokenAttributes
PhShellExecute
PhfResetEvent
PhFormatUInt64
_PhSetIntegerSetting@8
PhInsertEMenuItem
_PhPluginCreateEMenuItem@20
_PhAddSettings@8
PhReferenceEmptyString
_PhGetGeneralCallback@4
PhRegisterCallback
_PhGetIntegerSetting@4
_PhRegisterPlugin@12
_PhGetPluginCallback@8
PhConvertUtf8ToUtf16

ntdll

NtWriteFile
NtClose
RtlUnwind

kernel32

ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetModuleHandleExW
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetCurrentThreadId
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
TerminateProcess
CreateFileW
DecodePointer
GetTempPathW
Sleep
GetLastError
MulDiv
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW

user32

SendDlgItemMessageW
GetMessageW
CreateDialogParamW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
RemovePropW
GetSystemMetrics
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
DestroyIcon
GetDlgCtrlID
SetDlgItemTextW
PostMessageW
SetPropW
TranslateMessage
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
GetParent
SetForegroundWindow
LoadImageW
IsIconic
ReleaseDC
EnableWindow
SendMessageW
EndDialog
GetDlgItem
DialogBoxParamW

gdi32

DeleteObject
SetTextColor
GetDeviceCaps
CreateFontW
SetBkMode

shell32

ShellExecuteExW
SHCreateDirectoryExW

advapi32

SystemFunction036

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/plugins/UserNotes.dll
.dll windows:5 windows x86 arch:x86

c0fea95b42632918681f1e715a06203f

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:2e:38:77:3b:d7:31:fa:99:9b:58:5b:17:e6:ae:c9:56:cd:8c:78:93:87:3d:c9:7e:22:0e:b3:48:6f:48:2f
Signer

Actual PE Digest

c8:2e:38:77:3b:d7:31:fa:99:9b:58:5b:17:e6:ae:c9:56:cd:8c:78:93:87:3d:c9:7e:22:0e:b3:48:6f:48:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\UserNotes.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

_PhPluginAddMenuHook@12
PhInitializeLayoutManager
PhInsertEMenuItem
PhMainWndHandle
_PhInvalidateAllProcessNodes@0
PhDeleteLayoutManager
PhFreeFileDialog
_PhPluginCreateEMenuItem@20
PhShowFileDialog
PhFindEntryHashtable
PhDereferenceObject
_mxmlDelete@4
PhEnumHashtable
_mxmlNewOpaque@8
PhfAcquireQueuedLockExclusive
PhConvertUtf8ToUtf16
_mxmlElementSetAttr@12
PhReferenceObject
PhFree
PhInitializeAutoPool
PhAutoDereferenceObject
PhDrainAutoPool
PhInitializeStringBuilder
PhGetWindowText
PhCreateStringEx
PhCreateFileWin32
_PhPropPageDlgProcHeader@24
PhCompareStringRef
PhSetFileDialogFilter
PhFindEMenuItem
PhAppendFormatStringBuilder
_PhGetPluginInformation@4
PhCreateOpenFileDialog
_PhAddSettings@8
_PhGetStringSetting@4
PhGetFileDialogFileName
PhSetFileDialogFileName
_PhGetGeneralCallback@4
_PhFindPlugin@4
_PhSetStringSetting2@8
_PhPluginSetObjectExtension@20
PhSplitStringRefAtChar
_PhAddProcessPropPage@8
_PhGetSelectedProcessItems@8
PhRemoveStringBuilder
_PhPropPageDlgProcDestroy@4
_PhDoPropPageLayout@4
PhFinalStringBuilderString
PhAddLayoutItem
PhFormatString_V
PhProcessModifiedEvent
PhRegisterCallback
ProcessQueryAccess
PhCenterWindow
_PhGetSelectedProcessItem@0
PhConcatStringRef2
_PhPluginAddTreeNewColumn@24
_PhRegisterPlugin@12
_PhGetPluginCallback@8
PhGetFileName
_PhCreateProcessPropPageContextEx@16
PhExpandEnvironmentStrings
_PhPluginGetObjectExtension@12
PhProcessesUpdatedEvent
PhLayoutManagerLayout
_PhDuplicateProcessNodeList@0
_PhAddPropPageLayoutItem@16
PhGetApplicationDirectory
PhIntegerToString64
_mxmlSaveFd@12
PhHashStringRef
PhGetFileSize
_mxmlNewElement@8
PhAllocate
PhGetFullPath
_mxmlLoadFd@12
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhRemoveEntryHashtable
PhAddEntryHashtableEx
PhStringToInteger64
PhfWakeForReleaseQueuedLock
PhDeleteAutoPool
PhReferenceEmptyString
PhCreateHashtable
PhOpenProcess

ntdll

RtlDetermineDosPathNameType_U
NtQueryInformationProcess
NtClose
NtSetInformationProcess
RtlUnwind

user32

MessageBoxW
GetPropW
SendMessageW
EndDialog
RemovePropW
SetDlgItemTextW
SetPropW
SetWindowLongW
GetDlgItem
DialogBoxParamW
EnableWindow
SetWindowTextW

comdlg32

ChooseColorW

shell32

SHCreateDirectoryExW

comctl32

CreatePropertySheetPageW

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WriteConsoleW
CloseHandle
HeapFree
DecodePointer
CreateFileW
RaiseException

advapi32

SystemFunction036

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 32 bit/plugins/WindowExplorer.dll
.dll windows:5 windows x86 arch:x86

7ebf3461dadb4d4949ccc1e2668eaf78

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:62:8e:bc:30:e3:b0:8c:de:bb:47:b0:22:f1:ae:46:7b:35:44:0f:0f:2e:05:e2:cc:00:be:0c:4f:3b:31:d9
Signer

Actual PE Digest

0c:62:8e:bc:30:e3:b0:8c:de:bb:47:b0:22:f1:ae:46:7b:35:44:0f:0f:2e:05:e2:cc:00:be:0c:4f:3b:31:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release32\plugins\WindowExplorer.pdb

Imports

ntdll

NtClose
RtlUnwind
NtResetEvent
RtlInitializeSid
NtCreateSection
NtReleaseMutant
RtlAddAce
NtOpenEvent
NtSetSecurityObject
NtMapViewOfSection
NtWaitForSingleObject
NtOpenSection
RtlCreateSecurityDescriptor
NtUnmapViewOfSection
RtlCreateAcl
NtCreateMutant
NtSetEvent
RtlSubAuthoritySid
NtCreateEvent
RtlSetSaclSecurityDescriptor
NtOpenMutant

kernel32

CreateFileW
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetModuleHandleW
GetProcAddress
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
DecodePointer

user32

GetLayeredWindowAttributes
IsWindowUnicode
GetClassInfoExW
GetClassLongW
SetWindowsHookExW
GetClassNameW
SendNotifyMessageW
UnhookWindowsHookEx
GetWindowLongA
GetKeyState
GetMessageW
GetClassWord
CallWindowProcW
GetMenu
MonitorFromRect
CreateWindowExW
DispatchMessageW
GetWindowInfo
GetMonitorInfoW
GetDlgCtrlID
PeekMessageW
EnumPropsExW
SetDlgItemTextW
MapWindowPoints
TranslateMessage
PostThreadMessageW
CreateDialogParamW
ShowWindowAsync
PostMessageW
FindWindowExW
DestroyWindow
IsWindowVisible
SetWindowPos
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
GetWindowPlacement
ShowWindow
CloseDesktop
SetTimer
RedrawWindow
GetClassLongA
IsWindowEnabled
MoveWindow
SetLayeredWindowAttributes
SetPropW
EnumDesktopWindows
MapDialogRect
SetWindowLongW
GetDlgItem
KillTimer
GetDesktopWindow
OpenDesktopW
SetForegroundWindow
EnableWindow
GetWindowRect
GetSystemMetrics
GetWindowDC
ReleaseDC
EnumDesktopsW
GetProcessWindowStation
GetWindowLongW
GetWindowThreadProcessId
CallNextHookEx
RegisterWindowMessageW

gdi32

SaveDC
SelectObject
GetStockObject
CreatePen
Rectangle
RestoreDC
DeleteObject
SetROP2

advapi32

SystemFunction036

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/ProcessHacker.exe
.exe windows:5 windows x64 arch:x64

3695333c60dedecdcaff1590409aa462

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:a7:55:31:1b:42:8c:20:63:f9:83:05:8d:bf:9e:16:48:d0:0d:5f:ec:4a:df:00:e0:a3:4d:de:e6:39:f6:8b
Signer

Actual PE Digest

33:a7:55:31:1b:42:8c:20:63:f9:83:05:8d:bf:9e:16:48:d0:0d:5f:ec:4a:df:00:e0:a3:4d:de:e6:39:f6:8b

Digest Algorithm

sha256

PE Digest Matches

true

92:53:a6:f7:2e:e0:e3:97:0d:54:57:e0:f0:61:fd:b4:0b:48:4f:18
Signer

Actual PE Digest

92:53:a6:f7:2e:e0:e3:97:0d:54:57:e0:f0:61:fd:b4:0b:48:4f:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\processhacker2\bin\Release64\ProcessHacker.pdb

Imports

ntdll

NtCreateTimer
NtAlertThread
NtSetTimer
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
NtCreateSemaphore
NtQueryObject
NtClearEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlGetVersion
NtDeviceIoControlFile
NtSetInformationObject
NtQueryFullAttributesFile
NtOpenFile
NtQuerySecurityObject
NtOpenSection
NtQueryDirectoryFile
NtCreateFile
NtCreateKey
RtlCreateUserThread
NtQueryDirectoryObject
NtFsControlFile
NtOpenDirectoryObject
RtlPrefixUnicodeString
NtSetSecurityObject
NtOpenProcess
NtQuerySymbolicLinkObject
RtlConvertSidToUnicodeString
NtOpenKey
NtQueueApcThread
NtUnloadDriver
RtlEqualUnicodeString
NtOpenSymbolicLinkObject
RtlQueueApcWow64Thread
NtOpenThread
NtDeleteKey
NtQueryKey
NtQueryValueKey
LdrLoadDll
LdrUnloadDll
LdrGetProcedureAddress
NtGetContextThread
NtQueryInformationFile
NtFlushBuffersFile
NtLockFile
NtUnlockFile
RtlInterlockedPopEntrySList
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
NtAllocateVirtualMemory
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteN
RtlExpandEnvironmentStrings_U
RtlGetDaclSecurityDescriptor
RtlCreateUserProcess
RtlNtStatusToDosError
RtlCreateProcessParameters
NtFilterToken
RtlStringFromGUID
RtlFindMessage
NtQueryAttributesFile
RtlAddAce
RtlDestroyProcessParameters
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlGetAce
RtlRandomEx
NtDuplicateToken
RtlGetFullPathName_U
NtSetInformationToken
NtPowerInformation
NtTestAlert
NtOpenThreadToken
RtlTimeToSecondsSince1980
RtlEqualSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlFirstEntrySList
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
RtlAbsoluteToSelfRelativeSD
RtlLengthSid
NtCreateSection
NtQueryMutant
NtSuspendThread
NtQueryInformationProcess
NtRemoveProcessDebug
NtTerminateThread
NtResumeProcess
NtReleaseSemaphore
NtSetHighEventPair
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlSecondsSince1970ToTime
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
NtSetInformationFile
NtQueryInformationToken
NtCreateMutant
NtOpenProcessToken
NtAdjustPrivilegesToken
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtMapViewOfSection
NtQuerySection
RtlSetHeapInformation
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlQueryEnvironmentVariable_U
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
NtSetValueKey
RtlDetermineDosPathNameType_U
NtDeleteValueKey
NtAddAtom
RtlGUIDFromString
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtDelayExecution
NtSetInformationThread
NtFreeVirtualMemory

winsta

WinStationSendMessageW
WinStationShadow
WinStationGetAllProcesses
WinStationFreeGAPMemory
WinStationRegisterConsoleNotification
WinStationQueryInformationW
WinStationFreeMemory
WinStationEnumerateW
WinStationReset
WinStationDisconnect
WinStationConnectW

comctl32

PropertySheetW
InitCommonControlsEx
CreatePropertySheetPageW
ImageList_Remove
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ImageList_Replace

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

uxtheme

IsThemeActive
GetThemeInt
SetWindowTheme
CloseThemeData
DrawThemeBackground
OpenThemeData
IsThemePartDefined
EnableThemeDialogTexture

kernel32

GetProcAddress
GetModuleHandleW
CreatePipe
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateProcessW
SetConsoleCtrlHandler
FreeConsole
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
GetACP
GetStdHandle
WriteFile
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
IsValidCodePage
GetOEMCP
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
CreateFileW
GetConsoleCP
GetConsoleMode
GlobalSize
LocalAlloc
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
GlobalFree
GlobalAlloc
LockResource
SizeofResource
CreateRemoteThread
CreateThread
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
WriteConsoleW
GetSystemDefaultLangID
GetSystemDirectoryW
GetLocaleInfoW
GetUserDefaultLangID
SearchPathW
LocalFree
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
ExitProcess
SetErrorMode
GetTickCount
AllocConsole
GetConsoleWindow
SetFilePointerEx
FlushFileBuffers
ReadFile
ReadConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
GetLastError

user32

SetClipboardData
GetDesktopWindow
CreateDialogIndirectParamW
GetWindowTextW
InternalGetWindowText
EmptyClipboard
CloseClipboard
OpenClipboard
GetActiveWindow
GetFocus
GetWindowLongW
DestroyMenu
TrackPopupMenu
CreatePopupMenu
InsertMenuItemW
EndPaint
BeginPaint
ReleaseCapture
PtInRect
SetScrollPos
ShowCaret
EnableScrollBar
SetCapture
DestroyCaret
DragDetect
GetClipboardData
CreateCaret
SetCaretPos
GetScrollInfo
RegisterClipboardFormatW
SetScrollInfo
GetDCEx
ScreenToClient
SetCursorPos
ScrollWindowEx
GetUpdateRect
GetMessageTime
DrawFocusRect
GetCapture
GetAsyncKeyState
InvalidateRgn
WaitMessage
MessageBeep
GetMessagePos
GetUpdateRgn
GetIconInfo
FrameRect
DialogBoxParamW
SetDlgItemTextW
EndDialog
LockWorkStation
ExitWindowsEx
SendMessageW
IsWindowVisible
EnableWindow
GetParent
GetDlgItem
SetPropW
IsWindowEnabled
RemovePropW
GetPropW
GetClassNameW
GetWindowThreadProcessId
IsIconic
InvalidateRect
SetForegroundWindow
GetClientRect
FindWindowW
SetLayeredWindowAttributes
MoveWindow
ClientToScreen
GetMonitorInfoW
GetWindowInfo
RedrawWindow
ShowWindow
GetSubMenu
GetWindowPlacement
GetWindowLongPtrW
SetWindowLongPtrW
GetMenuItemCount
MonitorFromRect
SetWindowPos
GetMenu
FindWindowExW
PostMessageW
GetKeyState
GetMenuItemInfoW
MapWindowPoints
SetWindowTextW
GetWindowRect
MapDialogRect
DestroyIcon
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
SetCursor
LoadCursorW
CreateDialogParamW
GetSysColorBrush
GetSysColor
CopyIcon
SetDlgItemInt
SetTimer
DestroyWindow
ReleaseDC
SystemParametersInfoW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
DispatchMessageW
LoadAcceleratorsW
GetSystemMetrics
GetDC
SendMessageTimeoutW
GetMessageW
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
AppendMenuW
EndDeferWindowPos
DrawMenuBar
LoadIconW
SetFocus
SetMenuInfo
SetMenuItemInfoW
BeginDeferWindowPos
IsWindow
RegisterClassExW
CreateWindowExW
ShowWindowAsync
LoadMenuW
DefWindowProcW
DeferWindowPos
GetCursorPos
DrawIconEx
DrawTextW
TrackMouseEvent
IsHungAppWindow
SetActiveWindow
MonitorFromWindow
MonitorFromPoint
CallWindowProcW
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
FillRect
GetDlgItemInt
GetGuiResources
GetWindowTextLengthW
OpenWindowStationW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
CloseWindowStation
EnumDesktopsW
GetGUIThreadInfo
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW

gdi32

GetDIBits
SaveDC
TextOutW
GetCharWidthW
Rectangle
SetBkMode
BitBlt
DeleteDC
CreateDIBSection
SetBoundsRect
GetStockObject
Polyline
SetDCBrushColor
SetDCPenColor
SelectObject
GetTextMetricsW
GetTextExtentPoint32W
GetTextColor
DeleteObject
CreateFontW
GetDeviceCaps
SetTextColor
SetBkColor
GetObjectW
CreateFontIndirectW
CreateRectRgn
SelectClipRgn
ExcludeClipRect
RestoreDC
CombineRgn
IntersectClipRect
GdiAlphaBlend
CreateCompatibleDC
CreateCompatibleBitmap
GetClipRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
ChooseColorW

advapi32

SystemFunction036
SetSecurityInfo
LsaLookupSids
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaOpenPolicy
LsaLookupPrivilegeName
EnumServicesStatusExW
QueryServiceConfigW
CreateProcessWithLogonW
LsaOpenAccount
LsaEnumeratePrivilegesOfAccount
LogonUserW
CreateProcessAsUserW
QueryServiceConfig2W
OpenServiceW
RegisterServiceCtrlHandlerExW
LsaEnumerateAccounts
LsaFreeMemory
SetServiceStatus
StartServiceCtrlDispatcherW
CreateServiceW
OpenSCManagerW
ChangeServiceConfig2W
ChangeServiceConfigW
LsaAddAccountRights
LsaClose
CloseServiceHandle
DeleteService
ControlService
StartServiceW
GetSecurityInfo

shell32

DuplicateIcon
SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
ExtractIconExW

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

Exports

Exports

PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateEMenu
PhCreateEMenuItem
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateKey
PhCreateList
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhDecodeUnicodeDecoder
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDoPropPageLayout
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseName
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDllFileName
PhGetDrawInfoGraphBuffers
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetMessage
PhGetModuleFromAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPhVersion
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginInformation
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPriorityClassString
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetScalableIntegerPairSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHashBytes
PhHashStringRef
PhHeapHandle
PhHexStringToBuffer
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeStringBuilder
PhInitializeTreeNewColumnMenu
PhInitializeTreeNewFilterSupport
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInjectDllProcess
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvalidateAllProcessNodes
PhInvokeCallback
PhIsExecutablePacked
PhIsExecutingInWow64
PhLayoutManagerLayout
PhLibImageBase
PhListenNamedPipe
PhLoadIcon
PhLoadListViewColumnSettings
PhLoadListViewColumnsFromSetting
PhLoadModuleSymbolProvider
PhLoadResourceEMenuItem
PhLoadSymbolProviderOptions
PhLoadWindowPlacementFromSetting
PhLocalTimeToSystemTime
PhLockFileStream
PhLogMessageEntry
PhLoggedCallback
PhLookupMemoryItemList
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhLowerBoundElementAvlTree
PhLowerDualBoundElementAvlTree
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhModalPropertySheet
PhModifyEMenuItem
PhNetworkItemAddedEvent
PhNetworkItemModifiedEvent
PhNetworkItemRemovedEvent
PhNetworkItemsUpdatedEvent
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPluginAddMenuHook
PhPluginAddMenuItem
PhPluginAddTreeNewColumn
PhPluginCallPhSvc
PhPluginCreateEMenuItem
PhPluginEnableTreeNewNotify
PhPluginGetObjectExtension
PhPluginGetSystemStatistics
PhPluginQueryPhSvc
PhPluginRegisterIcon
PhPluginReserveIds
PhPluginSetObjectExtension
PhPredecessorElementAvlTree
PhPrintTimeSpan
PhProcessAddedEvent
PhProcessModifiedEvent
PhProcessRemovedEvent
PhProcessesUpdatedEvent
PhPropPageDlgProcDestroy
PhPropPageDlgProcHeader
PhQueryFullAttributesFileWin32
PhQueryKey
PhQueryMemoryItemList
PhQueryRegistryString
PhQueryServiceVariableSize
PhQuerySystemTime
PhQueryTimeZoneBias
PhQueryValueKey
PhQueueItemWorkQueue
PhQueueItemWorkQueueEx
PhReAllocate
PhReAllocateSafe
PhReadFileStream
PhReferenceEmptyString
PhReferenceNetworkItem
PhReferenceObject
PhReferenceObjectEx
PhReferenceObjectSafe
PhReferenceObjects
PhReferenceProcessItem
PhReferenceProcessItemForParent
PhReferenceProcessItemForRecord
PhReferenceProcessRecord
PhReferenceProcessRecordForStatistics
PhReferenceProcessRecordSafe
PhReferenceServiceItem
PhRegisterCallback
PhRegisterCallbackEx
PhRegisterDialog
PhRegisterMessageLoopFilter
PhRegisterPlugin
PhRemoveAllEMenuItems
PhRemoveEMenuItem
PhRemoveElementAvlTree
PhRemoveEntryHashtable
PhRemoveItemArray
PhRemoveItemList
PhRemoveItemPointerList

Sections

.text
Size: 1023KB - Virtual size: 1023KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/ProcessHacker.sig
PHacker 64 bit/kprocesshacker.sys
.sys windows:6 windows x64 arch:x64

3905de10e3379fd2be8de512a33433a3

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:e2:a5:6c:15:92:ff:0e:95:1b:45:2c:0d:e0:64:eb:a0:5b:7c:98:e3:ad:d0:4c:8a:a3:b4:a8:4e:b7:97:a5
Signer

Actual PE Digest

4e:e2:a5:6c:15:92:ff:0e:95:1b:45:2c:0d:e0:64:eb:a0:5b:7c:98:e3:ad:d0:4c:8a:a3:b4:a8:4e:b7:97:a5

Digest Algorithm

sha256

PE Digest Matches

true

c2:b8:c1:b3:4f:09:a9:1e:fe:19:6f:64:6e:f7:f9:a1:11:90:fb:8e
Signer

Actual PE Digest

c2:b8:c1:b3:4f:09:a9:1e:fe:19:6f:64:6e:f7:f9:a1:11:90:fb:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\projects\processhacker2\kprocesshacker\bin\amd64\kprocesshacker.pdb

Imports

ntoskrnl.exe

SePrivilegeCheck
ZwOpenKey
ProbeForRead
RtlGetVersion
PsProcessType
ObOpenObjectByName
ObGetObjectType
PsReleaseProcessExitSynchronization
ZwQueryObject
RtlEqualUnicodeString
KeUnstackDetachProcess
ExEnumHandleTable
ObQueryNameString
IoFileObjectType
IoDriverObjectType
ExfUnblockPushLock
ObReferenceObjectByHandle
PsAcquireProcessExitSynchronization
PsInitialSystemProcess
ObSetHandleAttributes
ZwQueryInformationProcess
ObfDereferenceObject
ExAllocatePoolWithQuotaTag
ZwQueryInformationThread
ObOpenObjectByPointer
KeStackAttachProcess
PsLookupProcessByProcessId
PsJobType
PsReferencePrimaryToken
SeTokenObjectType
IoCreateDevice
PsGetProcessJob
PsLookupProcessThreadByCid
ZwTerminateProcess
PsDereferencePrimaryToken
IoThreadToProcess
RtlWalkFrameChain
KeInitializeApc
KeSetEvent
KeInsertQueueApc
KeWaitForSingleObject
PsThreadType
PsLookupThreadByThreadId
ZwQuerySystemInformation
ZwQueryVirtualMemory
ExReleaseFastMutex
ExAcquireFastMutex
ZwReadFile
MmHighestUserAddress
SeLocateProcessImageName
KeDelayExecutionThread
ZwCreateFile
RtlRandomEx
ZwQueryInformationFile
MmUnmapLockedPages
ExRaiseStatus
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
MmUnlockPages
MmIsAddressValid
KeBugCheckEx
PsGetCurrentProcessId
IofCompleteRequest
ZwClose
ZwQueryValueKey
KeInitializeEvent
ProbeForWrite
IoDeleteDevice
RtlInitUnicodeString
ExFreePoolWithTag
IoGetCurrentProcess
ExAllocatePoolWithTag
__C_specific_handler

ksecdd.sys

BCryptCreateHash
BCryptDestroyKey
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptVerifySignature
BCryptFinishHash
BCryptHashData
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/peview.exe
.exe windows:5 windows x64 arch:x64

c79e8e2893e86218fc71412598f61209

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:f2:7d:9e:d8:b6:a3:b2:06:54:33:86:12:c1:5b:30:f2:48:51:de:6d:67:2e:be:9e:6f:09:45:a7:18:2e:95
Signer

Actual PE Digest

92:f2:7d:9e:d8:b6:a3:b2:06:54:33:86:12:c1:5b:30:f2:48:51:de:6d:67:2e:be:9e:6f:09:45:a7:18:2e:95

Digest Algorithm

sha256

PE Digest Matches

true

37:21:29:3d:d3:ab:8a:e6:86:2f:eb:46:10:ad:54:e5:f4:37:36:22
Signer

Actual PE Digest

37:21:29:3d:d3:ab:8a:e6:86:2f:eb:46:10:ad:54:e5:f4:37:36:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\processhacker2\bin\Release64\peview.pdb

Imports

ntdll

NtCreateFile
RtlRaiseStatus
RtlInterlockedPushEntrySList
RtlInitializeSListHead
NtQueryInformationFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
NtSetEvent
NtCreateEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
NtReleaseSemaphore
NtCreateSemaphore
NtSetInformationThread
NtMapViewOfSection
NtCreateSection
RtlCreateHeap
RtlGetVersion
NtQuerySystemInformation
NtAddAtom
LdrGetProcedureAddress
NtWaitForSingleObject
RtlNtStatusToDosError
RtlFindMessage
NtClose
RtlDosPathNameToNtPathName_U
NtUnmapViewOfSection
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlSecondsSince1970ToTime

uxtheme

SetWindowTheme
EnableThemeDialogTexture

kernel32

GetOEMCP
IsValidCodePage
GetCPInfo
GetFileType
HeapAlloc
HeapFree
GetModuleHandleExW
WideCharToMultiByte
WriteFile
GetStdHandle
GetACP
MultiByteToWideChar
GetStringTypeW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
IsValidLocale
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
ExitProcess
SetLastError
GlobalUnlock
GlobalLock
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
RaiseException
CreateFileW
InitializeCriticalSectionAndSpinCount
GlobalFree
GlobalAlloc
GetDateFormatW
GetModuleHandleW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsSetValue
TlsAlloc
TlsGetValue
CreateThread
GetUserDefaultLangID
GetLocaleInfoW
GetSystemDefaultLangID
GetLastError
LoadLibraryW
GetProcAddress

user32

GetWindowLongPtrW
RemovePropW
SetPropW
CallWindowProcW
SetCursor
GetPropW
GetParent
GetDlgItem
SendMessageW
ReleaseDC
GetDC
GetKeyState
SetDlgItemTextW
ShowWindow
SetWindowLongPtrW
PostMessageW
MoveWindow
GetMonitorInfoW
MonitorFromWindow
MessageBoxW
GetWindowRect
InvalidateRect
GetClientRect
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowPos

gdi32

SelectObject
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SystemFunction036

shell32

SHGetFileInfoW
SHGetFolderPathW
ExtractIconExW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

comctl32

CreatePropertySheetPageW
PropertySheetW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/plugins/DotNetTools.dll
.dll windows:5 windows x64 arch:x64

c3f8d8cddba6c99a5f0f2ab21f6f89f6

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:d1:3b:7e:d5:8e:62:ea:4f:24:d2:32:52:43:00:ee:a3:ed:be:ad:33:dd:5d:6f:de:3e:a1:9b:cf:da:a9:76
Signer

Actual PE Digest

18:d1:3b:7e:d5:8e:62:ea:4f:24:d2:32:52:43:00:ee:a3:ed:be:ad:33:dd:5d:6f:de:3e:a1:9b:cf:da:a9:76

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\DotNetTools.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

PhfWakeForReleaseQueuedLock
PhRemoveItemSimpleHashtable
PhAddItemSimpleHashtable
PhPluginQueryPhSvc
PhPluginCallPhSvc
PhPluginGetObjectExtension
PhPluginAddTreeNewColumn
PhUiDisconnectFromPhSvc
PhUiConnectToPhSvcEx
PhFindItemSimpleHashtable
PhfAcquireQueuedLockExclusive
PhCreateSimpleHashtable
PhFormatToBuffer
PhFormatSize
PhSetListViewSubItem
PhAddListViewColumn
PhLoadListViewColumnsFromSetting
PhUnregisterCallback
PhSaveListViewColumnsToSetting
PhAddPropPageLayoutItem
PhHandleListViewNotifyForCopy
PhAddListViewItem
PhAddComboBoxStrings
PhSetIntegerSetting
PhGetIntegerSetting
PhFormatUInt64
PhGetProcessIsDotNet
PhAddSettings
PhGetGeneralCallback
PhPluginSetObjectExtension
PhRegisterCallback
PhRegisterPlugin
PhGetPluginCallback
PhSetFlagsEMenuItem
PhGetProcessIsSuspended
PhDereferenceObject
PhAppendStringBuilder2
PhShowMessage
PhEnumProcesses
PhCreateProcessPropPageContextEx
WindowsVersion
PhFormatString_V
PhAutoDereferenceObject
PhEnumProcessModules
PhGetSystemRoot
PhOpenProcess
PhfEndInitOnce
ProcessQueryAccess
PhOpenThread
PhConcatStringRef2
PhEnumProcessModules32
PhfBeginInitOnce
PhFindLastCharInStringRef
PhCreateList
PhCreateString
PhGetTreeNewText
PhSetControlTheme
PhFormatString
PhAllocate
PhCreateThread
PhFindProcessInformation
PhLoadResourceEMenuItem
PhCountStringZ
PhInitializeStringBuilder
PhCmLoadSettings
PhPropPageDlgProcHeader
PhCompareStringRef
PhConcatStrings2
PhCreateEMenu
PhAddItemList
PhGetWin32Message
PhShellExploreFile
PhGetStringSetting
PhSetClipboardString
PhGetProcessIsDotNetEx
PhSetStringSetting2
PhSplitStringRefAtChar
PhAddProcessPropPage
PhRemoveStringBuilder
PhCreateStringEx
PhPropPageDlgProcDestroy
PhDoPropPageLayout
PhFinalStringBuilderString
PhShowEMenu
PhDestroyEMenu
PhFree
PhConcatStrings
PhCmSaveSettings
PhReferenceObject

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtMapViewOfSection
NtOpenSection
NtUnmapViewOfSection
RtlFreeSid
NtDuplicateObject
NtQueryInformationToken
RtlAllocateAndInitializeSid
NtReleaseMutant
NtOpenProcessToken
RtlNtStatusToDosError
NtReadVirtualMemory
NtQueryInformationProcess
RtlEqualUnicodeString
LdrGetProcedureAddress
NtGetContextThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtClose
LdrGetDllHandle

kernel32

IsValidCodePage
LCMapStringW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
GetACP
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsFree
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
RaiseException

user32

GetKeyState
PostMessageW
SendMessageW
IsWindow
GetDlgItem
InvalidateRect

advapi32

SystemFunction036
ControlTraceW
CloseTrace
ProcessTrace
StartTraceW
OpenTraceW

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/plugins/ExtendedNotifications.dll
.dll windows:5 windows x64 arch:x64

acd7837a0f8690fa4b5ada849f2560b0

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:82:37:af:a7:21:13:1c:c7:61:7c:30:ee:46:fb:f5:86:34:2a:d2:85:14:18:36:38:8c:60:c0:b5:1a:83:d5
Signer

Actual PE Digest

e8:82:37:af:a7:21:13:1c:c7:61:7c:30:ee:46:fb:f5:86:34:2a:d2:85:14:18:36:38:8c:60:c0:b5:1a:83:d5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ExtendedNotifications.pdb

Imports

processhacker.exe

PhCreateSaveFileDialog
PhRegisterCallback
PhAutoDereferenceObject
PhFormatLogEntry
PhWriteStringFormatAsUtf8FileStream
PhCreateFileStream
PhGetStringSetting
PhLoggedCallback
PhFree
PhAllocateSafe
PhReferenceProcessItemForParent
PhCreateList
PhFreeFileDialog
PhAllocate
PhShowFileDialog
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhInsertItemList
PhClearList
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhSetFileDialogFilter
PhAddItemList
PhAddSettings
PhRemoveItemList
PhGetFileDialogFileName
PhSetFileDialogFileName
PhGetGeneralCallback
PhFormatDateTime
PhSetStringSetting2
PhGetGlobalWorkQueue
PhQueueItemWorkQueue
PhFinalStringBuilderString
PhFormatString_V
PhSetIntegerSetting
PhAppendCharStringBuilder
PhMatchWildcards
PhGetIntegerSetting
PhRegisterPlugin
PhReferenceObject
PhAppendStringBuilderEx
PhGetPluginCallback
PhDeleteStringBuilder
PhGetFileName
PhConvertUtf8ToUtf16
PhDereferenceObject
PhFindCharInStringRef
PhModalPropertySheet
PhDuplicateBytesZSafe

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx

user32

SendMessageW
SetWindowLongPtrW
EnableWindow
GetParent
GetDlgItem
SetDlgItemTextW

comctl32

ord412
ord410
ord413
CreatePropertySheetPageW

kernel32

HeapSize
WriteConsoleW
FlushFileBuffers
CreateFileW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapReAlloc
GetConsoleCP
WriteFile
SetStdHandle
GetACP
CloseHandle
LCMapStringW
GetFileType
GetStdHandle
GetConsoleMode
SetFilePointerEx
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

advapi32

SystemFunction036

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/plugins/ExtendedServices.dll
.dll windows:5 windows x64 arch:x64

8077acd95550e90db0afd6fb1689e912

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:c6:d2:e6:47:62:90:08:e5:8a:72:2f:24:20:8c:fa:c2:6c:56:a6:72:47:7b:f2:16:70:b8:40:56:4b:c3:2f
Signer

Actual PE Digest

0e:c6:d2:e6:47:62:90:08:e5:8a:72:2f:24:20:8c:fa:c2:6c:56:a6:72:47:7b:f2:16:70:b8:40:56:4b:c3:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ExtendedServices.pdb

Imports

processhacker.exe

PhQueryRegistryString
PhReAllocate
PhFinalStringBuilderString
PhReferenceEmptyString
PhDeleteAutoPool
PhInitializeAutoPool
PhGetSelectedListViewItemParam
PhClearList
PhFormatString
PhConcatStringRef2
PhAppendStringBuilderEx
PhCreateAlloc
PhOpenKey
PhCreateString
PhFreeFileDialog
PhShowFileDialog
PhSetFileDialogFilter
PhCreateOpenFileDialog
PhGetComboBoxString
PhCreateServiceListControl
PhGetFileDialogFileName
PhSetFileDialogFileName
PhCenterWindow
PhaChoiceDialog
PhGetNtMessage
PhSetListViewSubItem
PhLookupPrivilegeDisplayName
PhSetControlTheme
PhQueryServiceVariableSize
PhDereferenceObjects
PhFindIntegerSiKeyValuePairs
PhEqualStringRef
PhSelectComboBoxString
PhSetExtendedListView
PhInitializeStringBuilder
PhGetWindowText
PhAddListViewColumn
PhRemoveItemList
PhSidToStringSid
PhRemoveListViewItem
PhUiDisconnectFromPhSvc
PhUiConnectToPhSvc
PhCreateStringEx
PhGetListViewItemParam
PhFindItemList
PhFindStringSiKeyValuePairs
PhAddListViewItem
PhSvcCallChangeServiceConfig2
PhAddComboBoxStrings
PhAppendCharStringBuilder
PhDeleteStringBuilder
PhNtStatusToDosError
PhOpenLsaPolicy
PhShowMessage
PhAppendStringBuilder
PhDereferenceObject
PhGetOwnTokenAttributes
PhSetIntegerSetting
PhMainWndHandle
PhInsertEMenuItem
PhUiContinueService
PhUiStopService
PhfReleaseQueuedLockShared
PhEscapeStringForMenuPrefix
PhPluginCreateEMenuItem
PhCompareStringRef
PhFindEMenuItem
PhDestroyEMenuItem
PhAddSettings
WindowsVersion
PhShowStatus
PhGetGeneralCallback
PhfAcquireQueuedLockShared
PhIndexOfEMenuItem
PhFormatString_V
PhRegisterCallback
PhGetIntegerSetting
PhUiStartService
PhRegisterPlugin
PhReferenceObject
PhGetPluginCallback
PhUiPauseService
PhCreateList
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhOpenService
PhCountStringZ
PhConcatStrings2
PhAddItemList
PhGetWin32Message
PhReferenceServiceItem
PhGetServiceConfig
PhAddLayoutItem
PhAutoDereferenceObject
PhFree
PhLayoutManagerLayout
PhFormatGuid

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
NtClose
NtEnumerateKey
RtlGUIDFromString
RtlUnwindEx
RtlCaptureContext

kernel32

HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
HeapAlloc
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
GetComputerNameW
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError
WriteConsoleW
CreateFileW
RaiseException
IsValidCodePage

user32

DialogBoxParamW
SetPropW
MoveWindow
MapWindowPoints
IsWindowEnabled
GetWindowTextLengthW
GetWindowLongPtrW
SetTimer
GetParent
SetWindowLongPtrW
GetDlgItemInt
SetDlgItemInt
EnableWindow
EndDialog
GetDlgItem
SendMessageW
GetWindowRect
GetPropW
RemovePropW
ShowWindow
SetDlgItemTextW

advapi32

SystemFunction036
CloseServiceHandle
LsaEnumeratePrivileges
LsaClose
QueryServiceConfig2W
ChangeServiceConfig2W
LsaFreeMemory
QueryServiceStatus
EnumDependentServicesW

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/plugins/ExtendedTools.dll
.dll windows:5 windows x64 arch:x64

9d757d0f8f00e9133c716e8e21d6b1b0

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:fb:f7:93:ea:ca:63:85:bc:18:c6:65:cf:d4:0f:5f:96:9b:53:7f:7e:82:32:92:d4:5b:b4:97:0a:2f:4b:cc
Signer

Actual PE Digest

b9:fb:f7:93:ea:ca:63:85:bc:18:c6:65:cf:d4:0f:5f:96:9b:53:7f:7e:82:32:92:d4:5b:b4:97:0a:2f:4b:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ExtendedTools.pdb

Imports

processhacker.exe

PhDeleteCircularBuffer_FLOAT
PhCreateProcessPropPageContextEx
PhSetGraphText
PhDoPropPageLayout
PhPropPageDlgProcDestroy
PhAddProcessPropPage
PhAddLayoutItemEx
PhGlobalDpi
PhDeleteCircularBuffer_ULONG
PhSiSetColorsGraphDrawInfo
PhPropPageDlgProcHeader
PhPrintTimeSpan
PhDivideSinglesBySingle
PhApplicationFont
PhFormatSize
PhGetStatisticsTime
PhAppendStringBuilder
PhAppendStringBuilder2
PhGetDrawInfoGraphBuffers
PhFindProcessRecord
PhFinalStringBuilderString
PhRemoveStringBuilder
PhInitializeStringBuilder
PhPluginRegisterIcon
PhDrawGraphDirect
PhfBeginInitOnce
PhPluginAddTreeNewColumn
PhfEndInitOnce
PhPluginEnableTreeNewNotify
PhNetworkItemsUpdatedEvent
PhEnumProcesses
PhFindNetworkNode
PhReferenceNetworkItem
PhInitializeCircularBuffer_ULONG64
PhSiSizeLabelYFunction
PhDeleteCircularBuffer_ULONG64
PhInitializeGraphState
PhGetPluginCallback
PhRegisterPlugin
PhIndexOfEMenuItem
PhPluginSetObjectExtension
PhGetGeneralCallback
PhAddSettings
PhPluginCreateEMenuItem
PhInsertEMenuItem
PhCreateServiceListControl
PhShowStatus
PhReferenceServiceItem
PhCreateSymbolProvider
PhCreateAlloc
PhEnumGenericModules
PhLoadSymbolProviderOptions
PhGetSymbolFromAddress
PhOpenProcess
PhLoadModuleSymbolProvider
PhOpenThread
PhShowConfirmMessage
PhFormatDateTime
PhAddListViewItem
PhHandleListViewNotifyForCopy
PhAllocateSafe
PhAddListViewColumn
PhSetExtendedListView
PhSetListViewSubItem
PhCopyStringZ
PhFindListViewItemByParam
PhFindItemSimpleHashtable
PhQueueItemWorkQueue
PhGetGlobalWorkQueue
PhGetBaseName
PhSystemBasicInformation
PhGetModuleFromAddress
PhAddItemSimpleHashtable
PhAddPropPageLayoutItem
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhCopyCircularBuffer_FLOAT
PhAddLayoutItem
PhCenterWindow
PhLayoutManagerLayout
PhGetStatisticsTimeString
PhBufferToHexString
PhCountStringZ
PhInitializeCircularBuffer_ULONG
PhHexStringToBuffer
PhSetIntegerSetting
PhInitializeCircularBuffer_FLOAT
PhReferenceProcessRecordForStatistics
PhFormatString
PhFormatString_V
PhCreateThread
WindowsVersion
PhHashStringRef
PhfReleaseQueuedLockShared
PhCreateObjectType
PhEqualStringRef
PhAddEntryHashtableEx
PhfWakeForReleaseQueuedLock
PhInvokeCallback
PhAllocateFromFreeList
PhfAcquireQueuedLockShared
PhInitializeFreeList
PhDereferenceProcessRecord
PhCreateObject
PhReferenceProcessItem
PhGetFileName
PhfAcquireQueuedLockExclusive
PhFreeToFreeList
PhProcessesUpdatedEvent
PhReferenceProcessRecord
PhCreateSimpleHashtable
PhAddEntryHashtable
PhGetStockApplicationIcon
PhMainWndHandle
PhCreateList
PhShellProcessHacker
PhCreateString
PhGetTreeNewText
PhShowProcessRecordDialog
PhFormat
PhInitializeTreeNewFilterSupport
PhSetControlTheme
PhAllocate
PhFindProcessNode
PhLoadResourceEMenuItem
PhSetIntegerPairSetting
PhRemoveEntryHashtable
PhSetFlagsAllEMenuItems
PhCmLoadSettings
PhCompareStringRef
PhDeleteTreeNewColumnMenu
PhFindEMenuItem
PhCreateEMenu
PhGetPluginInformation
PhAddItemList
PhReferenceProcessItemForRecord
PhShellExploreFile
PhGetStringSetting
PhHandleTreeNewColumnMenu
PhInitializeTreeNewColumnMenu
PhRemoveItemList
PhSetClipboardString
PhAddTreeNewFilter
PhApplyTreeNewFiltersToNode
PhGetIntegerPairSetting
PhCreateHashtable
PhFindPlugin
PhSetStringSetting2
PhFormatUInt64
PhInitializeLayoutManager
PhUnregisterCallback
PhDeleteLayoutManager
PhCreateStringEx
PhApplyTreeNewFilters
PhFindItemList
PhShowEMenu
PhAutoDereferenceObject
PhRegisterCallback
PhSelectAndEnsureVisibleProcessNode
PhGetIntegerSetting
PhDestroyEMenu
PhFree
PhCmSaveSettings
PhReferenceObject
PhWriteStringAsUtf8FileStream
PhShowMessage
PhGetGenericTreeNewLines
PhShellProperties
PhDereferenceObject
PhGetOwnTokenAttributes
PhWriteStringAsUtf8FileStream2
PhFindEntryHashtable
PhPluginGetObjectExtension
PhSetFlagsEMenuItem

ntdll

NtAlpcQueryInformation
RtlInterlockedPushEntrySList
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationProcess
NtQueryInformationProcess
RtlGetUnloadEventTraceEx
NtReadVirtualMemory
RtlSecondsSince1970ToTime
NtCancelSynchronousIoFile
NtDuplicateObject
RtlUnwindEx
NtQueryInformationWorkerFactory
RtlClearAllBits
RtlSetBits
RtlNumberOfSetBits
RtlInitializeBitMap
LdrGetDllHandle
LdrGetProcedureAddress
NtClose
RtlInterlockedFlushSList
NtQueryPerformanceCounter
RtlInitializeSListHead

kernel32

GetLastError
RaiseException
GetSystemTimeAsFileTime
GetSystemInfo
IsDebuggerPresent
GetStartupInfoW
VirtualProtect
VirtualQuery
GetModuleFileNameW
FreeLibrary
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleW
LocalFree
GetProcAddress
Sleep
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
GetCurrentThreadId

user32

InvalidateRect
GetSysColorBrush
GetDlgItem
SetCursor
LoadCursorW
SetTimer
EnableWindow
MoveWindow
CopyIcon
DestroyIcon
DestroyWindow
GetPropW
RemovePropW
SetPropW
DeferWindowPos
GetWindowRect
SetWindowPos
EndDialog
GetSystemMetrics
BeginDeferWindowPos
MapWindowPoints
EndDeferWindowPos
MapDialogRect
GetClientRect
GetParent
DialogBoxParamW
CreateDialogParamW
GetKeyState
PostMessageW
CreateWindowExW
SendMessageW
ShowWindow
SetDlgItemTextW
SetFocus

gdi32

SelectObject
SetBkMode

advapi32

SystemFunction036
StartTraceW
OpenTraceW
ControlTraceW
EnableTraceEx
CloseTrace
ProcessTrace

ole32

CoCreateInstance

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/plugins/HardwareDevices.dll
.dll windows:5 windows x64 arch:x64

119abb51b3de6c8e65225ee81e503143

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:cc:af:aa:0c:e9:3b:13:cb:33:66:28:b5:60:42:62:f7:62:68:a1:6c:43:40:48:f6:48:0d:33:e2:b9:8c:e7
Signer

Actual PE Digest

f1:cc:af:aa:0c:e9:3b:13:cb:33:66:28:b5:60:42:62:f7:62:68:a1:6c:43:40:48:f6:48:0d:33:e2:b9:8c:e7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\HardwareDevices.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

PhReAllocate
PhSystemBasicInformation
PhDereferenceObject
PhfAcquireQueuedLockExclusive
PhReferenceObject
PhCreateObject
PhGetIntegerSetting
PhFindItemList
PhReferenceObjectSafe
PhfAcquireQueuedLockShared
PhInitializeCircularBuffer_ULONG64
PhRemoveItemList
WindowsVersion
PhAddItemList
PhGetOwnTokenAttributes
PhStringToInteger64
PhConcatStrings_V
PhCreateFileWin32
PhInsertEMenuItem
PhTrimStringRef
PhCreateEMenuItem
PhCreateEMenu
PhfWakeForReleaseQueuedLock
PhCountStringZ
PhCreateObjectType
PhfReleaseQueuedLockShared
PhDeleteCircularBuffer_ULONG64
PhCreateString
PhDereferenceObjectDeferDelete
PhCreateList
PhConvertMultiByteToUtf16
PhModalPropertySheet
PhFormatUInt64
PhLayoutManagerLayout
PhFree
PhCenterWindow
PhFormatDateTime
PhAutoDereferenceObject
PhFormatString_V
PhAddListViewItem
PhAddLayoutItem
PhCreateStringEx
PhAddListViewColumn
PhGetSelectedListViewItemParam
PhSetExtendedListView
PhCreateThread
PhAllocate
PhAddSettings
PhGetGeneralCallback
PhShowEMenu
PhDestroyEMenu
PhRegisterPlugin
PhSetControlTheme
PhSetListViewSubItem
PhDeleteLayoutManager
PhBufferToHexString
PhGetPluginCallback
PhQueryValueKey
PhEqualStringRef
PhFindListViewItemByFlags
PhGetStringSetting
PhSetStringSetting2
PhSplitStringRefAtChar
PhGetListViewItemParam
PhFormatString
PhDivideSinglesBySingle
PhInitializeGraphState
PhConcatStrings2
PhSiSizeLabelYFunction
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhGetDrawInfoGraphBuffers
PhGetStatisticsTimeString
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhUnregisterCallback
PhRemoveStringBuilder
PhDrainAutoPool
PhFinalStringBuilderString
PhRegisterCallback
PhQueryRegistryString
PhInitializeAutoPool
PhConcatStringRef2
PhDeleteStringBuilder
PhProcessesUpdatedEvent
PhOpenKey
PhMainWndHandle
PhFormatSize
PhInitializeLayoutManager

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
NtQueryVolumeInformationFile
NtFsControlFile
NtQueryInformationProcess
NtDeviceIoControlFile
RtlGUIDFromString
LdrGetProcedureAddress
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
NtClose
RtlVirtualUnwind
RtlUnwindEx

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
CloseHandle
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW
CreateFileW
HeapAlloc
GetLogicalDrives
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime

user32

DefWindowProcW
SetDlgItemTextW
GetParent
GetDlgItem
EnableWindow
GetCursorPos
CreateWindowExW
InvalidateRect
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
TranslateMessage
PostQuitMessage
SetForegroundWindow
IsIconic
RemovePropW
GetPropW
SendMessageW
SetPropW

comctl32

ord413
ord410
ord412
CreatePropertySheetPageW

advapi32

SystemFunction036

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/plugins/NetworkTools.dll
.dll windows:5 windows x64 arch:x64

708b686e80e093711f38091d787a01bd

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:4e:bf:30:7a:53:ea:24:c3:9a:27:62:54:01:bc:37:2d:a9:d7:d9:4e:11:84:11:6f:97:3c:e4:cb:dc:3f:9d
Signer

Actual PE Digest

ad:4e:bf:30:7a:53:ea:24:c3:9a:27:62:54:01:bc:37:2d:a9:d7:d9:4e:11:84:11:6f:97:3c:e4:cb:dc:3f:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\NetworkTools.pdb

Imports

processhacker.exe

WindowsVersion
PhReAllocate
PhCreateProcessWin32Ex
PhFormatString
PhApplicationFont
PhDivideSinglesBySingle
PhInitializeGraphState
PhInitializeCircularBuffer_ULONG
PhGetPluginCallback
PhGetPhVersion
PhSiSetColorsGraphDrawInfo
PhUnregisterCallback
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhQueueItemWorkQueue
PhDeleteWorkQueue
PhSetGraphText
PhInitializeWorkQueue
PhProcessesUpdatedEvent
PhCreateBytesEx
PhMainWndHandle
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhCreateThread
PhSaveWindowPlacementToSetting
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhTerminateProcess
PhGetIntegerPairSetting
PhLoadWindowPlacementFromSetting
PhRemoveStringBuilder
PhDrainAutoPool
PhAddLayoutItem
PhFormatString_V
PhAutoDereferenceObject
PhGetScalableIntegerPairSetting
PhAppendCharStringBuilder
PhInitializeAutoPool
PhCenterWindow
PhFree
PhDeleteStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilder
PhLayoutManagerLayout
PhDereferenceObject
PhShellExecute
PhSetIntegerSetting
PhGetIntegerSetting
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhFindEMenuItem
PhAddSettings
PhGetGeneralCallback
PhIndexOfEMenuItem
PhRegisterCallback
PhRegisterPlugin

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtReadFile
NtSetInformationObject
RtlOemStringToUnicodeString
RtlIpv6AddressToStringW
NtClose
RtlIpv4AddressToStringW
RtlFreeUnicodeString
RtlUnwindEx

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
SetLastError
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetFileType
LCMapStringW
IsValidCodePage
GetOEMCP
RaiseException
CreateFileW
CloseHandle
WriteConsoleW
MulDiv
GetStdHandle
CreatePipe
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
EnterCriticalSection

user32

SetWindowTextW
DialogBoxParamW
SetDlgItemInt
GetDlgItemInt
PostMessageW
GetDC
SetWindowLongPtrW
CreateWindowExW
GetSystemMetrics
GetWindowLongPtrW
DestroyIcon
SetDlgItemTextW
GetSysColorBrush
SystemParametersInfoW
LoadImageW
InvalidateRect
ReleaseDC
GetMessageW
CreateDialogParamW
DestroyWindow
GetPropW
SendMessageW
RemovePropW
GetDlgCtrlID
ShowWindow
DispatchMessageW
IsDialogMessageW
SetPropW
TranslateMessage
MapDialogRect
GetDlgItem
PostQuitMessage
GetParent
SetForegroundWindow
EndDialog

gdi32

SetBkColor
GetStockObject
DeleteObject
SetBkMode
GetDeviceCaps
CreateFontW
SelectObject
SetTextColor

advapi32

SystemFunction036

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/plugins/OnlineChecks.dll
.dll windows:5 windows x64 arch:x64

04815c367f41620755869bb42bd07b00

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:df:1d:91:39:3a:2d:e9:e1:1e:06:e7:99:83:c8:a8:c0:e3:04:ed:ff:4c:80:58:1a:46:dd:f2:ff:a3:59:fd
Signer

Actual PE Digest

b9:df:1d:91:39:3a:2d:e9:e1:1e:06:e7:99:83:c8:a8:c0:e3:04:ed:ff:4c:80:58:1a:46:dd:f2:ff:a3:59:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\OnlineChecks.pdb

Imports

processhacker.exe

PhMainWndHandle
PhCreateString
PhGetFileSize
PhQuerySystemTime
PhFormatSize
PhBufferToHexString
PhFormatString
PhAllocate
PhCreateThread
PhCountStringZ
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
PhGetPhVersion
WindowsVersion
PhDeleteAutoPool
PhGetBaseName
PhCreateFileWin32
PhCreateStringEx
PhDrainAutoPool
PhReAllocate
PhInitializeAutoPool
PhCenterWindow
PhConvertUtf16ToAsciiEx
PhFree
PhDeleteStringBuilder
PhZeroExtendToUtf16Ex
PhDereferenceObject
PhShellExecute
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhFindEMenuItem
PhGetGeneralCallback
PhIndexOfEMenuItem
PhRegisterCallback
PhRegisterPlugin
PhGetPluginCallback

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlNtStatusToDosError
NtClose
NtReadFile
NtSetInformationFile
RtlRandomEx
RtlCaptureContext

kernel32

GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
CreateFileW
GetLastError
MulDiv
WriteConsoleW
SetFilePointerEx
CloseHandle
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
GetACP
GetFileType
WideCharToMultiByte
HeapFree
HeapAlloc
HeapReAlloc
LCMapStringW
GetLocaleInfoW
FreeLibrary
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
IsValidLocale

user32

GetDlgCtrlID
IsIconic
SetForegroundWindow
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
GetParent
SetPropW
TranslateMessage
GetDlgItem
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
ReleaseDC

gdi32

GetDeviceCaps
SetTextColor
SetBkMode
DeleteObject
CreateFontW

advapi32

SystemFunction036
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/plugins/SbieSupport.dll
.dll windows:5 windows x64 arch:x64

72ee8e9111090fd44c3cca631502d2bb

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

97:f3:af:2c:a2:fc:99:7a:77:7d:ae:4f:15:7a:06:6f:ba:fa:84:f0:66:d0:22:fd:d6:9a:35:0d:c9:f6:3e:e8
Signer

Actual PE Digest

97:f3:af:2c:a2:fc:99:7a:77:7d:ae:4f:15:7a:06:6f:ba:fa:84:f0:66:d0:22:fd:d6:9a:35:0d:c9:f6:3e:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\SbieSupport.pdb

Imports

processhacker.exe

PhFindProcessNode
PhEnumHashtable
PhfAcquireQueuedLockExclusive
PhGetFileName
PhGetPluginCallback
PhRegisterPlugin
PhRegisterCallback
PhAutoDereferenceObject
PhUpdateProcessNode
PhSetStringSetting2
PhfAcquireQueuedLockShared
PhCreateHashtable
PhClearHashtable
PhGetGeneralCallback
PhAddEntryHashtable
PhMainWndHandle
PhInsertEMenuItem
PhShowConfirmMessage
PhfReleaseQueuedLockShared
PhOpenProcess
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhFindEntryHashtable
PhGetWindowText
PhSetFileDialogFilter
PhAppendFormatStringBuilder
PhCreateOpenFileDialog
PhfWakeForReleaseQueuedLock
PhAddSettings
PhGetStringSetting
PhGetFileDialogFileName
PhTerminateProcess
PhSetFileDialogFileName

ntdll

RtlCreateTimerQueue
LdrGetProcedureAddress
RtlCreateTimer
NtClose
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx

kernel32

RaiseException
CreateFileW
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
LoadLibraryW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
GetModuleFileNameW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection

user32

SetDlgItemTextW
EndDialog
GetDlgItem
DialogBoxParamW

advapi32

SystemFunction036

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/plugins/ToolStatus.dll
.dll windows:5 windows x64 arch:x64

eb997c25e2337a8dceb7fa463ce2b04d

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:5f:08:7b:0f:7b:52:5b:0c:f8:79:b5:5b:0a:a7:12:b9:68:76:e2:5d:64:7f:e2:e0:f0:34:fa:0b:9d:51:70
Signer

Actual PE Digest

a8:5f:08:7b:0f:7b:52:5b:0c:f8:79:b5:5b:0a:a7:12:b9:68:76:e2:5d:64:7f:e2:e0:f0:34:fa:0b:9d:51:70

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\ToolStatus.pdb

Imports

uxtheme

GetThemeInt
IsThemeActive
OpenThemeData
CloseThemeData

processhacker.exe

PhSplitStringRefAtChar
PhCenterWindow
PhGlobalDpi
PhRemoveItemList
PhInsertItemList
PhAllocate
PhMainWndHandle
PhGetIntegerSetting
PhSetIntegerSetting
PhAddComboBoxStrings
WindowsVersion
PhGetStatisticsTimeString
PhGetStatisticsTime
PhDereferenceObject
PhFindProcessRecord
PhAutoDereferenceObject
PhFormatString_V
PhDereferenceProcessRecord
PhCopyCircularBuffer_FLOAT
PhGraphStateGetDrawInfo
PhDeleteGraphState
PhSiSetColorsGraphDrawInfo
PhInitializeGraphState
PhDivideSinglesBySingle
PhSystemBasicInformation
PhFormatString
PhShowProcessRecordDialog
PhFormatSize
PhDeselectAllProcessNodes
PhCreateSimpleHashtable
PhSetFlagsEMenuItem
PhCreateProcessPropContext
PhGetOwnTokenAttributes
PhShowMessage
PhCreateAlloc
PhGetPluginCallback
PhReferenceObject
PhRegisterPlugin
PhReferenceProcessItem
PhGetFilterSupportNetworkTreeList
PhDestroyEMenu
PhDeselectAllServiceNodes
PhGetFilterSupportServiceTreeList
PhRegisterCallback
PhExpandAllProcessNodes
PhShowEMenu
PhFindItemSimpleHashtable
PhApplyTreeNewFilters
PhShowProcessProperties
PhRegisterMessageLoopFilter
PhIconToBitmap
PhAddTreeNewFilter
PhReferenceEmptyString
PhLoadIcon
PhCreateString
PhQuerySystemTime
PhClearList
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhStringToInteger64
PhGetStringSetting
PhSetStringSetting2
PhRemoveStringBuilder
PhFinalStringBuilderString
PhFormatUInt64
PhCreateList
PhfReleaseQueuedLockShared
PhDereferenceObjects
PhGetServiceTypeString
PhAddItemList
PhGetProtocolTypeName
PhfAcquireQueuedLockShared
PhFree
PhGetServiceErrorControlString
PhFindStringInStringRef
PhGetServiceStateString
PhGetProcessPriorityClassString
PhGetTcpStateName
PhGetServiceStartTypeString
PhSetImageListBitmap
PhAddItemSimpleHashtable
PhInsertEMenuItem
PhGetFilterSupportProcessTreeList
PhSetSelectThreadIdProcessPropContext
PhFindProcessNode
PhPluginGetSystemStatistics
PhEqualStringRef
PhCreateEMenuItem
PhGetWindowText
PhUiTerminateProcesses
PhConcatStrings2
PhCreateEMenu
PhInvokeCallback
PhAddSettings
PhGetGeneralCallback

kernel32

HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
SetFilePointerEx
CloseHandle
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
WriteConsoleW
GetProcAddress
GetModuleHandleW
SizeofResource
FreeResource
LockResource
LoadResource
FindResourceW
CreateFileW
RaiseException
IsDebuggerPresent
GetConsoleCP

user32

EnableWindow
DialogBoxParamW
GetSysColorBrush
DestroyIcon
GetParent
GetKeyState
GetDC
OffsetRect
GetCapture
RedrawWindow
TrackMouseEvent
PtInRect
GetWindowThreadProcessId
DefWindowProcW
GetWindowRect
GetMenu
SetWindowPos
SetWindowTextW
WindowFromPoint
LoadAcceleratorsW
IsChild
MapWindowPoints
SetFocus
TranslateAcceleratorW
LoadCursorW
SetCapture
GetWindowDC
SetCursor
GetClientRect
ReleaseCapture
ReleaseDC
DrawTextW
DestroyWindow
IsWindowVisible
CreateWindowExW
ShowWindow
GetSystemMetrics
SetMenu
DrawMenuBar
InvalidateRect
GetPropW
FillRect
SendMessageW
EndDialog
RemovePropW
FrameRect
GetSysColor
SetPropW
GetDlgItem
GetCursorPos

gdi32

SetROP2
RestoreDC
Rectangle
BitBlt
SaveDC
CreateSolidBrush
CreateDIBSection
GetTextExtentPoint32W
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
SetTextColor
SetBkMode
GetObjectW
DeleteObject
CreatePen
CreateFontIndirectW

ole32

CoCreateInstance

comctl32

ord412
ImageList_SetImageCount
ord410
ord413
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_Add
ImageList_Replace

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlLookupFunctionEntry
RtlCaptureContext

advapi32

SystemFunction036

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/plugins/Updater.dll
.dll windows:5 windows x64 arch:x64

a4de2eec6f8b6d96d60cfa61bcaa6840

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:3d:e0:4a:39:d8:b0:4f:95:19:30:b3:72:cc:85:c3:24:a0:b7:37:1a:2d:c0:85:07:ad:08:81:c4:d1:92:68
Signer

Actual PE Digest

f2:3d:e0:4a:39:d8:b0:4f:95:19:30:b3:72:cc:85:c3:24:a0:b7:37:1a:2d:c0:85:07:ad:08:81:c4:d1:92:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\Updater.pdb

Imports

processhacker.exe

PhMainWndHandle
PhInitializeHash
PhQuerySystemTime
PhFormatSize
PhFinalHash
PhOpenKey
PhBufferToHexString
PhFormatString
PhfWaitForEvent
mxmlLoadString
PhIconToBitmap
PhAllocate
PhVerifyFile
PhCreateThread
PhGetFullPath
mxmlFindElement
PhEqualStringRef
PhConcatStrings2
PhFormatGuid
PhStringToInteger64
WindowsVersion
PhDeleteAutoPool
PhGetStringSetting
PhShowStatus
PhGetPhVersionNumbers
PhUpdateHash
PhSetStringSetting2
PhGenerateGuid
PhCreateFileWin32
PhSplitStringRefAtChar
PhCreateStringEx
PhDrainAutoPool
PhfSetEvent
PhFormatString_V
PhAutoDereferenceObject
PhReAllocate
PhQueryRegistryString
PhInitializeAutoPool
PhCenterWindow
PhFree
PhReferenceObject
mxmlDelete
PhDereferenceObject
PhGetOwnTokenAttributes
PhShellExecute
PhfResetEvent
PhFormatUInt64
PhSetIntegerSetting
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhAddSettings
PhReferenceEmptyString
PhGetGeneralCallback
PhRegisterCallback
PhGetIntegerSetting
PhRegisterPlugin
PhGetPluginCallback
PhConvertUtf8ToUtf16

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
NtWriteFile
NtClose
RtlUnwindEx
RtlCaptureContext

kernel32

LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetLastError
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
MultiByteToWideChar
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
HeapFree
HeapAlloc
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
TerminateProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
GetProcAddress
CreateFileW
WriteConsoleW
GetTempPathW
Sleep
GetLastError
MulDiv
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
WideCharToMultiByte

user32

EndDialog
GetDlgItem
DialogBoxParamW
GetDlgCtrlID
GetMessageW
CreateDialogParamW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
RemovePropW
GetSystemMetrics
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
DestroyIcon
PostMessageW
SetDlgItemTextW
SendDlgItemMessageW
SetPropW
TranslateMessage
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
GetParent
SetForegroundWindow
LoadImageW
IsIconic
ReleaseDC
EnableWindow
SendMessageW

gdi32

DeleteObject
SetTextColor
GetDeviceCaps
CreateFontW
SetBkMode

shell32

ShellExecuteExW
SHCreateDirectoryExW

advapi32

SystemFunction036

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/plugins/UserNotes.dll
.dll windows:5 windows x64 arch:x64

dc18317fe7617feca1007aefae7060a6

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:80:61:a0:b7:8d:b5:d0:5d:ec:68:e7:74:2e:07:71:a7:ec:7a:fb:13:8b:9a:20:72:5b:bf:d5:09:f7:09:ec
Signer

Actual PE Digest

ba:80:61:a0:b7:8d:b5:d0:5d:ec:68:e7:74:2e:07:71:a7:ec:7a:fb:13:8b:9a:20:72:5b:bf:d5:09:f7:09:ec

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\UserNotes.pdb

Imports

uxtheme

EnableThemeDialogTexture

processhacker.exe

PhInvalidateAllProcessNodes
PhOpenProcess
PhPluginAddMenuHook
PhInitializeLayoutManager
PhInsertEMenuItem
PhMainWndHandle
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhInitializeStringBuilder
PhGetWindowText
PhFindEntryHashtable
PhDereferenceObject
mxmlDelete
PhEnumHashtable
mxmlNewOpaque
PhfAcquireQueuedLockExclusive
PhConvertUtf8ToUtf16
mxmlElementSetAttr
PhReferenceObject
PhFree
PhInitializeAutoPool
PhAutoDereferenceObject
PhDrainAutoPool
PhPropPageDlgProcHeader
PhCompareStringRef
PhCreateStringEx
PhCreateFileWin32
PhSetFileDialogFilter
PhFindEMenuItem
PhAppendFormatStringBuilder
PhGetPluginInformation
PhCreateOpenFileDialog
PhAddSettings
PhGetStringSetting
PhGetFileDialogFileName
PhSetFileDialogFileName
PhGetGeneralCallback
PhFindPlugin
PhSetStringSetting2
PhPluginSetObjectExtension
PhSplitStringRefAtChar
PhAddProcessPropPage
PhGetSelectedProcessItems
PhRemoveStringBuilder
PhPropPageDlgProcDestroy
PhDoPropPageLayout
PhFinalStringBuilderString
PhAddLayoutItem
PhFormatString_V
PhProcessModifiedEvent
PhRegisterCallback
ProcessQueryAccess
PhCenterWindow
PhGetSelectedProcessItem
PhConcatStringRef2
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhGetFileName
PhCreateProcessPropPageContextEx
PhExpandEnvironmentStrings
PhPluginGetObjectExtension
PhProcessesUpdatedEvent
PhLayoutManagerLayout
PhDuplicateProcessNodeList
PhAddPropPageLayoutItem
PhGetApplicationDirectory
PhIntegerToString64
mxmlSaveFd
PhHashStringRef
PhGetFileSize
mxmlNewElement
PhAllocate
PhGetFullPath
mxmlLoadFd
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhRemoveEntryHashtable
PhAddEntryHashtableEx
PhStringToInteger64
PhfWakeForReleaseQueuedLock
PhDeleteAutoPool
PhReferenceEmptyString
PhCreateHashtable
PhDeleteLayoutManager

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlDetermineDosPathNameType_U
NtQueryInformationProcess
NtClose
NtSetInformationProcess
RtlLookupFunctionEntry
RtlUnwindEx

user32

MessageBoxW
GetPropW
SetWindowLongPtrW
SendMessageW
EndDialog
SetWindowTextW
SetDlgItemTextW
SetPropW
GetDlgItem
DialogBoxParamW
EnableWindow
RemovePropW

comdlg32

ChooseColorW

shell32

SHCreateDirectoryExW

comctl32

CreatePropertySheetPageW

kernel32

SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
WriteFile
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ExitProcess
WriteConsoleW
CreateFileW
RaiseException
SetFilePointerEx

advapi32

SystemFunction036

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PHacker 64 bit/plugins/WindowExplorer.dll
.dll windows:5 windows x64 arch:x64

807c2a5324cd8c3d21e70814ac733d28

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:8c:eb:35:82:9e:7f:f3:23:3f:a9:5a:42:21:55:19:bc:29:dd:e7:55:f0:92:b1:e7:34:45:2e:a9:a3:f2:12
Signer

Actual PE Digest

a1:8c:eb:35:82:9e:7f:f3:23:3f:a9:5a:42:21:55:19:bc:29:dd:e7:55:f0:92:b1:e7:34:45:2e:a9:a3:f2:12

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\processhacker2\bin\Release64\plugins\WindowExplorer.pdb

Imports

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryInformationProcess
NtMapViewOfSection
NtWaitForSingleObject
NtOpenSection
RtlCreateSecurityDescriptor
NtUnmapViewOfSection
RtlCreateAcl
NtCreateMutant
NtSetEvent
NtCreateEvent
NtClose
RtlAddAce
NtSetSecurityObject
NtOpenEvent
RtlSubAuthoritySid
NtReleaseMutant
NtCreateSection
RtlInitializeSid
NtResetEvent
RtlSetSaclSecurityDescriptor
NtOpenMutant

kernel32

GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetModuleHandleW
GetProcAddress
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
GetConsoleMode
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
DeleteCriticalSection

user32

GetKeyState
GetMessageW
GetClassWord
CallWindowProcW
GetMenu
MonitorFromRect
CreateWindowExW
DispatchMessageW
GetWindowInfo
GetMonitorInfoW
GetDlgCtrlID
PeekMessageW
SetDlgItemTextW
MapWindowPoints
TranslateMessage
PostThreadMessageW
GetWindowLongW
CreateDialogParamW
ShowWindowAsync
PostMessageW
FindWindowExW
DestroyWindow
IsWindowVisible
SetWindowPos
GetPropW
SetWindowLongPtrW
SendMessageW
RemovePropW
SetWindowTextW
GetWindowPlacement
ShowWindow
CloseDesktop
SetTimer
RedrawWindow
GetLayeredWindowAttributes
IsWindowEnabled
MoveWindow
SetLayeredWindowAttributes
SetPropW
EnumDesktopWindows
MapDialogRect
GetDlgItem
KillTimer
GetDesktopWindow
OpenDesktopW
SetForegroundWindow
EnableWindow
GetWindowRect
GetSystemMetrics
GetWindowDC
ReleaseDC
EnumDesktopsW
GetProcessWindowStation
GetWindowThreadProcessId
GetClassLongPtrA
CallNextHookEx
GetWindowLongPtrW
GetClassLongPtrW
UnhookWindowsHookEx
SendNotifyMessageW
GetClassNameW
SetWindowsHookExW
GetWindowLongPtrA
GetClassInfoExW
IsWindowUnicode
RegisterWindowMessageW
EnumPropsExW

gdi32

DeleteObject
RestoreDC
Rectangle
CreatePen
GetStockObject
SelectObject
SaveDC
SetROP2

advapi32

SystemFunction036

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
USB/usbHistory.exe
.exe windows:4 windows x86 arch:x86

67c097438e1eeda7286e421b1c8772aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA

comctl32

InitCommonControls

comdlg32

GetSaveFileNameA

gdi32

CreateFontA

kernel32

AddAtomA
ExitProcess
FileTimeToSystemTime
FindAtomA
GetAtomNameA
GetCommandLineA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
SetUnhandledExceptionFilter
Sleep
SystemTimeToTzSpecificLocalTime
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
fclose
fopen
fprintf
free
malloc
memcpy
signal
sprintf
strcat
strcpy
strncpy
strstr

user32

CreateWindowExA
DefWindowProcA
DispatchMessageA
GetDlgItem
GetMessageA
LoadCursorA
LoadIconA
PostQuitMessage
RegisterClassExA
SendDlgItemMessageA
SendMessageA
ShowWindow
TranslateMessage

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 120B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
��⨢��/LastActivityView.cfg
��⨢��/LastActivityView.chm
.chm
��⨢��/LastActivityView.exe
.exe windows:4 windows x86 arch:x86

28d54068583ea348b007c0eb72f71f9c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba
Signer

Actual PE Digest

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
calloc
__set_app_type
_controlfp
_except_handler3
_wcmdln
realloc
_msize
_wcslwr
strlen
_purecall
_itow
_wcsnicmp
qsort
free
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
_snwprintf
wcscat
wcsncat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetLongPathNameW
QueryDosDeviceW
GetVolumeInformationW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
FreeLibrary
ReadProcessMemory
DeleteFileW
SetErrorMode
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetDriveTypeW
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetCurrentProcess
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle

user32

ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
DrawTextExW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
CreatePopupMenu
CallWindowProcW

gdi32

CreateFontIndirectW
SetTextColor
DeleteObject
DeleteDC
GetObjectW
SetBkMode
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetPixel
SetPixel
SelectObject
CreateCompatibleDC

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegEnumValueW
RegConnectRegistryW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHBindToParent
SHGetDesktopFolder
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SysFreeString
SysAllocString

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
��㧥�/BrowsingHistoryView.cfg
��㧥�/BrowsingHistoryView.chm
.chm
��㧥�/BrowsingHistoryView.exe
.exe windows:4 windows x86 arch:x86

f3c51d46b32c789380e17c5bf6bb3776

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\BrowsingHistoryView\Release\BrowsingHistoryView.pdb

Imports

msvcrt

exit
_wcmdln
__wgetmainargs
__dllonexit
_endthreadex
strftime
_gmtime64
strcmp
realloc
_beginthreadex
_cexit
strlen
qsort
_wcslwr
_itow
strchr
_wcsnicmp
memmove
wcsrchr
malloc
free
_XcptFilter
_exit
_c_exit
_msize
_onexit
wcscmp
modf
memcmp
_memicmp
wcstoul
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
wcslen
_ultow
abs
_wcsupr
_wcsicmp
wcschr
memcpy
_wtoi
wcscpy
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
wcsncat
_snwprintf
memset
wcscat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_ReplaceIcon
ImageList_Add
ImageList_AddMasked

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW

kernel32

InitializeCriticalSection
GetVersionExA
HeapSize
TryEnterCriticalSection
OutputDebugStringA
GetCurrentThreadId
FormatMessageA
DeleteCriticalSection
HeapCompact
GetProcessHeap
CreateMutexW
GetFileAttributesExW
SetEndOfFile
LockFileEx
GetModuleHandleA
GetStartupInfoW
GetFullPathNameW
UnlockFile
GetFullPathNameA
OutputDebugStringW
UnlockFileEx
FlushFileBuffers
GetDiskFreeSpaceA
CreateFileA
HeapReAlloc
WaitForSingleObjectEx
LockFile
GetSystemInfo
SystemTimeToFileTime
FileTimeToSystemTime
CloseHandle
GetFileSize
ExpandEnvironmentStringsW
CompareFileTime
GetSystemTimeAsFileTime
DeleteFileW
CopyFileW
CreateFileW
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
GetLastError
SetFilePointerEx
LocalFree
LockResource
WriteFile
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
FindResourceW
LoadResource
GlobalAlloc
GlobalUnlock
LoadLibraryExW
GetTempPathW
WideCharToMultiByte
FindNextFileW
SizeofResource
FormatMessageW
GlobalLock
FindClose
GetVersionExW
GetDateFormatW
GetTempFileNameW
FindFirstFileW
GetTimeFormatW
GetWindowsDirectoryW
GetFileAttributesW
FileTimeToLocalFileTime
SetFilePointer
ReadFile
GetModuleFileNameW
DosDateTimeToFileTime
CreateFileMappingW
OpenProcess
DuplicateHandle
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetCurrentProcess
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetStdHandle
SetErrorMode
ReadProcessMemory
ExitProcess
Process32NextW
CreateToolhelp32Snapshot
Process32FirstW
EnumResourceTypesW
EnterCriticalSection
HeapAlloc
GetDiskFreeSpaceW
Sleep
GetTempPathA
QueryPerformanceCounter
GetSystemTime
CreateFileMappingA
HeapDestroy
AreFileApisANSI
HeapFree
DeleteFileA
LeaveCriticalSection
GetFileAttributesA
WaitForSingleObject
HeapCreate
InterlockedCompareExchange
HeapValidate
FlushViewOfFile

user32

TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW
TranslateMessage
DrawTextExW
ModifyMenuW
DispatchMessageW
GetMonitorInfoW
MonitorFromWindow
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetWindowPlacement
GetDlgItemInt
DeferWindowPos
SetDlgItemInt
CreateWindowExW
BeginPaint
GetWindow
EndPaint
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetSystemMetrics
GetWindowRect
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
LoadAcceleratorsW
DefWindowProcW
LoadImageW
LoadIconW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
SetClipboardData
EnableWindow
GetMenu
MapWindowPoints
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
CloseClipboard
GetMenuItemCount
CheckMenuItem
CheckMenuRadioItem
GetCursorPos
RegisterWindowMessageW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
GetKeyState
PeekMessageW

gdi32

GetStockObject
SetBkColor
GetTextExtentPoint32W
GetDeviceCaps
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
FindTextW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
�㢠/License.txt
�㢠/lang/lang-1025.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1026.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1027.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1028.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1029.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1030.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1031.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1032.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1034.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1035.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1036.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1037.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1038.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1040.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1041.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1043.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1044.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1045.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1046.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1048.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1049.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1050.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1051.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1052.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1053.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1054.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1055.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1057.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1058.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1059.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1060.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1061.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1062.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1063.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1066.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1067.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1068.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1071.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-1079.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-2052.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-2074.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-3098.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-5146.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/lang/lang-9999.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/portable.dat
�㢠/recuva.exe
.exe windows:5 windows x86 arch:x86

ac50b187d8a38d4f1979564a90c4e82e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:48:b2:7c:82:24:fe:37:b1:7a:6a:2e:d7:a8:1c:9f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/08/2015, 00:00

Not After

10/10/2018, 23:59

Subject

CN=Piriform Ltd,O=Piriform Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:48:b2:7c:82:24:fe:37:b1:7a:6a:2e:d7:a8:1c:9f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/08/2015, 00:00

Not After

10/10/2018, 23:59

Subject

CN=Piriform Ltd,O=Piriform Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:d0:f3:3d:77:41:b6:78:90:01:1e:fa:bb:a0:00:6f:5e:e9:f4:10:1a:e4:15:b7:47:ab:77:b5:1e:7e:26:c1
Signer

Actual PE Digest

42:d0:f3:3d:77:41:b6:78:90:01:1e:fa:bb:a0:00:6f:5e:e9:f4:10:1a:e4:15:b7:47:ab:77:b5:1e:7e:26:c1

Digest Algorithm

sha256

PE Digest Matches

true

3f:7b:65:e5:03:c7:da:62:5e:c4:dc:7c:1e:88:c4:02:49:1c:92:f2
Signer

Actual PE Digest

3f:7b:65:e5:03:c7:da:62:5e:c4:dc:7c:1e:88:c4:02:49:1c:92:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

S:\workspace\RecuvaNew\Trunk\bin\Release\Win32\recuva.pdb

Imports

wininet

HttpQueryInfoW
InternetQueryDataAvailable
InternetCrackUrlW
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

kernel32

RtlCaptureContext
SizeofResource
LockResource
LoadResource
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetLastError
GetCurrentThreadId
RaiseException
GetCurrentProcess
FlushInstructionCache
FreeLibrary
MulDiv
CloseHandle
WaitForSingleObject
CreateEventA
SetEvent
DuplicateHandle
CreateSemaphoreA
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcessId
GlobalReAlloc
GlobalAlloc
GetLogicalDrives
FindClose
GlobalFree
SetErrorMode
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
GetLocalTime
GetCommandLineW
lstrlenA
InterlockedExchange
Sleep
HeapFree
InitializeCriticalSection
HeapAlloc
ReleaseSemaphore
WriteFile
WaitForMultipleObjects
ResetEvent
CompareFileTime
GlobalLock
GlobalUnlock
SystemTimeToFileTime
FileTimeToSystemTime
VirtualProtect
GetCurrentThread
LoadLibraryA
GetModuleHandleA
SetUnhandledExceptionFilter
VirtualQueryEx
TerminateThread
ResumeThread
CreateThread
GetSystemTime
LocalFree
GetSystemInfo
LocalAlloc
SetEnvironmentVariableA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
SetHandleCount
SetStdHandle
CreateFileA
GetFileType
GetOEMCP
GetACP
GetStdHandle
RtlUnwind
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
HeapSetInformation
HeapCreate
AreFileApisANSI
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
CreateWaitableTimerA
InterlockedPopEntrySList
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSize
HeapReAlloc
HeapDestroy
ExitProcess
FileTimeToDosDateTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
DebugBreak
WaitForMultipleObjectsEx
VirtualFree
VirtualAlloc
SetEndOfFile
SetFilePointerEx
OpenEventA
ExitThread
GetVolumePathNamesForVolumeNameW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
DeviceIoControl
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
ReadFile
FlushFileBuffers
MoveFileExW
GetFileTime
GetFileSizeEx
GetLocaleInfoA
FileTimeToLocalFileTime
GlobalMemoryStatus
GetVersionExA
SetFileTime
SetFilePointer
GetFileSize
UnmapViewOfFile
MapViewOfFile
SleepEx
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SetWaitableTimer
QueueUserAPC
InterlockedCompareExchange

user32

AdjustWindowRectEx
GetComboBoxInfo
GetMenu
RemoveMenu
SetCaretPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetScrollInfo
SetScrollRange
DragDetect
GetKeyState
SetScrollPos
DestroyCaret
CreateCaret
HideCaret
ShowCaret
CheckMenuRadioItem
SetMenuItemBitmaps
CheckMenuItem
CreatePopupMenu
SetMenuInfo
GetMenuInfo
DeleteMenu
GetMenuItemCount
GetUpdateRect
CheckDlgButton
IsIconic
FlashWindowEx
GetIconInfo
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
MonitorFromPoint
GetSubMenu
TrackPopupMenu
IsMenu
DrawFrameControl
InflateRect
SetWindowPlacement
PostQuitMessage
DrawEdge
GetMessagePos
OffsetRect
DestroyCursor
GetCursorPos
SetRectEmpty
UpdateWindow
CallNextHookEx
SetParent
SetTimer
KillTimer
MsgWaitForMultipleObjects
IsWindowEnabled
CopyIcon
GetSysColorBrush
IsDlgButtonChecked
DrawFocusRect
GetSysColor
MapDialogRect
DrawIconEx
SetCursor
PtInRect
ReleaseCapture
WindowFromPoint
ClientToScreen
SetCapture
GetCapture
EndPaint
BeginPaint
SetRect
FrameRect
TrackMouseEvent
TranslateMessage
DestroyWindow
MonitorFromWindow
MapWindowPoints
GetActiveWindow
GetFocus
UnhookWindowsHookEx
GetWindowThreadProcessId
FillRect
InvalidateRect
GetWindowPlacement
ShowWindow
ReleaseDC
GetWindowDC
GetWindow
IsWindow
DestroyMenu
SetFocus
MessageBeep
EnableMenuItem
DestroyIcon
EndDialog
CopyRect
ScreenToClient
SetWindowPos
GetDC
RedrawWindow
GetSystemMenu
CharLowerA
BringWindowToTop
CharLowerBuffA
ExitWindowsEx
CopyImage
UnregisterClassA
EnumWindows
IsWindowVisible
GetSystemMetrics
MoveWindow
GetWindowRect
GetClientRect
GetDlgCtrlID
EnumChildWindows
GetParent
GetDlgItem
GetMenuItemID

oleaut32

SysAllocString
VariantInit
VariantClear
VariantChangeType
VarBstrFromR8
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysFreeString
VarUI4FromStr

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 515KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�㢠/recuva.ini
�㢠/recuva64.exe
.exe windows:5 windows x64 arch:x64

7e18b8b5a1ac812604c6a2df53eec6fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:48:b2:7c:82:24:fe:37:b1:7a:6a:2e:d7:a8:1c:9f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/08/2015, 00:00

Not After

10/10/2018, 23:59

Subject

CN=Piriform Ltd,O=Piriform Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:48:b2:7c:82:24:fe:37:b1:7a:6a:2e:d7:a8:1c:9f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/08/2015, 00:00

Not After

10/10/2018, 23:59

Subject

CN=Piriform Ltd,O=Piriform Ltd,L=London,ST=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:68:4b:5d:ec:80:b3:ac:13:16:b1:98:5a:fe:c4:1a:54:10:9c:53:f9:e3:7c:48:dd:91:42:d6:2e:16:51:44
Signer

Actual PE Digest

77:68:4b:5d:ec:80:b3:ac:13:16:b1:98:5a:fe:c4:1a:54:10:9c:53:f9:e3:7c:48:dd:91:42:d6:2e:16:51:44

Digest Algorithm

sha256

PE Digest Matches

true

af:50:83:60:3f:e7:ea:a9:f1:fe:31:d3:13:82:53:ca:1c:98:39:34
Signer

Actual PE Digest

af:50:83:60:3f:e7:ea:a9:f1:fe:31:d3:13:82:53:ca:1c:98:39:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

S:\workspace\RecuvaNew\Trunk\bin\Release\x64\recuva64.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

HttpOpenRequestW
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetReadFile
HttpAddRequestHeadersW
HttpSendRequestW
InternetConnectW
InternetCrackUrlW
InternetQueryDataAvailable
HttpQueryInfoW

kernel32

GetCurrentThread
WritePrivateProfileStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
lstrlenW
GetModuleHandleW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
FileTimeToSystemTime
SystemTimeToFileTime
GlobalUnlock
GlobalLock
SizeofResource
LockResource
CompareFileTime
ResetEvent
WaitForMultipleObjects
CreateEventW
LoadLibraryA
LocalAlloc
SetEnvironmentVariableA
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleCount
SetStdHandle
CreateFileA
GetFileType
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
LCMapStringW
GetCPInfo
RtlUnwindEx
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
TerminateProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
RtlPcToFileHeader
HeapCreate
GetVersion
HeapSetInformation
AreFileApisANSI
GetNumberFormatW
QueryPerformanceFrequency
FormatMessageA
CreateWaitableTimerA
DecodePointer
EncodePointer
GetStringTypeW
InterlockedPopEntrySList
InterlockedPushEntrySList
HeapSize
HeapReAlloc
HeapDestroy
ExitProcess
FileTimeToDosDateTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
DebugBreak
WaitForMultipleObjectsEx
VirtualProtect
VirtualFree
VirtualAlloc
SetEndOfFile
SetFilePointerEx
OpenEventA
ExitThread
GetVolumePathNamesForVolumeNameW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
DeviceIoControl
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
QueryDosDeviceW
ReadFile
FlushFileBuffers
MoveFileExW
GetFileTime
GetFileSizeEx
GetLocaleInfoA
GetWindowsDirectoryW
GetEnvironmentVariableW
FileTimeToLocalFileTime
GlobalMemoryStatus
GetVersionExA
GetDateFormatW
GetLocaleInfoW
RemoveDirectoryW
SetFileTime
SetFilePointer
GetFileSize
GetFileAttributesExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SleepEx
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SetWaitableTimer
QueueUserAPC
GetSystemInfo
LocalFree
FormatMessageW
GetSystemTime
CreateThread
ResumeThread
CreateSemaphoreW
TerminateThread
VirtualQueryEx
SetUnhandledExceptionFilter
RtlCaptureContext
WriteFile
ReleaseSemaphore
HeapAlloc
InitializeCriticalSection
CompareStringW
lstrcpyW
HeapFree
lstrcpynW
GetVersionExW
Sleep
GetFullPathNameW
CreateFileW
lstrlenA
GetCommandLineW
CreateProcessW
GetStartupInfoW
GetLocalTime
GetCurrentDirectoryW
GetProcessHeap
SetCurrentDirectoryW
LoadLibraryExW
lstrcmpiW
GetSystemDirectoryW
SetErrorMode
WideCharToMultiByte
GetDiskFreeSpaceExW
GlobalFree
FindClose
FindNextFileW
FindFirstFileW
GetLogicalDrives
GetDriveTypeW
CreateDirectoryW
GlobalAlloc
GlobalReAlloc
GetCurrentProcessId
MultiByteToWideChar
GetFileAttributesW
GetTickCount
GetSystemTimeAsFileTime
CreateSemaphoreA
QueryPerformanceCounter
DuplicateHandle
SetEvent
CreateEventA
WaitForSingleObject
CloseHandle
MulDiv
FreeLibrary
LoadLibraryW
FlushInstructionCache
GetCurrentProcess
RaiseException
GetCurrentThreadId
SetLastError
GetPrivateProfileStructW
WritePrivateProfileStructW
GetPrivateProfileStringW

user32

GetDlgItem
EnableWindow
SendMessageW
GetParent
SetWindowLongPtrW
EnumChildWindows
GetDlgCtrlID
SetWindowTextW
GetClientRect
GetWindowRect
MoveWindow
GetSystemMetrics
LoadImageW
GetWindowLongPtrW
IsWindowVisible
EnumWindows
GetSystemMenu
RedrawWindow
GetDC
SetWindowPos
DrawTextW
ScreenToClient
CopyRect
EndDialog
GetComboBoxInfo
AdjustWindowRectEx
GetMenu
RemoveMenu
GetWindowTextLengthW
GetWindowTextW
SetDlgItemTextW
SetCaretPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetScrollInfo
SetScrollRange
DragDetect
GetKeyState
SetScrollPos
DestroyCaret
CreateCaret
HideCaret
ShowCaret
GetClassLongPtrW
CheckMenuRadioItem
SetMenuItemBitmaps
CheckMenuItem
AppendMenuW
CreatePopupMenu
GetMenuStringW
InsertMenuW
SetMenuInfo
GetMenuInfo
DeleteMenu
GetMenuItemCount
GetMenuItemID
GetUpdateRect
CheckDlgButton
RegisterWindowMessageW
IsIconic
FlashWindowEx
GetIconInfo
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
MonitorFromPoint
GetSubMenu
LoadMenuW
SetMenuItemInfoW
TrackPopupMenu
IsMenu
DrawFrameControl
InflateRect
SetWindowPlacement
PostQuitMessage
IsDialogMessageW
DrawEdge
SystemParametersInfoW
GetMessagePos
OffsetRect
GetClassNameW
DestroyCursor
GetCursorPos
GetClassInfoExW
RegisterClassExW
SetRectEmpty
UpdateWindow
CallNextHookEx
SetParent
SetTimer
KillTimer
MsgWaitForMultipleObjects
PostMessageW
IsWindowEnabled
CopyIcon
GetSysColorBrush
IsDlgButtonChecked
DrawFocusRect
GetSysColor
MapDialogRect
DrawIconEx
GetTabbedTextExtentW
LoadCursorW
SetCursor
PtInRect
ReleaseCapture
WindowFromPoint
ClientToScreen
SetCapture
GetCapture
EndPaint
BeginPaint
SetRect
LoadBitmapW
FrameRect
TrackMouseEvent
CreateDialogParamW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassW
GetClassInfoW
MessageBoxW
CharNextW
CreateWindowExW
DestroyWindow
SetWindowLongW
DialogBoxIndirectParamW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetActiveWindow
GetFocus
LoadIconW
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
DialogBoxParamW
CallWindowProcW
DefWindowProcW
FillRect
InvalidateRect
GetWindowPlacement
ShowWindow
ReleaseDC
GetWindowDC
GetWindow
GetWindowLongW
IsWindow
DestroyMenu
SetFocus
MessageBeep
UnregisterClassW
CharLowerW
CharLowerA
BringWindowToTop
GetDlgItemTextW
IsClipboardFormatAvailable
GetClipboardData
CharLowerBuffA
ExitWindowsEx
CopyImage
UnregisterClassA
EnableMenuItem
DestroyIcon

gdi32

Polygon
CreatePatternBrush
CreateBitmap
PatBlt
TextOutW
LineTo
MoveToEx
CreatePen
GetDIBColorTable
StretchBlt
CreateDIBSection
ExtTextOutW
SetBkColor
SetTextColor
GetStockObject
GetDeviceCaps
Polyline
GetTextExtentPoint32W
SetBkMode
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
DeleteDC
CreateFontIndirectW
DeleteObject
GetObjectW
GetClipBox
ExcludeClipRect
CombineRgn
CreateRectRgnIndirect
TextOutA
RestoreDC
SetStretchBltMode
CreateDIBitmap
SetDIBits
GetTextMetricsW
SaveDC
CreateSolidBrush

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
FreeSid
AllocateAndInitializeSid
RegUnLoadKeyW
RegLoadKeyW
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyW
RegEnumKeyExW
RegQueryInfoKeyW

shell32

CommandLineToArgvW
SHGetFileInfoW
ord2
ord4
DoEnvironmentSubstW
ord25
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ShellExecuteW

ole32

CoSetProxyBlanket
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
FreePropVariantArray
CoInitialize
CoInitializeSecurity
CoUninitialize
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoInitializeEx

oleaut32

LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringLen
VarBstrFromR8
VariantChangeType
VariantClear
SysAllocStringByteLen
VariantInit
VarUI4FromStr
SysFreeString
SysAllocString

shlwapi

PathIsDirectoryEmptyW
PathGetDriveNumberW
PathCombineW
PathCanonicalizeW
StrCmpLogicalW
PathFindExtensionW
PathStripPathW
PathIsDirectoryW
PathMatchSpecW
PathFindFileNameA
PathAddBackslashW
PathCompactPathW
PathIsRootW
PathFindFileNameW
PathStripToRootW
PathRemoveExtensionW
PathAddExtensionW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ImageList_GetIcon
ImageList_Add
ImageList_GetImageCount
PropertySheetW
_TrackMouseEvent
CreatePropertySheetPageW
ImageList_GetIconSize
ImageList_Draw
ImageList_LoadImageW
DestroyPropertySheetPage

msimg32

TransparentBlt
AlphaBlend

ws2_32

WSAStartup
WSACleanup

crypt32

CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CryptMsgGetParam
CryptQueryObject
CertFindCertificateInStore

wintrust

WinVerifyTrust

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/Hetman Partition Recovery.chm
.chm
��⬠�/Hetman Partition Recovery.exe
.exe windows:5 windows x86 arch:x86

763b43b57b0bcb05864f5c59fdc7b2f3

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c4:64:8f:02:b6:64:71:01:99:fb:6c:1c:21:ce:2c:b7
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15/01/2018, 00:00

Not After

15/01/2019, 23:59

Subject

CN=Hetman Software,O=Hetman Software,POSTALCODE=07500,STREET=apt.2\, 13\, Komsomolska Street,L=Baryshivka Urban Village,ST=Baryshivka,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:39:9f:f3:02:e6:7c:d9:e2:4a:fe:5d:93:87:e9:0f:01:69:f8:b8
Signer

Actual PE Digest

02:39:9f:f3:02:e6:7c:d9:e2:4a:fe:5d:93:87:e9:0f:01:69:f8:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
UnRegisterTypeLib
RegisterTypeLib
LoadTypeLib
VariantInit
SafeArrayCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
SysStringByteLen
SysFreeString
SysAllocString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExA
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyA
RegDeleteKeyW
RegCreateKeyExA
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
OpenThreadToken
OpenProcessToken
GetUserNameW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WinHelpW
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToAscii
SystemParametersInfoW
SubtractRect
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCaretPos
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScrollDC
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
OemToCharA
NotifyWinEvent
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringA
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvertRect
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowLongW
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawStateW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DeferWindowPos
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CreateAcceleratorTableW
CountClipboardFormats
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
BeginDeferWindowPos
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharUpperA
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
Sleep
VirtualFree
VirtualAlloc
SwitchToThread
GetACP
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCurrentDirectoryW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrlenA
lstrlenW
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcmpW
lstrcatA
WriteProcessMemory
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
TryEnterCriticalSection
TerminateThread
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetEvent
SetErrorMode
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEndOfFile
SetCurrentDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReleaseMutex
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceA
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
OpenMutexW
OpenEventW
MultiByteToWideChar
MulDiv
MoveFileExW
LockResource
LocalFree
LocalFileTimeToFileTime
LoadResource
LoadLibraryExA
LoadLibraryExW
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
IsDBCSLeadByte
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVolumeInformationA
GetVolumeInformationW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathA
GetTempPathW
GetTempFileNameA
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetStringTypeExW
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetMailslotInfo
GetLogicalDrives
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceExA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageA
FormatMessageW
FlushFileBuffers
FindResourceW
FindNextFileW
FindNextChangeNotification
FindFirstFileA
FindFirstFileW
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemLocalesW
EnumSystemCodePagesA
EnumCalendarInfoW
EnterCriticalSection
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateThread
CreateMutexW
CreateMailslotW
CreateIoCompletionPort
CreateFileA
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileA
CopyFileW
CompareStringA
CompareStringW
CloseHandle
Sleep
MulDiv
GetVersionExW

msimg32

AlphaBlend

gdi32

UnrealizeObject
TextOutW
StrokePath
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextJustification
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
ResetDCW
Rectangle
RectVisible
RealizePalette
PtInRegion
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWindowExtEx
GetWinMetaFileBits
GetViewportExtEx
GetTextMetricsA
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextExtentExPointA
GetTextExtentExPointW
GetTextColor
GetTextAlign
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
FillRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExtCreatePen
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPath
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
DPtoLP
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePatternBrush
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateEllipticRgnIndirect
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseFigure
CloseEnhMetaFile
Chord
BitBlt
BeginPath
ArcTo
Arc
AngleArc
AbortDoc
GetRandomRgn

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
OleRegEnumVerbs
IsAccelerator
ReleaseStgMedium
OleDraw
OleSetMenuDescriptor
OleFlushClipboard
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
CreateDataAdviseHolder
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
ProgIDFromCLSID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID
CoCreateGuid

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls
InitCommonControls

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

shell32

SHGetFileInfoW
SHFileOperationW
ShellExecuteW
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

oleacc

LresultFromObject

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod
sndPlaySoundW
mciSendCommandW

ntdll

RtlInitUnicodeString
ZwWaitForSingleObject
ZwOpenFile
ZwDeviceIoControlFile
ZwClose

resources\starburn

StarBurn_CdvdBurnerGrabber_GetDiscUsedSpace
StarBurn_CdvdBurnerGrabber_GetDiscFreeSpace
StarBurn_StarPort_GetVersion
StarBurn_CdvdBurnerGrabber_GetDiscFileSystem
StarBurn_UpStartEx
StarBurn_DownShut
StarBurn_CdvdBurnerGrabber_GetRPC
StarBurn_SetFastReadTOC
StarBurn_ISO9660JolietFileTree_GetFileSizeInUCHARs
StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromTree
StarBurn_CdvdBurnerGrabber_DiscAtOncePQFromTree
StarBurn_ISO9660JolietFileTree_ImportTrack
StarBurn_ISO9660JolietFileTree_SetBootImage
StarBurn_CdvdBurnerGrabber_Cancel
StarBurn_CdvdBurnerGrabber_GetInsertedDiscType
StarBurn_FindDevice
StarBurn_CdvdBurnerGrabber_ProbeSupportedWriteModes
StarBurn_CdvdBurnerGrabber_ProbeSupportedReadModes
StarBurn_CdvdBurnerGrabber_GetTOCInformation
StarBurn_CdvdBurnerGrabber_GetDiscInformation
StarBurn_CdvdBurnerGrabber_GetTrackInformation
StarBurn_CdvdBurnerGrabber_Blank
StarBurn_CdvdBurnerGrabber_Release
StarBurn_CdvdBurnerGrabber_Lock
StarBurn_CdvdBurnerGrabber_Eject
StarBurn_CdvdBurnerGrabber_CloseSession
StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromFile
StarBurn_CdvdBurnerGrabber_DiscAtOncePQFromFile
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromFile
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromTree
StarBurn_CdvdBurnerGrabber_SessionAtOnce
StarBurn_CdvdBurnerGrabber_SendOPC
StarBurn_CdvdBurnerGrabber_SetSpeeds
StarBurn_CdvdBurnerGrabber_GetSpeeds
StarBurn_CdvdBurnerGrabber_SetBUP
StarBurn_CdvdBurnerGrabber_GetBUP
StarBurn_CdvdBurnerGrabber_TestUnitReady
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormatsExEx
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormats
StarBurn_CdvdBurnerGrabber_GetDeviceInformation
StarBurn_CdvdBurnerGrabber_CreateEx
StarBurn_CdvdBurnerGrabber_Create
StarBurn_ISO9660JolietFileTree_SeekToBegin
StarBurn_ISO9660JolietFileTree_Read
StarBurn_ISO9660JolietFileTree_GetSizeInUCHARs
StarBurn_ISO9660JolietFileTree_BuildImage
StarBurn_ISO9660JolietFileTree_GetNextKid
StarBurn_ISO9660JolietFileTree_GetNames
StarBurn_ISO9660JolietFileTree_GetAttributes
StarBurn_ISO9660JolietFileTree_GetFirstKid
StarBurn_ISO9660JolietFileTree_GetRoot
StarBurn_ISO9660JolietFileTree_GetLevel
StarBurn_ISO9660JolietFileTree_Add
StarBurn_ISO9660JolietFileTree_Create
StarBurn_GetDeviceNameByDeviceAddress
StarBurn_Destroy
StarBurn_GetVersion

wsock32

WSACleanup
WSAStartup
WSAGetLastError
WSACancelAsyncRequest
WSAAsyncGetHostByName
gethostname
socket
shutdown
setsockopt
send
recv
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
closesocket

Exports

Exports

EXECryptor_AntiDebug
EXECryptor_DecodeSerialNumber
EXECryptor_DecodeSerialNumberW
EXECryptor_DecryptStr
EXECryptor_DecryptStrW
EXECryptor_EncryptStr
EXECryptor_EncryptStrW
EXECryptor_FN_0
EXECryptor_FN_1
EXECryptor_FN_10
EXECryptor_FN_11
EXECryptor_FN_12
EXECryptor_FN_13
EXECryptor_FN_14
EXECryptor_FN_15
EXECryptor_FN_16
EXECryptor_FN_2
EXECryptor_FN_3
EXECryptor_FN_4
EXECryptor_FN_5
EXECryptor_FN_6
EXECryptor_FN_7
EXECryptor_FN_8
EXECryptor_FN_9
EXECryptor_GetDate
EXECryptor_GetEXECryptorVersion
EXECryptor_GetHardwareID
EXECryptor_GetProcAddr
EXECryptor_GetReleaseDate
EXECryptor_GetTrialDaysLeft
EXECryptor_GetTrialRunsLeft
EXECryptor_IsAppProtected
EXECryptor_IsRegistered
EXECryptor_MessageBox
EXECryptor_ProtectImport
EXECryptor_RegConst_0
EXECryptor_RegConst_1
EXECryptor_RegConst_2
EXECryptor_RegConst_3
EXECryptor_RegConst_4
EXECryptor_RegConst_5
EXECryptor_RegConst_6
EXECryptor_RegConst_7
EXECryptor_SecureRead
EXECryptor_SecureReadW
EXECryptor_SecureWrite
EXECryptor_SecureWriteW
EXECryptor_VerifySerialNumber
EXECryptor_VerifySerialNumberW
EXECryptor_halt

Sections

.text
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 589KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 92B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 623KB - Virtual size: 622KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
��⬠�/Language/Russian.lng
��⬠�/Language/common/Russian.lng
��⬠�/Resources/LoadRAW.dll
.dll windows:4 windows x86 arch:x86

308343f319894f4aa30ec1ea62e0045b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetTempPathA
GetEnvironmentVariableA
GetVersionExA
GetLocalTime
GetSystemTime
SetEnvironmentVariableW
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
GetLastError
DeleteFileA
RtlUnwind
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
RaiseException
WriteFile
WideCharToMultiByte
GetTimeZoneInformation
CloseHandle
CreateFileA
GetCurrentProcessId
SetFilePointer
GetTempFileNameA
SetEndOfFile
SetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ReadFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
FlushFileBuffers
LocalFileTimeToFileTime
SystemTimeToFileTime
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
SetFileTime

ws2_32

htons
ntohs
ntohl
htonl

Exports

Exports

DummyCall_Get
DummyCall_Set
ExtractThumbnail
FromRawToPSD
MSDCRAW_Version
RawInfo
nMSdcRAW

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/Resources/MagicPDF.dll
.dll windows:5 windows x86 arch:x86

cfffa640694082a03aeca64533a2322d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CountClipboardFormats
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
lstrcpyW
lstrcmpW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
TryEnterCriticalSection
TlsSetValue
TlsGetValue
SwitchToThread
SuspendThread
Sleep
SizeofResource
SignalObjectAndWait
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
IsDebuggerPresent
OutputDebugStringW
MultiByteToWideChar
MulDiv
MoveFileW
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetTempFileNameW
GetSystemDefaultLCID
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StrokePath
StrokeAndFillPath
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWorldTransform
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetTextAlign
SetStretchBltMode
SetROP2
SetPolyFillMode
SetPixel
SetMapMode
SetGraphicsMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
ResetDCW
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetObjectW
GetNearestPaletteIndex
GetFontData
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
FillPath
ExtTextOutW
ExtFloodFill
ExcludeClipRect
Escape
EnumFontsW
EnumFontFamiliesExW
EndPath
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateFontW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CloseFigure
CloseEnhMetaFile
Chord
BitBlt
BeginPath
Arc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

ShellExecuteW

comdlg32

PrintDlgW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

gdiplus

GdipDrawCachedBitmap
GdipSetStringFormatMeasurableCharacterRanges
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatDigitSubstitution
GdipSetStringFormatDigitSubstitution
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipSetStringFormatTabStops
GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatTrimming
GdipSetStringFormatTrimming
GdipGetStringFormatLineAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatAlign
GdipSetStringFormatAlign
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipStringFormatGetGenericDefault
GdipCreateStringFormat
GdipMeasureDriverString
GdipDrawDriverString
GdipMeasureCharacterRanges
GdipMeasureString
GdipDrawString
GdipGetLogFontW
GdipGetLogFontA
GdipGetFontHeightGivenDPI
GdipGetFontHeight
GdipGetFontUnit
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipDeleteFont
GdipCloneFont
GdipCreateFont
GdipCreateFontFromLogfontW
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipGetLineSpacing
GdipGetCellDescent
GdipGetCellAscent
GdipGetEmHeight
GdipIsStyleAvailable
GdipGetFamilyName
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySerif
GdipGetGenericFontFamilySansSerif
GdipCloneFontFamily
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipComment
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipEndContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBeginContainer
GdipRestoreGraphics
GdipSaveGraphics
GdipIsVisibleRectI
GdipIsVisibleRect
GdipIsVisiblePointI
GdipIsVisiblePoint
GdipIsVisibleClipEmpty
GdipGetVisibleClipBoundsI
GdipGetVisibleClipBounds
GdipIsClipEmpty
GdipGetClipBoundsI
GdipGetClipBounds
GdipGetClip
GdipTranslateClipI
GdipTranslateClip
GdipResetClip
GdipSetClipHrgn
GdipSetClipRegion
GdipSetClipPath
GdipSetClipRectI
GdipSetClipRect
GdipSetClipGraphics
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestRectI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoint
GdipDrawImagePointsRectI
GdipDrawImagePointsRect
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDrawImagePointRectI
GdipDrawImagePointRect
GdipDrawImagePointsI
GdipDrawImagePoints
GdipDrawImageRectI
GdipDrawImageRect
GdipDrawImageI
GdipDrawImage
GdipFillRegion
GdipFillClosedCurve2I
GdipFillClosedCurve2
GdipFillClosedCurveI
GdipFillClosedCurve
GdipFillPath
GdipFillPieI
GdipFillPie
GdipFillEllipseI
GdipFillEllipse
GdipFillPolygonI
GdipFillPolygon
GdipFillRectanglesI
GdipFillRectangles
GdipFillRectangleI
GdipFillRectangle
GdipGraphicsClear
GdipDrawClosedCurve2I
GdipDrawClosedCurve2
GdipDrawClosedCurveI
GdipDrawClosedCurve
GdipDrawCurve3I
GdipDrawCurve3
GdipDrawCurve2I
GdipDrawCurve2
GdipDrawCurveI
GdipDrawCurve
GdipDrawPath
GdipDrawPolygonI
GdipDrawPolygon
GdipDrawPieI
GdipDrawPie
GdipDrawEllipseI
GdipDrawEllipse
GdipDrawRectanglesI
GdipDrawRectangles
GdipDrawRectangleI
GdipDrawRectangle
GdipDrawBeziersI
GdipDrawBeziers
GdipDrawBezierI
GdipDrawBezier
GdipDrawArcI
GdipDrawArc
GdipDrawLinesI
GdipDrawLines
GdipDrawLineI
GdipDrawLine
GdipCreateHalftonePalette
GdipGetNearestColor
GdipTransformPointsI
GdipTransformPoints
GdipGetDpiY
GdipGetDpiX
GdipSetPageScale
GdipSetPageUnit
GdipGetPageScale
GdipGetPageUnit
GdipGetWorldTransform
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipMultiplyWorldTransform
GdipResetWorldTransform
GdipSetWorldTransform
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipGetTextContrast
GdipSetTextContrast
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipGetPixelOffsetMode
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGetCompositingQuality
GdipSetCompositingQuality
GdipGetRenderingOrigin
GdipSetRenderingOrigin
GdipGetCompositingMode
GdipSetCompositingMode
GdipReleaseDC
GdipGetDC
GdipDeleteGraphics
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipCreateFromHDC2
GdipCreateFromHDC
GdipFlush
GdipBitmapSetResolution
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipCloneBitmapArea
GdipCreateBitmapFromResource
GdipCreateHICONFromBitmap
GdipCreateBitmapFromHICON
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipSetPropertyItem
GdipRemovePropertyItem
GdipGetAllPropertyItems
GdipGetPropertySize
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertyIdList
GdipGetPropertyCount
GdipGetImagePaletteSize
GdipSetImagePalette
GdipGetImagePalette
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetImageThumbnail
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageFlags
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageType
GdipGetImageDimension
GdipGetImageBounds
GdipGetImageGraphicsContext
GdipSaveAddImage
GdipSaveAdd
GdipSaveImageToStream
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFileICM
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipGetCustomLineCapWidthScale
GdipSetCustomLineCapWidthScale
GdipGetCustomLineCapBaseInset
GdipSetCustomLineCapBaseInset
GdipGetCustomLineCapBaseCap
GdipSetCustomLineCapBaseCap
GdipGetCustomLineCapStrokeJoin
GdipSetCustomLineCapStrokeJoin
GdipGetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeCaps
GdipCloneCustomLineCap
GdipDeleteCustomLineCap
GdipCreateCustomLineCap
GdipGetPenCompoundArray
GdipSetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenDashArray
GdipSetPenDashArray
GdipGetPenDashCount
GdipSetPenDashOffset
GdipGetPenDashOffset
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipGetPenFillType
GdipGetPenBrushFill
GdipSetPenBrushFill
GdipGetPenColor
GdipSetPenColor
GdipRotatePenTransform
GdipScalePenTransform
GdipTranslatePenTransform
GdipMultiplyPenTransform
GdipResetPenTransform
GdipGetPenTransform
GdipSetPenTransform
GdipGetPenMode
GdipSetPenMode
GdipGetPenMiterLimit
GdipSetPenMiterLimit
GdipGetPenCustomEndCap
GdipSetPenCustomEndCap
GdipGetPenCustomStartCap
GdipSetPenCustomStartCap
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineCap197819
GdipGetPenWidth
GdipSetPenWidth
GdipDeletePen
GdipClonePen
GdipCreatePen2
GdipCreatePen1
GdipSetPathGradientFocusScales
GdipGetPathGradientFocusScales
GdipRotatePathGradientTransform
GdipScalePathGradientTransform
GdipTranslatePathGradientTransform
GdipMultiplyPathGradientTransform
GdipResetPathGradientTransform
GdipSetPathGradientTransform
GdipGetPathGradientTransform
GdipSetPathGradientWrapMode
GdipGetPathGradientWrapMode
GdipSetPathGradientLinearBlend
GdipSetPathGradientSigmaBlend
GdipSetPathGradientPresetBlend
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipSetPathGradientBlend
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientGammaCorrection
GdipSetPathGradientGammaCorrection
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientPointCount
GdipGetPathGradientRectI
GdipGetPathGradientRect
GdipSetPathGradientCenterPointI
GdipSetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientCenterPoint
GdipSetPathGradientPath
GdipGetPathGradientPath
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipGetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathGradient
GdipRotateLineTransform
GdipScaleLineTransform
GdipTranslateLineTransform
GdipMultiplyLineTransform
GdipResetLineTransform
GdipSetLineTransform
GdipGetLineTransform
GdipGetLineWrapMode
GdipSetLineWrapMode
GdipSetLineLinearBlend
GdipSetLineSigmaBlend
GdipSetLinePresetBlend
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipSetLineBlend
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineGammaCorrection
GdipSetLineGammaCorrection
GdipGetLineRectI
GdipGetLineRect
GdipGetLineColors
GdipSetLineColors
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRect
GdipCreateLineBrushI
GdipCreateLineBrush
GdipGetSolidFillColor
GdipSetSolidFillColor
GdipCreateSolidFill
GdipGetTextureImage
GdipGetTextureWrapMode
GdipSetTextureWrapMode
GdipRotateTextureTransform
GdipScaleTextureTransform
GdipTranslateTextureTransform
GdipMultiplyTextureTransform
GdipResetTextureTransform
GdipSetTextureTransform
GdipGetTextureTransform
GdipCreateTextureIAI
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTexture2
GdipCreateTexture
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipCreateHatchBrush
GdipGetBrushType
GdipDeleteBrush
GdipCloneBrush
GdipGetRegionScansI
GdipGetRegionScans
GdipGetRegionScansCount
GdipIsVisibleRegionRectI
GdipIsVisibleRegionRect
GdipIsVisibleRegionPointI
GdipIsVisibleRegionPoint
GdipGetRegionData
GdipGetRegionDataSize
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsEmptyRegion
GdipGetRegionHRgn
GdipGetRegionBoundsI
GdipGetRegionBounds
GdipTransformRegion
GdipTranslateRegionI
GdipTranslateRegion
GdipCombineRegionRegion
GdipCombineRegionPath
GdipCombineRegionRectI
GdipCombineRegionRect
GdipSetEmpty
GdipSetInfinite
GdipDeleteRegion
GdipCloneRegion
GdipCreateRegionHrgn
GdipCreateRegionRgnData
GdipCreateRegionPath
GdipCreateRegionRectI
GdipCreateRegionRect
GdipCreateRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipGetMatrixElements
GdipVectorTransformMatrixPointsI
GdipVectorTransformMatrixPoints
GdipTransformMatrixPointsI
GdipTransformMatrixPoints
GdipInvertMatrix
GdipShearMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipTranslateMatrix
GdipMultiplyMatrix
GdipSetMatrixElements
GdipDeleteMatrix
GdipCloneMatrix
GdipCreateMatrix3I
GdipCreateMatrix3
GdipCreateMatrix2
GdipCreateMatrix
GdipIsOutlineVisiblePathPointI
GdipIsOutlineVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePathPoint
GdipGetPathWorldBoundsI
GdipGetPathWorldBounds
GdipTransformPath
GdipWarpPath
GdipWidenPath
GdipWindingModeOutline
GdipFlattenPath
GdipAddPathPolygonI
GdipAddPathPieI
GdipAddPathEllipseI
GdipAddPathRectanglesI
GdipAddPathRectangleI
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve3I
GdipAddPathCurve2I
GdipAddPathCurveI
GdipAddPathBeziersI
GdipAddPathBezierI
GdipAddPathArcI
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathStringI
GdipAddPathString
GdipAddPathPath
GdipAddPathPolygon
GdipAddPathPie
GdipAddPathEllipse
GdipAddPathRectangles
GdipAddPathRectangle
GdipAddPathClosedCurve2
GdipAddPathClosedCurve
GdipAddPathCurve3
GdipAddPathCurve2
GdipAddPathCurve
GdipAddPathBeziers
GdipAddPathBezier
GdipAddPathArc

Exports

Exports

pdfGetInfoW
pdfMakeImage
pdfMakeImageW
pdfMakeJPEG
pdfPrint
pdfPrintW
wpdfCheckViewer
wpdfSetLicense
wpdfSetViewer

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 280KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
��⬠�/Resources/StarBurn.dll
.dll windows:6 windows x86 arch:x86

ea720829252e09062268736bb8fda232

Code Sign

40:24:03:d6:91:0d:de:6e:b5:11:98:26:2d:2c:6f:9d
Certificate

Issuer

CN=Duplex Secure Root CA

Not Before

27/06/2004, 21:00

Not After

27/06/2009, 20:59

Subject

CN=Duplex Secure Timestamping Services,OU=Class A

Extended Key Usages

ExtKeyUsageTimeStamping

27:43:ed:1b:c8:d8:dc:b3:49:fb:ad:2b:57:34:62:ac
Certificate

Issuer

CN=Duplex Secure Root CA

Not Before

31/01/2007, 22:00

Not After

31/01/2012, 21:59

Subject

CN=Rocket Division Code Signing Services,OU=Class A

Extended Key Usages

ExtKeyUsageCodeSigning

3b:81:e8:3c:d1:93:5c:9d:4d:64:2f:2c:13:14:b7:6b
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

27/06/2004, 21:00

Not After

27/06/2011, 20:59

Subject

CN=Duplex Secure Root CA

3b:81:e8:3c:d1:93:5c:9d:4d:64:2f:2c:13:14:b7:6b
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

27/06/2004, 21:00

Not After

27/06/2011, 20:59

Subject

CN=Duplex Secure Root CA

08:86:b0:c2:2a:d1:13:97:40:dc:d1:c5:78:3a:43:be
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

27/06/2004, 21:00

Not After

31/12/2039, 23:59

Subject

CN=Generic Root Trust CA

53:a6:bf:9a:93:27:11:f6:e4:d0:38:56:70:9e:a4:dd:53:18:62:16
Signer

Actual PE Digest

53:a6:bf:9a:93:27:11:f6:e4:d0:38:56:70:9e:a4:dd:53:18:62:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\starburn\Bin\Dynamic\Debug\i386\StarBurn.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_wcsupr
_errno
__CxxFrameHandler
_statusfp
_clearfp
_controlfp
_strnicmp
fwrite
fread
ferror
feof
_iob
vfprintf
_strerror
fseek
ftell
_stricmp
calloc
_wcsicmp
_purecall
printf
ctime
swprintf
memcpy
free
malloc
srand
rand
time
localtime
toupper
_splitpath
_CxxThrowException
_snprintf
wcsncpy
??2@YAPAXI@Z
sprintf
memmove
fopen
fprintf
wcsstr
_wfopen
fflush
fclose
strncmp
strncpy
_strupr
strstr
??3@YAXPAX@Z
memset
vsprintf

kernel32

GlobalFree
GlobalAlloc
FindFirstFileW
IsBadWritePtr
CloseHandle
GetFileSize
GetLastError
CreateFileA
IsBadReadPtr
IsBadCodePtr
FindNextFileW
InterlockedDecrement
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
GetFileAttributesA
CreateThread
GetTickCount
FlushFileBuffers
InterlockedIncrement
ResetEvent
WaitForSingleObject
CreateEventA
FindFirstFileA
FindClose
FindNextFileA
CreateFileW
GetCurrentProcess
DuplicateHandle
SetEvent
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetProcAddress
GetLogicalDrives
DeviceIoControl
QueryDosDeviceA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeZoneInformation
DeleteFileA
WriteFile
GetModuleHandleA
GetModuleFileNameA
GetFullPathNameA
ReadFile
SetFilePointer
VirtualAlloc
VirtualFree
MultiByteToWideChar
GetSystemTime
SystemTimeToFileTime
WideCharToMultiByte
FreeLibrary
Sleep
CreatePipe
GetVersionExA
OutputDebugStringA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

user32

GetProcessWindowStation
GetUserObjectInformationA
MessageBoxA
wsprintfW

ole32

CoUninitialize
CoInitialize

Exports

Exports

A0DB34FC6FE35D429A28ADDE5467D4D7
StarBurn_CdvdBurnerGrabber_AuthorizeDVD
StarBurn_CdvdBurnerGrabber_Blank
StarBurn_CdvdBurnerGrabber_BluRayFormat
StarBurn_CdvdBurnerGrabber_BluRayFormatQuery
StarBurn_CdvdBurnerGrabber_Cancel
StarBurn_CdvdBurnerGrabber_CloseSession
StarBurn_CdvdBurnerGrabber_Create
StarBurn_CdvdBurnerGrabber_CreateEx
StarBurn_CdvdBurnerGrabber_CreateExEx
StarBurn_CdvdBurnerGrabber_DisableHardwareErrorCorrection
StarBurn_CdvdBurnerGrabber_DiscAtOncePQFromFile
StarBurn_CdvdBurnerGrabber_DiscAtOncePQFromTree
StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromFile
StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromFileAudioUnicode
StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromTree
StarBurn_CdvdBurnerGrabber_DiscBasicInformation_Create
StarBurn_CdvdBurnerGrabber_DiscBasicInformation_Destroy
StarBurn_CdvdBurnerGrabber_Eject
StarBurn_CdvdBurnerGrabber_ExecuteGeneric
StarBurn_CdvdBurnerGrabber_GetAdvancedSupportedMediaFormats
StarBurn_CdvdBurnerGrabber_GetBUP
StarBurn_CdvdBurnerGrabber_GetDVDProtectionSystem
StarBurn_CdvdBurnerGrabber_GetDVDRegionMask
StarBurn_CdvdBurnerGrabber_GetDeviceInformation
StarBurn_CdvdBurnerGrabber_GetDiscFileSystem
StarBurn_CdvdBurnerGrabber_GetDiscFreeSpace
StarBurn_CdvdBurnerGrabber_GetDiscInformation
StarBurn_CdvdBurnerGrabber_GetDiscUsedSpace
StarBurn_CdvdBurnerGrabber_GetInsertedDiscType
StarBurn_CdvdBurnerGrabber_GetLastAddress
StarBurn_CdvdBurnerGrabber_GetLastTrack
StarBurn_CdvdBurnerGrabber_GetMechanicalOptions
StarBurn_CdvdBurnerGrabber_GetMediaTrayStatus
StarBurn_CdvdBurnerGrabber_GetNumberOfSystemDescriptors
StarBurn_CdvdBurnerGrabber_GetRPC
StarBurn_CdvdBurnerGrabber_GetSpeeds
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormats
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormatsEx
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormatsExEx
StarBurn_CdvdBurnerGrabber_GetTOCInformation
StarBurn_CdvdBurnerGrabber_GetTrackInformation
StarBurn_CdvdBurnerGrabber_GetTrackInformationEx
StarBurn_CdvdBurnerGrabber_GrabCD
StarBurn_CdvdBurnerGrabber_GrabDVD
StarBurn_CdvdBurnerGrabber_GrabRange
StarBurn_CdvdBurnerGrabber_GrabTrack
StarBurn_CdvdBurnerGrabber_IsDiscBlank
StarBurn_CdvdBurnerGrabber_Load
StarBurn_CdvdBurnerGrabber_LoadEx
StarBurn_CdvdBurnerGrabber_Lock
StarBurn_CdvdBurnerGrabber_MSFToLBA
StarBurn_CdvdBurnerGrabber_ProbeSupportedReadModes
StarBurn_CdvdBurnerGrabber_ProbeSupportedWriteModes
StarBurn_CdvdBurnerGrabber_Read
StarBurn_CdvdBurnerGrabber_Read10
StarBurn_CdvdBurnerGrabber_ReadATIP
StarBurn_CdvdBurnerGrabber_ReadCD
StarBurn_CdvdBurnerGrabber_ReadCooked
StarBurn_CdvdBurnerGrabber_ReadEx
StarBurn_CdvdBurnerGrabber_ReadLB
StarBurn_CdvdBurnerGrabber_ReadRaw
StarBurn_CdvdBurnerGrabber_Release
StarBurn_CdvdBurnerGrabber_RestoreReadErrorRecovery
StarBurn_CdvdBurnerGrabber_SendOPC
StarBurn_CdvdBurnerGrabber_SessionAtOnce
StarBurn_CdvdBurnerGrabber_SessionAtOnceRawRawPW
StarBurn_CdvdBurnerGrabber_SessionAtOnceRawRawPWEx
StarBurn_CdvdBurnerGrabber_SetBUP
StarBurn_CdvdBurnerGrabber_SetCDTextItem
StarBurn_CdvdBurnerGrabber_SetReadSpeed
StarBurn_CdvdBurnerGrabber_SetSpeeds
StarBurn_CdvdBurnerGrabber_StopPlayScan
StarBurn_CdvdBurnerGrabber_SuperVideoCD
StarBurn_CdvdBurnerGrabber_SuperVideoCDEx
StarBurn_CdvdBurnerGrabber_SuperVideoCDExEx
StarBurn_CdvdBurnerGrabber_TestUnitReady
StarBurn_CdvdBurnerGrabber_TestUnitReadyEx
StarBurn_CdvdBurnerGrabber_TestUnitReadyExEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromFile
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromFileAudioUnicode
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromFileAudioUnicodeEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromFileEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromMemory
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromMemoryEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromPipe
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromPipeEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromTree
StarBurn_CdvdBurnerGrabber_VerifyFile
StarBurn_CdvdBurnerGrabber_VerifyTree
StarBurn_CdvdBurnerGrabber_VerifyTreeEx
StarBurn_CdvdBurnerGrabber_VideoCD
StarBurn_CdvdBurnerGrabber_VideoCDEx
StarBurn_CdvdBurnerGrabber_VideoCDExEx
StarBurn_CorrectISO9660Name_Default
StarBurn_CorrectJolietName_Default
StarBurn_CreatePipe
StarBurn_DVDVideo_Create
StarBurn_DVDVideo_Destroy
StarBurn_DVDVideo_GetSizeInUCHARs
StarBurn_DVDVideo_GetTreePointer
StarBurn_DVDVideo_Read
StarBurn_DVDVideo_SeekToBegin
StarBurn_Destroy
StarBurn_DestroyPipe
StarBurn_DownShut
StarBurn_ExpandCookedWithRawRawPW
StarBurn_ExpandRawPQWithRawRawPW
StarBurn_ExpandRawWithRawRawPW
StarBurn_FileClose
StarBurn_FileCreate
StarBurn_FileInitialize
StarBurn_FileOpen
StarBurn_FileOpenEx
StarBurn_FileReWind
StarBurn_FileRead
StarBurn_FileSeek
StarBurn_FileSeekRead
StarBurn_FileSizeInUCHARsGet
StarBurn_FileUnicodeCreate
StarBurn_FileUnicodeOpen
StarBurn_FileUnicodeOpenEx
StarBurn_FileWrite
StarBurn_FindDevice
StarBurn_GetAudioFileStreamSizeInUCHARs
StarBurn_GetBufferUnderrunTimeOutInMs
StarBurn_GetDVDPLUSRDLCompatibleMode
StarBurn_GetDVDPadding
StarBurn_GetDeviceLetter
StarBurn_GetDeviceNameByDeviceAddress
StarBurn_GetDeviceTimeOutByDeviceAddress
StarBurn_GetEjectAfterFail
StarBurn_GetFastReadTOC
StarBurn_GetFastReadTOCLastTrack
StarBurn_GetId
StarBurn_GetIs64KBIO
StarBurn_GetIsCollisionDetectionDisabled
StarBurn_GetIsSafeGrabbingEnabled
StarBurn_GetVersion
StarBurn_GetVolumeIDs
StarBurn_ISO9660JolietFileTree_Add
StarBurn_ISO9660JolietFileTree_AddEx
StarBurn_ISO9660JolietFileTree_AddMemory
StarBurn_ISO9660JolietFileTree_AddPascalStream
StarBurn_ISO9660JolietFileTree_AddW
StarBurn_ISO9660JolietFileTree_BuildImage
StarBurn_ISO9660JolietFileTree_BuildImageEx
StarBurn_ISO9660JolietFileTree_Cancel
StarBurn_ISO9660JolietFileTree_Create
StarBurn_ISO9660JolietFileTree_GetAttributes
StarBurn_ISO9660JolietFileTree_GetFileSizeInUCHARs
StarBurn_ISO9660JolietFileTree_GetFirstKid
StarBurn_ISO9660JolietFileTree_GetFullPath
StarBurn_ISO9660JolietFileTree_GetLevel
StarBurn_ISO9660JolietFileTree_GetNames
StarBurn_ISO9660JolietFileTree_GetNamesEx
StarBurn_ISO9660JolietFileTree_GetNamesW
StarBurn_ISO9660JolietFileTree_GetNextKid
StarBurn_ISO9660JolietFileTree_GetNodeISO9660DateTime
StarBurn_ISO9660JolietFileTree_GetNodePowerInUCHARs
StarBurn_ISO9660JolietFileTree_GetNodeStartingLBA
StarBurn_ISO9660JolietFileTree_GetNodeSystemTime
StarBurn_ISO9660JolietFileTree_GetParent
StarBurn_ISO9660JolietFileTree_GetRoot
StarBurn_ISO9660JolietFileTree_GetSizeInUCHARs
StarBurn_ISO9660JolietFileTree_ImportFile
StarBurn_ISO9660JolietFileTree_ImportTrack
StarBurn_ISO9660JolietFileTree_Read
StarBurn_ISO9660JolietFileTree_Remove
StarBurn_ISO9660JolietFileTree_SeekToBegin
StarBurn_ISO9660JolietFileTree_SetAttributes
StarBurn_ISO9660JolietFileTree_SetBootImage
StarBurn_ISO9660JolietFileTree_SetBootImageEx
StarBurn_ISO9660JolietFileTree_SetCallbackContext
StarBurn_ISO9660JolietFileTree_SetNames
StarBurn_IsAudioFileSupported
StarBurn_Memory_Allocate
StarBurn_Memory_Free
StarBurn_MutilateExceptionNumber
StarBurn_SPTD_GetVersion
StarBurn_SetBufferUnderrunTimeOutInMs
StarBurn_SetDVDPLUSRDLCompatibleMode
StarBurn_SetDVDPadding
StarBurn_SetDeviceTimeOutByDeviceAddress
StarBurn_SetEjectAfterFail
StarBurn_SetFastReadTOC
StarBurn_SetFastReadTOCLastTrack
StarBurn_SetIs64KBIO
StarBurn_SetIsCollisionDetectionDisabled
StarBurn_SetIsSafeGrabbingEnabled
StarBurn_StarPort_DeviceAddLocal
StarBurn_StarPort_DeviceAddLocalEx
StarBurn_StarPort_DeviceAddRemote
StarBurn_StarPort_DeviceAddRemoteEx
StarBurn_StarPort_DeviceListQueryLocal
StarBurn_StarPort_DeviceListQueryRemote
StarBurn_StarPort_DeviceRemove
StarBurn_StarPort_GetDeviceInformation
StarBurn_StarPort_GetDeviceLetter
StarBurn_StarPort_GetDeviceSCSIAddress
StarBurn_StarPort_GetVersion
StarBurn_StarWave2_EncodeMP3OGGFromWAV
StarBurn_StarWave_CompressedFileReaderObjectBeginSeek
StarBurn_StarWave_CompressedFileReaderObjectCreate
StarBurn_StarWave_CompressedFileReaderObjectDestroy
StarBurn_StarWave_CompressedFileReaderObjectRead
StarBurn_StarWave_CompressedFileReaderObjectUncompressedSizeGet
StarBurn_StarWave_CompressedFileReaderObjectUnicodeCreate
StarBurn_StarWave_CompressedFileRecompress
StarBurn_StarWave_CompressedFileSupportedIs
StarBurn_StarWave_CompressedFileUncompress
StarBurn_StarWave_CompressedFileWriterObjectCreate
StarBurn_StarWave_CompressedFileWriterObjectDestroy
StarBurn_StarWave_CompressedFileWriterObjectWrite
StarBurn_StarWave_UncompressedFileCompress
StarBurn_StarWave_UncompressedFileSupportedIs
StarBurn_StarWave_UncompressedFileSupportedUnicodeIs
StarBurn_StarWave_VersionGet
StarBurn_UDF2_DirectoryCreate
StarBurn_UDF2_DirectoryDestroy
StarBurn_UDF2_DirectoryProcess
StarBurn_UDF2_DirectoryProcessEx
StarBurn_UDF2_DirectoryRootCreate
StarBurn_UDF2_DirectoryUnicodeCreate
StarBurn_UDF2_DirectoryUnicodeProcess
StarBurn_UDF2_DirectoryUnicodeProcessEx
StarBurn_UDF2_FileCreate
StarBurn_UDF2_FileDestroy
StarBurn_UDF2_FileDirectoryDateTimeGet
StarBurn_UDF2_FileDirectoryDateTimeSet
StarBurn_UDF2_FileMemoryCreate
StarBurn_UDF2_FileMemoryUnicodeCreate
StarBurn_UDF2_FileUnicodeCreate
StarBurn_UDF2_ISO9660FileTreeCreate
StarBurn_UDF2_ImpVolumeCreate
StarBurn_UDF2_ImpVolumeDestroy
StarBurn_UDF2_ImpVolumeImport
StarBurn_UDF2_VolumeAnchorGet
StarBurn_UDF2_VolumeCreate
StarBurn_UDF2_VolumeDestroy
StarBurn_UDF2_VolumeSeekRead
StarBurn_UDF2_VolumeSizeInUCHARsGet
StarBurn_UDF2_VolumeStore
StarBurn_UDF2_VolumeUnicodeCreate
StarBurn_UDF_Add
StarBurn_UDF_CleanUp
StarBurn_UDF_Create
StarBurn_UDF_CreateEx
StarBurn_UDF_Destroy
StarBurn_UDF_DestroyNodeAndKids
StarBurn_UDF_FormatTreeItemAsDirectory
StarBurn_UDF_FormatTreeItemAsFile
StarBurn_UDF_GetFirstChild
StarBurn_UDF_GetNextSibling
StarBurn_UDF_GetNodeObject
StarBurn_UDF_GetParent
StarBurn_UpStart
StarBurn_UpStartEx

Sections

.text
Size: 700KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/Resources/magic_cmp.dll
.dll windows:4 windows x86 arch:x86

71fc45db7a81ce236f432a828a4e8fcd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocString
VariantClear
VariantCopy
SysFreeString
SysAllocStringByteLen

user32

CharLowerW
CharUpperA
CharNextA
CharPrevExA
CharUpperW
CharLowerA

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
strcmp
realloc
memcmp
_purecall
strlen
free
malloc
memmove
_CxxThrowException
memcpy
__CxxFrameHandler

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetModuleHandleA
GetProcAddress
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
CreateFileA

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 654KB - Virtual size: 654KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/Resources/magic_jbig.exe
.exe windows:5 windows x86 arch:x86

d12209f9fb21829c6b138e300a2e7cae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

S:\S\WPJbig\jbig2dec\jbig2dec\Debug\jbig2dec.pdb

Imports

msvcr100d

__setusermatherr
_commode
_fmode
__set_app_type
_amsg_exit
__getmainargs
_exit
_XcptFilter
_cexit
__initenv
_CrtSetCheckCount
_CrtDbgReportW
_configthreadlocale
_initterm_e
_crt_debugger_hook
?terminate@@YAXXZ
_controlfp_s
_invoke_watson
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_vsnprintf
fwrite
isdigit
fgetc
sscanf
feof
memset
exit
fclose
strrchr
fread
fopen
_snprintf
atoi
realloc
strncpy
fflush
_strdup
malloc
free
memcmp
memmove
memcpy
getenv
strcmp
fprintf
__iob_func
strlen
_initterm
strncmp

kernel32

FreeLibrary
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryW
GetProcAddress
lstrlenA
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
EncodePointer
VirtualQuery

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/Resources/msvcr100d.dll
.dll windows:5 windows x86 arch:x86

0dc7b0e0b0a7b26ca080f7c56e8c0b34

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

33:f2:82:a0:bd:59:45:d7:87:18:ae:eb:e4:51:cb:22:3b:b9:e5:81
Signer

Actual PE Digest

33:f2:82:a0:bd:59:45:d7:87:18:ae:eb:e4:51:cb:22:3b:b9:e5:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr100d.i386.pdb

Imports

kernel32

EncodePointer
DecodePointer
RaiseException
GetModuleFileNameA
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetCurrentThreadId
TlsGetValue
GetCommandLineW
GetCommandLineA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResumeThread
GetLastError
CreateThread
ExitThread
CloseHandle
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
FindNextFileA
FindFirstFileExA
FindClose
FindNextFileW
FindFirstFileExW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Sleep
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameA
GetDriveTypeW
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
GetDriveTypeA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
InterlockedPopEntrySList
InterlockedFlushSList
InterlockedPushEntrySList
QueryDepthSList
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateEventW
SetEvent
SwitchToThread
SignalObjectAndWait
TryEnterCriticalSection
GetProcessAffinityMask
SetThreadAffinityMask
VirtualAlloc
SetThreadPriority
GetVersionExW
GetSystemInfo
GetTickCount
VirtualProtect
VirtualFree
InitializeSListHead
CreateSemaphoreW
WaitForMultipleObjects
ReleaseSemaphore
GetThreadPriority
LoadLibraryW
SleepEx
OutputDebugStringW
DebugBreak
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
MultiByteToWideChar
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeFormatW
GetDateFormatW
RtlUnwind
HeapCreate
HeapDestroy
HeapFree
HeapValidate
HeapCompact
HeapWalk
HeapAlloc
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoW
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
CreateFileW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreatePipe
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleW
ReadConsoleW
SetEndOfFile
GetProcessHeap
InterlockedExchange
LockFile
UnlockFile
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsBadReadPtr
SetConsoleCtrlHandler
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
OutputDebugStringA
LCMapStringW
CompareStringW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
IsProcessorFeaturePresent
HeapReAlloc
HeapSize
HeapQueryInformation

Exports

Exports

$I10_OUTPUT
??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QAA@IZZ
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z
??0SchedulerPolicy@Concurrency@@QAE@XZ
??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_ReaderWriterLock@details@Concurrency@@QAE@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_ReentrantLock@details@Concurrency@@QAE@XZ
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
??0_TaskCollection@details@Concurrency@@QAE@XZ
??0_Timer@details@Concurrency@@IAE@I_N@Z
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_cast@std@@AAE@PBQBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@XZ
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@XZ
??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z
??0context_unblock_unbalanced@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
??0default_scheduler_exists@Concurrency@@QAE@PBD@Z
??0default_scheduler_exists@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??0improper_lock@Concurrency@@QAE@PBD@Z
??0improper_lock@Concurrency@@QAE@XZ
??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_attach@Concurrency@@QAE@XZ
??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_detach@Concurrency@@QAE@XZ
??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z
??0improper_scheduler_reference@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0invalid_link_target@Concurrency@@QAE@XZ
??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z
??0invalid_multiple_scheduling@Concurrency@@QAE@XZ
??0invalid_operation@Concurrency@@QAE@PBD@Z
??0invalid_operation@Concurrency@@QAE@XZ
??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
??0missing_wait@Concurrency@@QAE@PBD@Z
??0missing_wait@Concurrency@@QAE@XZ
??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ
??0operation_timed_out@Concurrency@@QAE@PBD@Z
??0operation_timed_out@Concurrency@@QAE@XZ
??0reader_writer_lock@Concurrency@@QAE@XZ
??0scheduler_not_attached@Concurrency@@QAE@PBD@Z
??0scheduler_not_attached@Concurrency@@QAE@XZ
??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0task_canceled@details@Concurrency@@QAE@PBD@Z
??0task_canceled@details@Concurrency@@QAE@XZ
??0unsupported_os@Concurrency@@QAE@PBD@Z
??0unsupported_os@Concurrency@@QAE@XZ
??1SchedulerPolicy@Concurrency@@QAE@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??1_TaskCollection@details@Concurrency@@QAE@XZ
??1_Timer@details@Concurrency@@IAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
??1exception@std@@UAE@XZ
??1reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z
??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?Alloc@Concurrency@@YAPAXI@Z
?Block@Context@Concurrency@@SAXXZ
?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPAX@Z
?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?Log2@details@Concurrency@@YAKI@Z
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_ConcRT_Assert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_DumpMessage@details@Concurrency@@YAXPB_WZZ
?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ
?_Copy_str@exception@std@@AAEXPBD@Z
?_CrtDbgReportW@@YAHHPBGH00ZZ
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IAEXXZ
?_Stop@_Timer@details@Concurrency@@IAEXXZ
?_Tidy@exception@std@@AAEXXZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?commonFlags@?1??_control87@@9@9
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ
?lock@critical_section@Concurrency@@QAEXXZ
?lock@reader_writer_lock@Concurrency@@QAEXXZ
?lock_read@reader_writer_lock@Concurrency@@QAEXXZ
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?native_handle@critical_section@Concurrency@@QAEAAV12@XZ
?raw_name@type_info@@QBEPBDXZ
?reset@event@Concurrency@@QAEXXZ
?set@event@Concurrency@@QAEXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ
?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ
?unexpected@@YAXXZ
?unlock@critical_section@Concurrency@@QAEXXZ
?unlock@reader_writer_lock@Concurrency@@QAEXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?wait@Concurrency@@YAXI@Z
?wait@event@Concurrency@@QAEII@Z
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CrtCheckMemory
_CrtDbgBreak
_CrtDbgReport
_CrtDbgReportW
_CrtDoForAllClientObjects
_CrtDumpMemoryLeaks
_CrtGetAllocHook
_CrtGetCheckCount
_CrtGetDumpClient
_CrtGetReportHook
_CrtIsMemoryBlock
_CrtIsValidHeapPointer
_CrtIsValidPointer
_CrtMemCheckpoint
_CrtMemDifference
_CrtMemDumpAllObjectsSince
_CrtMemDumpStatistics
_CrtReportBlockType
_CrtSetAllocHook
_CrtSetBreakAlloc
_CrtSetCheckCount
_CrtSetDbgBlockType
_CrtSetDbgFlag
_CrtSetDebugFillThreshold
_CrtSetDumpClient
_CrtSetReportFile
_CrtSetReportHook
_CrtSetReportHook2
_CrtSetReportHookW2
_CrtSetReportMode
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_VCrtDbgReportA
_VCrtDbgReportW
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__crtAssertBusy
__p__crtBreakAlloc
__p__crtDbgFlag
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_aligned_free
_aligned_free_dbg
_aligned_malloc
_aligned_malloc_dbg
_aligned_msize
_aligned_msize_dbg
_aligned_offset_malloc
_aligned_offset_malloc_dbg
_aligned_offset_realloc
_aligned_offset_realloc_dbg
_aligned_offset_recalloc
_aligned_offset_recalloc_dbg
_aligned_realloc
_aligned_realloc_dbg
_aligned_recalloc
_aligned_recalloc_dbg
_amsg_exit
_assert

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/Resources/wp_type1ttf.dll
.dll windows:5 windows x86 arch:x86

c417bb79f3b1f3040f76d57a1e05d087

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
RtlUnwind
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
MultiByteToWideChar
ReadFile
SetHandleCount
GetFileType
GetStartupInfoW
SetFilePointer
CloseHandle
Sleep
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringW
SetEnvironmentVariableA
HeapSize
CreateFileA
SetStdHandle
FlushFileBuffers
WriteConsoleW
LCMapStringW
GetStringTypeW
SetEndOfFile
GetProcessHeap
CreateFileW
RaiseException
VirtualQuery

Exports

Exports

FTC_CMapCache_Lookup
FTC_CMapCache_New
FTC_ImageCache_Lookup
FTC_ImageCache_LookupScaler
FTC_ImageCache_New
FTC_Image_Cache_Lookup
FTC_Image_Cache_New
FTC_Manager_Done
FTC_Manager_LookupFace
FTC_Manager_LookupSize
FTC_Manager_Lookup_Face
FTC_Manager_Lookup_Size
FTC_Manager_New
FTC_Manager_RemoveFaceID
FTC_Manager_Reset
FTC_Node_Unref
FTC_SBitCache_Lookup
FTC_SBitCache_LookupScaler
FTC_SBitCache_New
FTC_SBit_Cache_Lookup
FTC_SBit_Cache_New
FT_Activate_Size
FT_Add_Default_Modules
FT_Add_Module
FT_Angle_Diff
FT_Atan2
FT_Attach_File
FT_Attach_Stream
FT_Bitmap_Convert
FT_Bitmap_Copy
FT_Bitmap_Done
FT_Bitmap_Embolden
FT_Bitmap_New
FT_CeilFix
FT_ClassicKern_Free
FT_ClassicKern_Validate
FT_Cos
FT_DivFix
FT_Done_Face
FT_Done_FreeType
FT_Done_Glyph
FT_Done_Library
FT_Done_Size
FT_Face_CheckTrueTypePatents
FT_Face_GetCharVariantIndex
FT_Face_GetCharVariantIsDefault
FT_Face_GetCharsOfVariant
FT_Face_GetVariantSelectors
FT_Face_GetVariantsOfChar
FT_Face_SetUnpatentedHinting
FT_FloorFix
FT_Get_Advance
FT_Get_Advances
FT_Get_CMap_Format
FT_Get_CMap_Language_ID
FT_Get_Char_Index
FT_Get_Charmap_Index
FT_Get_FSType_Flags
FT_Get_First_Char
FT_Get_Gasp
FT_Get_Glyph
FT_Get_Glyph_Name
FT_Get_Kerning
FT_Get_MM_Var
FT_Get_Module
FT_Get_Multi_Master
FT_Get_Name_Index
FT_Get_Next_Char
FT_Get_PFR_Advance
FT_Get_PFR_Kerning
FT_Get_PFR_Metrics
FT_Get_PS_Font_Info
FT_Get_PS_Font_Private
FT_Get_Postscript_Name
FT_Get_Renderer
FT_Get_Sfnt_Name
FT_Get_Sfnt_Name_Count
FT_Get_Sfnt_Table
FT_Get_SubGlyph_Info
FT_Get_Track_Kerning
FT_Get_TrueType_Engine_Type
FT_Get_WinFNT_Header
FT_Get_X11_Font_Format
FT_GlyphSlot_Embolden
FT_GlyphSlot_Oblique
FT_GlyphSlot_Own_Bitmap
FT_Glyph_Copy
FT_Glyph_Get_CBox
FT_Glyph_Stroke
FT_Glyph_StrokeBorder
FT_Glyph_To_Bitmap
FT_Glyph_Transform
FT_Has_PS_Glyph_Names
FT_Init_FreeType
FT_Library_SetLcdFilter
FT_Library_SetLcdFilterWeights
FT_Library_Version
FT_List_Add
FT_List_Finalize
FT_List_Find
FT_List_Insert
FT_List_Iterate
FT_List_Remove
FT_List_Up
FT_Load_Char
FT_Load_Glyph
FT_Load_Sfnt_Table
FT_Matrix_Invert
FT_Matrix_Multiply
FT_MulDiv
FT_New_Face
FT_New_Library
FT_New_Memory_Face
FT_New_Size
FT_OpenType_Free
FT_OpenType_Validate
FT_Open_Face
FT_Outline_Check
FT_Outline_Copy
FT_Outline_Decompose
FT_Outline_Done
FT_Outline_Done_Internal
FT_Outline_Embolden
FT_Outline_GetInsideBorder
FT_Outline_GetOutsideBorder
FT_Outline_Get_BBox
FT_Outline_Get_Bitmap
FT_Outline_Get_CBox
FT_Outline_Get_Orientation
FT_Outline_New
FT_Outline_New_Internal
FT_Outline_Render
FT_Outline_Reverse
FT_Outline_Transform
FT_Outline_Translate
FT_Reference_Face
FT_Reference_Library
FT_Remove_Module
FT_Render_Glyph
FT_Request_Size
FT_RoundFix
FT_Select_Charmap
FT_Select_Size
FT_Set_Char_Size
FT_Set_Charmap
FT_Set_Debug_Hook
FT_Set_MM_Blend_Coordinates
FT_Set_MM_Design_Coordinates
FT_Set_Pixel_Sizes
FT_Set_Renderer
FT_Set_Transform
FT_Set_Var_Blend_Coordinates
FT_Set_Var_Design_Coordinates
FT_Sfnt_Table_Info
FT_Sin
FT_Sqrt32
FT_Stream_OpenGzip
FT_Stream_OpenLZW
FT_Stroker_BeginSubPath
FT_Stroker_ConicTo
FT_Stroker_CubicTo
FT_Stroker_Done
FT_Stroker_EndSubPath
FT_Stroker_Export
FT_Stroker_ExportBorder
FT_Stroker_GetBorderCounts
FT_Stroker_GetCounts
FT_Stroker_LineTo
FT_Stroker_New
FT_Stroker_ParseOutline
FT_Stroker_Rewind
FT_Stroker_Set
FT_Tan
FT_TrueTypeGX_Free
FT_TrueTypeGX_Validate
FT_Vector_From_Polar
FT_Vector_Length
FT_Vector_Polarize
FT_Vector_Rotate
FT_Vector_Transform
FT_Vector_Unit
TT_New_Context
TT_RunIns

Sections

.text
Size: 565KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/Settings.ini
��⬠�/media_dll/SDL-2.dll
.dll windows:4 windows x86 arch:x86

d0e13975df147229287ce6fd6cea2383

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

gdi32

BitBlt
ChoosePixelFormat
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreatePalette
DeleteDC
DeleteObject
DescribePixelFormat
GetDIBits
GetDeviceCaps
GetDeviceGammaRamp
GetSystemPaletteEntries
GetSystemPaletteUse
RealizePalette
SelectObject
SelectPalette
SetDIBColorTable
SetDeviceGammaRamp
SetPaletteEntries
SetPixelFormat
SetSystemPaletteUse
SwapBuffers
UnrealizeObject

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetACP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentVariableA
GetLastError
GetLocaleInfoA
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ReleaseMutex
ReleaseSemaphore
SetEnvironmentVariableA
SetErrorMode
SetFilePointer
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TerminateThread
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
_amsg_exit
_beginthreadex
_endthreadex
_errno
_initterm
_iob
_lock
_ltoa
_onexit
_stricmp
_strlwr
_strrev
_ultoa
_unlock
abort
atof
atoi
calloc
fclose
ferror
floor
fprintf
fread
free
frexp
fseek
ftell
fwrite
ldexp
log
malloc
memcmp
memcpy
memmove
memset
qsort
raise
realloc
signal
sscanf
strchr
strcmp
strlen
strncmp
strstr
vfprintf

user32

AdjustWindowRect
AdjustWindowRectEx
BeginPaint
CallWindowProcA
ChangeDisplaySettingsA
ClientToScreen
ClipCursor
CreateCursor
CreateIconFromResourceEx
CreateWindowExA
DefWindowProcA
DestroyCursor
DestroyIcon
DestroyWindow
DispatchMessageA
EndPaint
EnumDisplaySettingsA
GetClassInfoA
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDesktopWindow
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutNameA
GetKeyboardState
GetMenu
GetMessageA
GetParent
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsZoomed
KillTimer
LoadImageA
LoadKeyboardLayoutA
MapVirtualKeyA
MapVirtualKeyExA
MapWindowPoints
MsgWaitForMultipleObjects
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RegisterClassA
ReleaseCapture
ReleaseDC
ScreenToClient
SetCapture
SetClassLongA
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
ToAsciiEx
ToUnicode
TranslateMessage
UnregisterClassA
WindowFromPoint

winmm

joyGetDevCapsA
joyGetNumDevs
joyGetPosEx
mciGetErrorStringA
mciSendCommandA
timeBeginPeriod
timeEndPeriod
timeGetTime
timeKillEvent
timeSetEvent
waveOutClose
waveOutGetErrorTextA
waveOutOpen
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite

Exports

Exports

SDL_AddTimer
SDL_AllocRW
SDL_AudioDriverName
SDL_AudioInit
SDL_AudioQuit
SDL_BuildAudioCVT
SDL_CDClose
SDL_CDEject
SDL_CDName
SDL_CDNumDrives
SDL_CDOpen
SDL_CDPause
SDL_CDPlay
SDL_CDPlayTracks
SDL_CDResume
SDL_CDStatus
SDL_CDStop
SDL_ClearError
SDL_CloseAudio
SDL_CondBroadcast
SDL_CondSignal
SDL_CondWait
SDL_CondWaitTimeout
SDL_ConvertAudio
SDL_ConvertSurface
SDL_CreateCond
SDL_CreateCursor
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_CreateRGBSurfaceFrom
SDL_CreateSemaphore
SDL_CreateThread
SDL_CreateYUVOverlay
SDL_Delay
SDL_DestroyCond
SDL_DestroyMutex
SDL_DestroySemaphore
SDL_DisplayFormat
SDL_DisplayFormatAlpha
SDL_DisplayYUVOverlay
SDL_EnableKeyRepeat
SDL_EnableUNICODE
SDL_Error
SDL_EventState
SDL_FillRect
SDL_Flip
SDL_FreeCursor
SDL_FreeRW
SDL_FreeSurface
SDL_FreeWAV
SDL_FreeYUVOverlay
SDL_GL_GetAttribute
SDL_GL_GetProcAddress
SDL_GL_LoadLibrary
SDL_GL_Lock
SDL_GL_SetAttribute
SDL_GL_SwapBuffers
SDL_GL_Unlock
SDL_GL_UpdateRects
SDL_GetAppState
SDL_GetAudioStatus
SDL_GetClipRect
SDL_GetCursor
SDL_GetError
SDL_GetEventFilter
SDL_GetGammaRamp
SDL_GetKeyName
SDL_GetKeyRepeat
SDL_GetKeyState
SDL_GetModState
SDL_GetMouseState
SDL_GetRGB
SDL_GetRGBA
SDL_GetRelativeMouseState
SDL_GetThreadID
SDL_GetTicks
SDL_GetVideoInfo
SDL_GetVideoSurface
SDL_GetWMInfo
SDL_Has3DNow
SDL_Has3DNowExt
SDL_HasAltiVec
SDL_HasMMX
SDL_HasMMXExt
SDL_HasRDTSC
SDL_HasSSE
SDL_HasSSE2
SDL_Init
SDL_InitSubSystem
SDL_JoystickClose
SDL_JoystickEventState
SDL_JoystickGetAxis
SDL_JoystickGetBall
SDL_JoystickGetButton
SDL_JoystickGetHat
SDL_JoystickIndex
SDL_JoystickName
SDL_JoystickNumAxes
SDL_JoystickNumBalls
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_JoystickOpened
SDL_JoystickUpdate
SDL_KillThread
SDL_Linked_Version
SDL_ListModes
SDL_LoadBMP_RW
SDL_LoadFunction
SDL_LoadObject
SDL_LoadWAV_RW
SDL_LockAudio
SDL_LockSurface
SDL_LockYUVOverlay
SDL_LowerBlit
SDL_MapRGB
SDL_MapRGBA
SDL_MixAudio
SDL_NumJoysticks
SDL_OpenAudio
SDL_PauseAudio
SDL_PeepEvents
SDL_PollEvent
SDL_PumpEvents
SDL_PushEvent
SDL_Quit
SDL_QuitSubSystem
SDL_RWFromConstMem
SDL_RWFromFP
SDL_RWFromFile
SDL_RWFromMem
SDL_ReadBE16
SDL_ReadBE32
SDL_ReadBE64
SDL_ReadLE16
SDL_ReadLE32
SDL_ReadLE64
SDL_RegisterApp
SDL_RemoveTimer
SDL_SaveBMP_RW
SDL_SemPost
SDL_SemTryWait
SDL_SemValue
SDL_SemWait
SDL_SemWaitTimeout
SDL_SetAlpha
SDL_SetClipRect
SDL_SetColorKey
SDL_SetColors
SDL_SetCursor
SDL_SetError
SDL_SetEventFilter
SDL_SetGamma
SDL_SetGammaRamp
SDL_SetModState
SDL_SetModuleHandle
SDL_SetPalette
SDL_SetTimer
SDL_SetVideoMode
SDL_ShowCursor
SDL_SoftStretch
SDL_ThreadID
SDL_UnloadObject
SDL_UnlockAudio
SDL_UnlockSurface
SDL_UnlockYUVOverlay
SDL_UnregisterApp
SDL_UpdateRect
SDL_UpdateRects
SDL_UpperBlit
SDL_VideoDriverName
SDL_VideoInit
SDL_VideoModeOK
SDL_VideoQuit
SDL_WM_GetCaption
SDL_WM_GrabInput
SDL_WM_IconifyWindow
SDL_WM_SetCaption
SDL_WM_SetIcon
SDL_WM_ToggleFullScreen
SDL_WaitEvent
SDL_WaitThread
SDL_WarpMouse
SDL_WasInit
SDL_WriteBE16
SDL_WriteBE32
SDL_WriteBE64
SDL_WriteLE16
SDL_WriteLE32
SDL_WriteLE64
SDL_getenv
SDL_iconv
SDL_iconv_close
SDL_iconv_open
SDL_iconv_string
SDL_lltoa
SDL_mutexP
SDL_mutexV
SDL_putenv
SDL_snprintf
SDL_strdup
SDL_strlcat
SDL_strlcpy
SDL_strtoull
SDL_ulltoa
SDL_vsnprintf

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/media_dll/SDL.dll
.dll windows:4 windows x86 arch:x86

d0e13975df147229287ce6fd6cea2383

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

gdi32

BitBlt
ChoosePixelFormat
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreatePalette
DeleteDC
DeleteObject
DescribePixelFormat
GetDIBits
GetDeviceCaps
GetDeviceGammaRamp
GetSystemPaletteEntries
GetSystemPaletteUse
RealizePalette
SelectObject
SelectPalette
SetDIBColorTable
SetDeviceGammaRamp
SetPaletteEntries
SetPixelFormat
SetSystemPaletteUse
SwapBuffers
UnrealizeObject

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetACP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetEnvironmentVariableA
GetLastError
GetLocaleInfoA
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ReleaseMutex
ReleaseSemaphore
SetEnvironmentVariableA
SetErrorMode
SetFilePointer
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TerminateThread
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
_amsg_exit
_beginthreadex
_endthreadex
_errno
_initterm
_iob
_lock
_ltoa
_onexit
_stricmp
_strlwr
_strrev
_ultoa
_unlock
abort
atof
atoi
calloc
fclose
ferror
floor
fprintf
fread
free
frexp
fseek
ftell
fwrite
ldexp
log
malloc
memcmp
memcpy
memmove
memset
qsort
raise
realloc
signal
sscanf
strchr
strcmp
strlen
strncmp
strstr
vfprintf

user32

AdjustWindowRect
AdjustWindowRectEx
BeginPaint
CallWindowProcA
ChangeDisplaySettingsA
ClientToScreen
ClipCursor
CreateCursor
CreateIconFromResourceEx
CreateWindowExA
DefWindowProcA
DestroyCursor
DestroyIcon
DestroyWindow
DispatchMessageA
EndPaint
EnumDisplaySettingsA
GetClassInfoA
GetClientRect
GetCursor
GetCursorPos
GetDC
GetDesktopWindow
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutNameA
GetKeyboardState
GetMenu
GetMessageA
GetParent
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsZoomed
KillTimer
LoadImageA
LoadKeyboardLayoutA
MapVirtualKeyA
MapVirtualKeyExA
MapWindowPoints
MsgWaitForMultipleObjects
PeekMessageA
PostMessageA
PostQuitMessage
PtInRect
RegisterClassA
ReleaseCapture
ReleaseDC
ScreenToClient
SetCapture
SetClassLongA
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
ToAsciiEx
ToUnicode
TranslateMessage
UnregisterClassA
WindowFromPoint

winmm

joyGetDevCapsA
joyGetNumDevs
joyGetPosEx
mciGetErrorStringA
mciSendCommandA
timeBeginPeriod
timeEndPeriod
timeGetTime
timeKillEvent
timeSetEvent
waveOutClose
waveOutGetErrorTextA
waveOutOpen
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite

Exports

Exports

SDL_AddTimer
SDL_AllocRW
SDL_AudioDriverName
SDL_AudioInit
SDL_AudioQuit
SDL_BuildAudioCVT
SDL_CDClose
SDL_CDEject
SDL_CDName
SDL_CDNumDrives
SDL_CDOpen
SDL_CDPause
SDL_CDPlay
SDL_CDPlayTracks
SDL_CDResume
SDL_CDStatus
SDL_CDStop
SDL_ClearError
SDL_CloseAudio
SDL_CondBroadcast
SDL_CondSignal
SDL_CondWait
SDL_CondWaitTimeout
SDL_ConvertAudio
SDL_ConvertSurface
SDL_CreateCond
SDL_CreateCursor
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_CreateRGBSurfaceFrom
SDL_CreateSemaphore
SDL_CreateThread
SDL_CreateYUVOverlay
SDL_Delay
SDL_DestroyCond
SDL_DestroyMutex
SDL_DestroySemaphore
SDL_DisplayFormat
SDL_DisplayFormatAlpha
SDL_DisplayYUVOverlay
SDL_EnableKeyRepeat
SDL_EnableUNICODE
SDL_Error
SDL_EventState
SDL_FillRect
SDL_Flip
SDL_FreeCursor
SDL_FreeRW
SDL_FreeSurface
SDL_FreeWAV
SDL_FreeYUVOverlay
SDL_GL_GetAttribute
SDL_GL_GetProcAddress
SDL_GL_LoadLibrary
SDL_GL_Lock
SDL_GL_SetAttribute
SDL_GL_SwapBuffers
SDL_GL_Unlock
SDL_GL_UpdateRects
SDL_GetAppState
SDL_GetAudioStatus
SDL_GetClipRect
SDL_GetCursor
SDL_GetError
SDL_GetEventFilter
SDL_GetGammaRamp
SDL_GetKeyName
SDL_GetKeyRepeat
SDL_GetKeyState
SDL_GetModState
SDL_GetMouseState
SDL_GetRGB
SDL_GetRGBA
SDL_GetRelativeMouseState
SDL_GetThreadID
SDL_GetTicks
SDL_GetVideoInfo
SDL_GetVideoSurface
SDL_GetWMInfo
SDL_Has3DNow
SDL_Has3DNowExt
SDL_HasAltiVec
SDL_HasMMX
SDL_HasMMXExt
SDL_HasRDTSC
SDL_HasSSE
SDL_HasSSE2
SDL_Init
SDL_InitSubSystem
SDL_JoystickClose
SDL_JoystickEventState
SDL_JoystickGetAxis
SDL_JoystickGetBall
SDL_JoystickGetButton
SDL_JoystickGetHat
SDL_JoystickIndex
SDL_JoystickName
SDL_JoystickNumAxes
SDL_JoystickNumBalls
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_JoystickOpened
SDL_JoystickUpdate
SDL_KillThread
SDL_Linked_Version
SDL_ListModes
SDL_LoadBMP_RW
SDL_LoadFunction
SDL_LoadObject
SDL_LoadWAV_RW
SDL_LockAudio
SDL_LockSurface
SDL_LockYUVOverlay
SDL_LowerBlit
SDL_MapRGB
SDL_MapRGBA
SDL_MixAudio
SDL_NumJoysticks
SDL_OpenAudio
SDL_PauseAudio
SDL_PeepEvents
SDL_PollEvent
SDL_PumpEvents
SDL_PushEvent
SDL_Quit
SDL_QuitSubSystem
SDL_RWFromConstMem
SDL_RWFromFP
SDL_RWFromFile
SDL_RWFromMem
SDL_ReadBE16
SDL_ReadBE32
SDL_ReadBE64
SDL_ReadLE16
SDL_ReadLE32
SDL_ReadLE64
SDL_RegisterApp
SDL_RemoveTimer
SDL_SaveBMP_RW
SDL_SemPost
SDL_SemTryWait
SDL_SemValue
SDL_SemWait
SDL_SemWaitTimeout
SDL_SetAlpha
SDL_SetClipRect
SDL_SetColorKey
SDL_SetColors
SDL_SetCursor
SDL_SetError
SDL_SetEventFilter
SDL_SetGamma
SDL_SetGammaRamp
SDL_SetModState
SDL_SetModuleHandle
SDL_SetPalette
SDL_SetTimer
SDL_SetVideoMode
SDL_ShowCursor
SDL_SoftStretch
SDL_ThreadID
SDL_UnloadObject
SDL_UnlockAudio
SDL_UnlockSurface
SDL_UnlockYUVOverlay
SDL_UnregisterApp
SDL_UpdateRect
SDL_UpdateRects
SDL_UpperBlit
SDL_VideoDriverName
SDL_VideoInit
SDL_VideoModeOK
SDL_VideoQuit
SDL_WM_GetCaption
SDL_WM_GrabInput
SDL_WM_IconifyWindow
SDL_WM_SetCaption
SDL_WM_SetIcon
SDL_WM_ToggleFullScreen
SDL_WaitEvent
SDL_WaitThread
SDL_WarpMouse
SDL_WasInit
SDL_WriteBE16
SDL_WriteBE32
SDL_WriteBE64
SDL_WriteLE16
SDL_WriteLE32
SDL_WriteLE64
SDL_getenv
SDL_iconv
SDL_iconv_close
SDL_iconv_open
SDL_iconv_string
SDL_lltoa
SDL_mutexP
SDL_mutexV
SDL_putenv
SDL_snprintf
SDL_strdup
SDL_strlcat
SDL_strlcpy
SDL_strtoull
SDL_ulltoa
SDL_vsnprintf

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/media_dll/avcodec-54.dll
.dll windows:4 windows x86 arch:x86

84b34a6f341f5339a02e4e387605288c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ResetEvent
SetEvent
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

_close
_fileno
_strdup
_unlink
_write
__dllonexit
__doserrno
__mb_cur_max
__pioinfo
__setusermatherr
_aligned_free
_aligned_malloc
_amsg_exit
_beginthreadex
_errno
_exit
_filelengthi64
_fileno
_fstati64
_ftime
_initterm
_iob
_lock
_lseeki64
_onexit
_setjmp3
_snwprintf
_stricmp
_strnicmp
isxdigit
localeconv
localtime
log10
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
puts
qsort
raise
rand
realloc
rename
setlocale
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strspn
strstr
strtok
strtol
strtoul
_unlock
_vsnprintf
_write
abort
acos
asin
atan
atoi
bsearch
calloc
exit
fclose
feof
fflush
fgetc
fgetpos
fopen
fprintf
fputc
fread
free
frexp
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
islower
isspace
isupper
tan
time
tolower
toupper
ungetc
vfprintf
vsprintf
wcscpy
wcslen

user32

MessageBoxW

avutil-52

av_asprintf
av_base64_decode
av_base64_encode
av_bprint_chars
av_bprint_clear
av_bprint_finalize
av_bprint_get_buffer
av_bprint_init
av_bprintf
av_calloc
av_crc
av_crc_get_table
av_crc_init
av_ctz
av_d2q
av_default_item_name
av_dict_copy
av_dict_free
av_dict_set
av_div_q
av_evaluate_lls
av_expr_eval
av_expr_free
av_expr_parse
av_fifo_alloc
av_fifo_drain
av_fifo_free
av_fifo_generic_read
av_fifo_generic_write
av_fifo_realloc2
av_fifo_size
av_fifo_space
av_free
av_freep
av_gcd
av_get_bits_per_pixel
av_get_bytes_per_sample
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_cpu_flags
av_get_default_channel_layout
av_get_media_type_string
av_get_padded_bits_per_pixel
av_get_picture_type_char
av_get_pix_fmt_name
av_get_planar_sample_fmt
av_get_sample_fmt_name
av_image_alloc
av_image_check_size
av_image_copy
av_image_copy_plane
av_image_copy_to_buffer
av_image_fill_arrays
av_image_fill_linesizes
av_image_fill_pointers
av_image_get_buffer_size
av_init_lls
av_lfg_init
av_log
av_log_get_level
av_lzo1x_decode
av_malloc
av_mallocz
av_md5_alloc
av_md5_final
av_md5_init
av_md5_update
av_memcpy_backptr
av_mul_q
av_nearer_q
av_opt_free
av_opt_set
av_opt_set_defaults
av_opt_set_defaults2
av_opt_set_dict
av_parse_color
av_pix_fmt_desc_get
av_pix_fmt_get_chroma_sub_sample
av_realloc
av_realloc_f
av_reduce
av_rescale_q
av_rescale_rnd
av_sample_fmt_is_planar
av_samples_copy
av_samples_fill_arrays
av_samples_get_buffer_size
av_samples_set_silence
av_solve_lls
av_strdup
av_stristr
av_strlcat
av_strlcatf
av_strlcpy
av_strncasecmp
av_strtok
av_tempfile
av_timecode_adjust_ntsc_framenum2
av_timecode_init_from_string
av_timecode_make_mpeg_tc_string
av_update_lls
av_vlog
avpriv_cga_font
avpriv_float_dsp_init
avpriv_set_systematic_pal2
avpriv_vga16_font

Exports

Exports

audio_resample
audio_resample_close
av_audio_convert
av_audio_convert_alloc
av_audio_convert_free
av_audio_resample_init
av_bitstream_filter_close
av_bitstream_filter_filter
av_bitstream_filter_init
av_bitstream_filter_next
av_codec_get_codec_descriptor
av_codec_get_pkt_timebase
av_codec_is_decoder
av_codec_is_encoder
av_codec_next
av_codec_set_codec_descriptor
av_codec_set_pkt_timebase
av_copy_packet
av_dct_calc
av_dct_end
av_dct_init
av_destruct_packet
av_dup_packet
av_fast_malloc
av_fast_padded_malloc
av_fast_padded_mallocz
av_fast_realloc
av_fft_calc
av_fft_end
av_fft_init
av_fft_permute
av_frame_get_best_effort_timestamp
av_frame_get_channel_layout
av_frame_get_channels
av_frame_get_decode_error_flags
av_frame_get_metadata
av_frame_get_pkt_duration
av_frame_get_pkt_pos
av_frame_get_pkt_size
av_frame_get_sample_rate
av_frame_set_best_effort_timestamp
av_frame_set_channel_layout
av_frame_set_channels
av_frame_set_decode_error_flags
av_frame_set_metadata
av_frame_set_pkt_duration
av_frame_set_pkt_pos
av_frame_set_pkt_size
av_frame_set_sample_rate
av_free_packet
av_get_audio_frame_duration
av_get_bits_per_sample
av_get_codec_tag_string
av_get_exact_bits_per_sample
av_get_pcm_codec
av_get_profile_name
av_grow_packet
av_hwaccel_next
av_imdct_calc
av_imdct_half
av_init_packet
av_lockmgr_register
av_log_ask_for_sample
av_log_missing_feature
av_mdct_calc
av_mdct_end
av_mdct_init
av_new_packet
av_packet_get_side_data
av_packet_merge_side_data
av_packet_new_side_data
av_packet_shrink_side_data
av_packet_split_side_data
av_parser_change
av_parser_close
av_parser_init
av_parser_next
av_parser_parse2
av_picture_copy
av_picture_crop
av_picture_pad
av_rdft_calc
av_rdft_end
av_rdft_init
av_register_bitstream_filter
av_register_codec_parser
av_register_hwaccel
av_resample
av_resample_close
av_resample_compensate
av_resample_init
av_shrink_packet
av_xiphlacing
avcodec_align_dimensions
avcodec_align_dimensions2
avcodec_alloc_context
avcodec_alloc_context2
avcodec_alloc_context3
avcodec_alloc_frame
avcodec_close
avcodec_configuration
avcodec_copy_context
avcodec_decode_audio3
avcodec_decode_audio4
avcodec_decode_subtitle2
avcodec_decode_video2
avcodec_default_execute
avcodec_default_execute2
avcodec_default_free_buffers
avcodec_default_get_buffer
avcodec_default_get_format
avcodec_default_reget_buffer
avcodec_default_release_buffer
avcodec_descriptor_get
avcodec_descriptor_get_by_name
avcodec_descriptor_next
avcodec_encode_audio
avcodec_encode_audio2
avcodec_encode_subtitle
avcodec_encode_video
avcodec_encode_video2
avcodec_fill_audio_frame
avcodec_find_best_pix_fmt
avcodec_find_best_pix_fmt2
avcodec_find_best_pix_fmt_of_2
avcodec_find_best_pix_fmt_of_list
avcodec_find_decoder
avcodec_find_decoder_by_name
avcodec_find_encoder
avcodec_find_encoder_by_name
avcodec_flush_buffers
avcodec_free_frame
avcodec_get_chroma_sub_sample
avcodec_get_class
avcodec_get_context_defaults
avcodec_get_context_defaults2
avcodec_get_context_defaults3
avcodec_get_edge_width
avcodec_get_frame_class
avcodec_get_frame_defaults
avcodec_get_name
avcodec_get_pix_fmt_loss
avcodec_get_subtitle_rect_class
avcodec_get_type
avcodec_is_open
avcodec_license
avcodec_open
avcodec_open2
avcodec_pix_fmt_to_codec_tag
avcodec_register
avcodec_register_all
avcodec_set_dimensions
avcodec_string
avcodec_version
aver_isf_history
avpicture_alloc
avpicture_deinterlace
avpicture_fill
avpicture_free
avpicture_get_size
avpicture_layout
avpriv_aac_parse_header
avpriv_ac3_channel_layout_tab
avpriv_ac3_parse_header
avpriv_adx_decode_header
avpriv_align_put_bits
avpriv_bprint_to_extradata
avpriv_check_timecode_rate
avpriv_copy_bits
avpriv_copy_pce_data
avpriv_dca_sample_rates
avpriv_dirac_parse_sequence_header
avpriv_dnxhd_get_frame_size
avpriv_dv_codec_profile
avpriv_dv_frame_profile
avpriv_dv_frame_profile2
avpriv_flac_is_extradata_valid
avpriv_flac_parse_block_header
avpriv_flac_parse_streaminfo
avpriv_framenum_to_drop_timecode
avpriv_framenum_to_smpte_timecode
avpriv_h264_has_num_reorder_frames
avpriv_init_smpte_timecode
avpriv_lock_avformat
avpriv_mjpeg_bits_ac_chrominance
avpriv_mjpeg_bits_ac_luminance
avpriv_mjpeg_bits_dc_chrominance
avpriv_mjpeg_bits_dc_luminance
avpriv_mjpeg_val_ac_chrominance
avpriv_mjpeg_val_ac_luminance
avpriv_mjpeg_val_dc
avpriv_mpa_bitrate_tab
avpriv_mpa_decode_header
avpriv_mpa_freq_tab
avpriv_mpeg4audio_get_config
avpriv_mpeg4audio_sample_rates
avpriv_mpegaudio_decode_header
avpriv_mpv_find_start_code
avpriv_put_string
avpriv_split_xiph_headers
avpriv_tak_parse_streaminfo
avpriv_timecode_to_string
avpriv_toupper4
avpriv_unlock_avformat
avpriv_vorbis_parse_extradata
avpriv_vorbis_parse_frame
avpriv_vorbis_parse_reset
avsubtitle_free
dsputil_init
ff_aanscales
ff_dct32_fixed
ff_dct32_float
ff_dct32_float_avx
ff_dct32_float_sse
ff_dct32_float_sse2
ff_dct_common_init
ff_dct_encode_init
ff_dct_encode_init_x86
ff_dct_end
ff_dct_init
ff_dct_init_x86
ff_dct_quantize_c
ff_dnxhd_cid_table
ff_dnxhd_get_cid_table
ff_faandct
ff_faandct248
ff_faanidct
ff_faanidct_add
ff_faanidct_put
ff_fdct248_islow_10
ff_fdct248_islow_8
ff_fdct_ifast
ff_fdct_ifast248
ff_fdct_mmx
ff_fdct_mmxext
ff_fdct_sse2
ff_fft_calc_3dnow
ff_fft_calc_3dnowext
ff_fft_calc_avx
ff_fft_calc_sse
ff_fft_end
ff_fft_end_fixed
ff_fft_init
ff_fft_init_fixed
ff_fft_init_x86
ff_fft_permute_sse
ff_find_pix_fmt
ff_framenum_to_drop_timecode
ff_framenum_to_smtpe_timecode
ff_idct_xvid_mmx
ff_idct_xvid_mmx_add
ff_idct_xvid_mmx_put
ff_idct_xvid_mmxext
ff_idct_xvid_mmxext_add
ff_idct_xvid_mmxext_put
ff_idct_xvid_sse2
ff_idct_xvid_sse2_add
ff_idct_xvid_sse2_put
ff_init_smtpe_timecode
ff_jpeg_fdct_islow_10
ff_jpeg_fdct_islow_8
ff_mdct_calc_c
ff_mdct_calc_c_fixed
ff_mdct_calcw_c
ff_mdct_end
ff_mdct_end_fixed
ff_mdct_init
ff_mdct_init_fixed
ff_mdct_win_fixed
ff_mdct_win_float
ff_mmx_idct
ff_mmxext_idct
ff_raw_pix_fmt_tags
ff_rdft_end
ff_rdft_init
ff_simple_idct248_put
ff_simple_idct44_add
ff_simple_idct48_add
ff_simple_idct84_add
ff_simple_idct_10
ff_simple_idct_8
ff_simple_idct_add_10
ff_simple_idct_add_8
ff_simple_idct_add_mmx
ff_simple_idct_mmx
ff_simple_idct_put_10
ff_simple_idct_put_8
ff_simple_idct_put_mmx

Sections

.text
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rotext
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/media_dll/avdevice-54.dll
.dll windows:4 windows x86 arch:x86

baabff4017bc3b76ee85e20b87f6f770

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

kernel32

CloseHandle
CreateEventA
CreateMutexA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
ReleaseMutex
ResetEvent
SetEvent
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_wcsdup
__dllonexit
__mb_cur_max
_amsg_exit
_errno
_initterm
_iob
_lock
_onexit
isxdigit
localeconv
malloc
memcmp
memcpy
realloc
setlocale
strchr
strcmp
strerror
strlen
strncmp
strtok
strtol
strtoul
_unlock
abort
atoi
calloc
fflush
fputc
fputs
free
getc
getenv
islower
isspace
isupper
tolower
ungetc
wcscmp
wcscpy
wcslen

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

user32

DestroyWindow
GetWindowLongA
SendMessageA
SetWindowLongA

avcodec-54

av_destruct_packet
av_get_pcm_codec
av_new_packet
av_packet_new_side_data
avcodec_find_decoder
avpicture_get_size
avpicture_layout

avfilter-3

av_abuffersink_params_alloc
av_buffersink_get_buffer_ref
av_buffersink_params_alloc
avfilter_get_by_name
avfilter_graph_alloc
avfilter_graph_config
avfilter_graph_create_filter
avfilter_graph_dump
avfilter_graph_free
avfilter_graph_parse
avfilter_inout_free
avfilter_link
avfilter_register_all
avfilter_unref_buffer

avformat-54

av_register_input_format
avformat_new_stream
avpriv_set_pts_info

avutil-52

av_bprint_chars
av_bprint_finalize
av_bprint_init
av_bprintf
av_default_item_name
av_dict_get
av_file_map
av_file_unmap
av_free
av_freep
av_get_bytes_per_sample
av_get_channel_layout_nb_channels
av_get_pix_fmt_name
av_get_sample_fmt_name
av_log
av_malloc
av_mallocz
av_parse_video_rate
av_parse_video_size
av_pix_fmt_desc_get
av_rescale_q
av_strdup

Exports

Exports

avdevice_configuration
avdevice_license
avdevice_register_all
avdevice_version

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/media_dll/avfilter-3.dll
.dll windows:4 windows x86 arch:x86

5e0f51cf695a4584ad702264e31dda80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_strdup
__dllonexit
__mb_cur_max
__setusermatherr
_amsg_exit
_errno
_initterm
_iob
_lock
_onexit
isxdigit
localeconv
log10
malloc
memcmp
memcpy
memmove
memset
qsort
rand
realloc
setlocale
srand
strchr
strcmp
strcspn
strerror
strlen
strncmp
strncpy
strspn
strstr
strtol
strtoul
_unlock
abort
atan2
atof
atoi
calloc
fclose
fgets
fopen
fputc
free
fwrite
getc
getenv
isgraph
islower
isspace
isupper
tolower
ungetc
wcslen

avcodec-54

av_frame_get_best_effort_timestamp
av_frame_get_channel_layout
av_frame_get_channels
av_frame_get_metadata
av_frame_get_pkt_pos
av_frame_set_channel_layout
av_frame_set_channels
av_frame_set_pkt_pos
av_frame_set_sample_rate
av_free_packet
av_init_packet
av_rdft_calc
av_rdft_end
av_rdft_init
avcodec_alloc_context
avcodec_alloc_context3
avcodec_alloc_frame
avcodec_close
avcodec_decode_audio4
avcodec_decode_video2
avcodec_encode_video
avcodec_find_best_pix_fmt_of_2
avcodec_find_decoder
avcodec_find_encoder
avcodec_flush_buffers
avcodec_free_frame
avcodec_open
avcodec_open2
dsputil_init

avformat-54

av_find_best_stream
av_find_input_format
av_read_frame
av_register_all
av_seek_frame
avformat_close_input
avformat_find_stream_info
avformat_match_stream_specifier
avformat_open_input

avutil-52

av_adler32_update
av_asprintf
av_audio_fifo_alloc
av_audio_fifo_free
av_audio_fifo_read
av_audio_fifo_realloc
av_audio_fifo_size
av_audio_fifo_space
av_audio_fifo_write
av_bprint_channel_layout
av_bprint_chars
av_bprint_finalize
av_bprint_init
av_bprintf
av_calloc
av_channel_layout_extract_channel
av_compare_ts
av_d2q
av_default_item_name
av_dict_copy
av_dict_free
av_dict_get
av_dict_set
av_div_q
av_expr_eval
av_expr_free
av_expr_parse
av_expr_parse_and_eval
av_fifo_alloc
av_fifo_free
av_fifo_generic_read
av_fifo_generic_write
av_fifo_realloc2
av_fifo_size
av_fifo_space
av_file_map
av_file_unmap
av_free
av_freep
av_get_bits_per_pixel
av_get_bytes_per_sample
av_get_channel_layout
av_get_channel_layout_channel_index
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_channel_name
av_get_cpu_flags
av_get_default_channel_layout
av_get_int
av_get_media_type_string
av_get_packed_sample_fmt
av_get_picture_type_char
av_get_pix_fmt
av_get_pix_fmt_name
av_get_planar_sample_fmt
av_get_random_seed
av_get_sample_fmt
av_get_sample_fmt_name
av_get_token
av_image_alloc
av_image_check_size
av_image_copy
av_image_copy_plane
av_image_fill_max_pixsteps
av_image_get_linesize
av_lfg_init
av_log
av_malloc
av_mallocz
av_mul_q
av_opt_eval_flags
av_opt_find
av_opt_free
av_opt_set
av_opt_set_defaults
av_opt_set_from_string
av_opt_set_int
av_parse_color
av_parse_ratio
av_parse_time
av_parse_video_rate
av_parse_video_size
av_pix_fmt_desc_get
av_pix_fmt_descriptors
av_read_image_line
av_realloc
av_realloc_f
av_reduce
av_rescale
av_rescale_q
av_rescale_q_rnd
av_sample_fmt_is_planar
av_samples_alloc
av_samples_copy
av_samples_fill_arrays
av_samples_set_silence
av_set_options_string
av_strcasecmp
av_strdup
av_strerror
av_strlcatf
av_strlcpy
av_strtod
av_strtok
av_vlog
av_write_image_line
avpriv_cga_font
avpriv_float_dsp_init
avpriv_set_systematic_pal2
avpriv_vga16_font

swresample-0

swr_alloc
swr_alloc_set_opts
swr_convert
swr_free
swr_init
swr_next_pts
swr_set_channel_mapping
swr_set_matrix

swscale-2

sws_freeContext
sws_freeVec
sws_getCachedContext
sws_getContext
sws_getGaussianVec
sws_get_class
sws_isSupportedInput
sws_isSupportedOutput
sws_scale
sws_scaleVec

Exports

Exports

av_abuffersink_params_alloc
av_asrc_buffer_add_audio_buffer_ref
av_asrc_buffer_add_buffer
av_asrc_buffer_add_samples
av_buffersink_get_buffer_ref
av_buffersink_get_frame_rate
av_buffersink_params_alloc
av_buffersink_poll_frame
av_buffersink_read
av_buffersink_read_samples
av_buffersink_set_frame_size
av_buffersrc_add_frame
av_buffersrc_add_ref
av_buffersrc_buffer
av_buffersrc_get_nb_failed_requests
av_buffersrc_write_frame
av_filter_next
avfilter_add_matrix
avfilter_af_aconvert
avfilter_af_afifo
avfilter_af_aformat
avfilter_af_amerge
avfilter_af_amix
avfilter_af_anull
avfilter_af_apad
avfilter_af_aresample
avfilter_af_aselect
avfilter_af_asendcmd
avfilter_af_asetnsamples
avfilter_af_asetpts
avfilter_af_asettb
avfilter_af_ashowinfo
avfilter_af_asplit
avfilter_af_astreamsync
avfilter_af_atempo
avfilter_af_channelmap
avfilter_af_channelsplit
avfilter_af_earwax
avfilter_af_ebur128
avfilter_af_join
avfilter_af_pan
avfilter_af_silencedetect
avfilter_af_volume
avfilter_af_volumedetect
avfilter_all_channel_layouts
avfilter_asink_abuffer
avfilter_asink_abuffersink
avfilter_asink_anullsink
avfilter_asink_ffabuffersink
avfilter_asrc_abuffer
avfilter_asrc_aevalsrc
avfilter_asrc_anullsrc
avfilter_avf_concat
avfilter_avf_showspectrum
avfilter_avf_showwaves
avfilter_avsrc_amovie
avfilter_avsrc_movie
avfilter_config_links
avfilter_configuration
avfilter_copy_buf_props
avfilter_copy_buffer_ref_props
avfilter_copy_frame_props
avfilter_fill_frame_from_audio_buffer_ref
avfilter_fill_frame_from_buffer_ref
avfilter_fill_frame_from_video_buffer_ref
avfilter_free
avfilter_get_audio_buffer_ref_from_arrays
avfilter_get_audio_buffer_ref_from_arrays_channels
avfilter_get_audio_buffer_ref_from_frame
avfilter_get_buffer_ref_from_frame
avfilter_get_by_name
avfilter_get_class
avfilter_get_matrix
avfilter_get_video_buffer_ref_from_arrays
avfilter_get_video_buffer_ref_from_frame
avfilter_graph_add_filter
avfilter_graph_alloc
avfilter_graph_config
avfilter_graph_create_filter
avfilter_graph_dump
avfilter_graph_free
avfilter_graph_get_filter
avfilter_graph_parse
avfilter_graph_parse2
avfilter_graph_queue_command
avfilter_graph_request_oldest
avfilter_graph_send_command
avfilter_graph_set_auto_convert
avfilter_init_filter
avfilter_inout_alloc
avfilter_inout_free
avfilter_insert_filter
avfilter_license
avfilter_link
avfilter_link_free
avfilter_link_get_channels
avfilter_link_set_closed
avfilter_make_format64_list
avfilter_mul_matrix
avfilter_open
avfilter_pad_get_name
avfilter_pad_get_type
avfilter_process_command
avfilter_ref_buffer
avfilter_ref_get_channels
avfilter_register
avfilter_register_all
avfilter_sub_matrix
avfilter_transform
avfilter_uninit
avfilter_unref_buffer
avfilter_unref_bufferp
avfilter_version
avfilter_vf_alphaextract
avfilter_vf_alphamerge
avfilter_vf_bbox
avfilter_vf_blackdetect
avfilter_vf_blackframe
avfilter_vf_boxblur
avfilter_vf_colormatrix
avfilter_vf_copy
avfilter_vf_crop
avfilter_vf_cropdetect
avfilter_vf_decimate
avfilter_vf_delogo
avfilter_vf_deshake
avfilter_vf_drawbox
avfilter_vf_edgedetect
avfilter_vf_fade
avfilter_vf_field
avfilter_vf_fieldorder
avfilter_vf_fifo
avfilter_vf_format
avfilter_vf_fps
avfilter_vf_framestep
avfilter_vf_geq
avfilter_vf_gradfun
avfilter_vf_hflip
avfilter_vf_histeq
avfilter_vf_hqdn3d
avfilter_vf_hue
avfilter_vf_idet
avfilter_vf_kerndeint
avfilter_vf_lut
avfilter_vf_lutrgb
avfilter_vf_lutyuv
avfilter_vf_mp
avfilter_vf_negate
avfilter_vf_noformat
avfilter_vf_null
avfilter_vf_overlay
avfilter_vf_pad
avfilter_vf_pixdesctest
avfilter_vf_removelogo
avfilter_vf_scale
avfilter_vf_select
avfilter_vf_sendcmd
avfilter_vf_setdar
avfilter_vf_setfield
avfilter_vf_setpts
avfilter_vf_setsar
avfilter_vf_settb
avfilter_vf_showinfo
avfilter_vf_smartblur
avfilter_vf_split
avfilter_vf_super2xsai
avfilter_vf_swapuv
avfilter_vf_thumbnail
avfilter_vf_tile
avfilter_vf_tinterlace
avfilter_vf_transpose
avfilter_vf_unsharp
avfilter_vf_vflip
avfilter_vf_yadif
avfilter_vsink_buffer
avfilter_vsink_buffersink
avfilter_vsink_ffbuffersink
avfilter_vsink_nullsink
avfilter_vsrc_buffer
avfilter_vsrc_cellauto
avfilter_vsrc_color
avfilter_vsrc_life
avfilter_vsrc_mandelbrot
avfilter_vsrc_mptestsrc
avfilter_vsrc_nullsrc
avfilter_vsrc_rgbtestsrc
avfilter_vsrc_smptebars
avfilter_vsrc_testsrc
ff_default_query_formats
ff_filter_frame
ff_get_video_buffer
ff_make_format_list
ff_null_get_video_buffer
ff_set_common_formats

Sections

.text
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/media_dll/avformat-54.dll
.dll windows:4 windows x86 arch:x86

9674a183aacb4148dfbf8db0e7e51830

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

DeregisterEventSource
RegisterEventSourceA
ReportEventA

avifil32

AVIFileExit
AVIFileGetStream
AVIFileInfoA
AVIFileInit
AVIFileOpenA
AVIFileRelease
AVIStreamInfoA
AVIStreamRead
AVIStreamReadFormat
AVIStreamRelease

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetBitmapBits
GetDeviceCaps
GetObjectA
SelectObject

kernel32

CloseHandle
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetStdHandle
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile

msvcrt

_access
_close
_fdopen
_fileno
_read
_rmdir
_setmode
_strdup
_unlink
_write
__dllonexit
__doserrno
__mb_cur_max
__pioinfo
_amsg_exit
_errno
_exit
_filelengthi64
_fileno
_fstati64
_ftime
_get_osfhandle
_getch
_initterm
_iob
_lock
_lseeki64
_mkdir
_onexit
_osver
_setmode
_snwprintf
_sopen
_stat
_stricmp
_strnicmp
isxdigit
localeconv
localtime
malloc
memchr
memcmp
memcpy
memmove
memset
mktime
printf
putc
qsort
raise
rand
realloc
rename
setlocale
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
_unlock
_vsnprintf
_wfopen
_write
_wsopen
abort
atoi
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
gmtime
isalnum
islower
isprint
isspace
isupper
time
tolower
toupper
ungetc
vfprintf
wcscpy
wcslen
wcsstr

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
MessageBoxW

winmm

timeGetTime

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

avcodec-54

av_bitstream_filter_close
av_bitstream_filter_filter
av_bitstream_filter_init
av_codec_get_codec_descriptor
av_codec_set_codec_descriptor
av_codec_set_pkt_timebase
av_destruct_packet
av_dup_packet
av_fast_malloc
av_fast_padded_malloc
av_fast_realloc
av_free_packet
av_get_audio_frame_duration
av_get_bits_per_sample
av_get_codec_tag_string
av_grow_packet
av_init_packet
av_log_ask_for_sample
av_log_missing_feature
av_new_packet
av_packet_get_side_data
av_packet_merge_side_data
av_packet_new_side_data
av_packet_split_side_data
av_parser_close
av_parser_init
av_parser_parse2
av_shrink_packet
av_xiphlacing
avcodec_alloc_context3
avcodec_alloc_frame
avcodec_close
avcodec_copy_context
avcodec_decode_audio4
avcodec_decode_subtitle2
avcodec_decode_video2
avcodec_descriptor_get
avcodec_find_decoder
avcodec_find_encoder
avcodec_free_frame
avcodec_get_chroma_sub_sample
avcodec_get_frame_defaults
avcodec_get_name
avcodec_get_type
avcodec_is_open
avcodec_open2
avcodec_pix_fmt_to_codec_tag
avcodec_register_all
avcodec_set_dimensions
avcodec_string
avpicture_get_size
avpriv_aac_parse_header
avpriv_ac3_channel_layout_tab
avpriv_ac3_parse_header
avpriv_adx_decode_header
avpriv_align_put_bits
avpriv_bprint_to_extradata
avpriv_copy_bits
avpriv_copy_pce_data
avpriv_dca_sample_rates
avpriv_dirac_parse_sequence_header
avpriv_dnxhd_get_frame_size
avpriv_dv_codec_profile
avpriv_dv_frame_profile
avpriv_flac_is_extradata_valid
avpriv_flac_parse_block_header
avpriv_flac_parse_streaminfo
avpriv_h264_has_num_reorder_frames
avpriv_lock_avformat
avpriv_mjpeg_bits_ac_chrominance
avpriv_mjpeg_bits_ac_luminance
avpriv_mjpeg_bits_dc_chrominance
avpriv_mjpeg_bits_dc_luminance
avpriv_mjpeg_val_ac_chrominance
avpriv_mjpeg_val_ac_luminance
avpriv_mjpeg_val_dc
avpriv_mpa_bitrate_tab
avpriv_mpa_decode_header
avpriv_mpa_freq_tab
avpriv_mpeg4audio_get_config
avpriv_mpeg4audio_sample_rates
avpriv_mpegaudio_decode_header
avpriv_mpv_find_start_code
avpriv_split_xiph_headers
avpriv_tak_parse_streaminfo
avpriv_toupper4
avpriv_unlock_avformat
avpriv_vorbis_parse_extradata
avpriv_vorbis_parse_frame
avpriv_vorbis_parse_reset
ff_find_pix_fmt
ff_raw_pix_fmt_tags

avutil-52

av_adler32_update
av_aes_alloc
av_aes_crypt
av_aes_init
av_base64_decode
av_base64_encode
av_basename
av_bprint_chars
av_bprint_clear
av_bprint_finalize
av_bprint_init
av_bprintf
av_calloc
av_compare_mod
av_compare_ts
av_crc
av_crc_get_table
av_d2q
av_default_item_name
av_des_crypt
av_des_init
av_des_mac
av_dict_copy
av_dict_count
av_dict_free
av_dict_get
av_dict_set
av_div_q
av_dynarray_add
av_fifo_alloc
av_fifo_drain
av_fifo_free
av_fifo_generic_read
av_fifo_generic_write
av_fifo_realloc2
av_fifo_size
av_find_info_tag
av_free
av_freep
av_gcd
av_get_bytes_per_sample
av_get_channel_layout_nb_channels
av_get_media_type_string
av_get_pix_fmt
av_get_pix_fmt_name
av_get_random_seed
av_get_token
av_gettime
av_image_check_size
av_lfg_init
av_log
av_log_get_level
av_lzo1x_decode
av_malloc
av_mallocz
av_md5_alloc
av_md5_final
av_md5_init
av_md5_sum
av_md5_update
av_mul_q
av_opt_flag_is_set
av_opt_free
av_opt_get
av_opt_get_int
av_opt_set
av_opt_set_defaults
av_opt_set_dict
av_parse_ratio
av_parse_time
av_parse_video_rate
av_parse_video_size
av_pix_fmt_desc_get
av_rc4_crypt
av_rc4_init
av_realloc
av_realloc_f
av_reduce
av_rescale
av_rescale_q
av_rescale_q_rnd
av_rescale_rnd
av_sha_alloc
av_sha_final
av_sha_init
av_sha_update
av_small_strptime
av_strcasecmp
av_strdup
av_strerror
av_stristart
av_stristr
av_strlcat
av_strlcatf
av_strlcpy
av_strncasecmp
av_strstart
av_strtod
av_strtok
av_tempfile
av_timecode_check_frame_rate
av_timecode_get_smpte_from_framenum
av_timecode_init
av_timecode_init_from_string
av_timecode_make_smpte_tc_string
av_timecode_make_string
av_timegm
av_tree_destroy
av_tree_enumerate
av_tree_find
av_tree_insert
av_tree_node_alloc
av_usleep
av_vlog

Exports

Exports

av_add_index_entry
av_append_packet
av_close_input_file
av_codec_get_id
av_codec_get_tag
av_convert_lang_to
av_demuxer_open
av_dump_format
av_filename_number_test
av_find_best_stream
av_find_default_stream_index
av_find_input_format
av_find_program_from_stream
av_find_stream_info
av_fmt_ctx_get_duration_estimation_method
av_get_frame_filename
av_get_output_timestamp
av_get_packet
av_gettime@LIBAVFORMAT_54
av_guess_codec
av_guess_format
av_guess_sample_aspect_ratio
av_hex_dump
av_hex_dump_log
av_iformat_next
av_index_search_timestamp
av_interleave_packet_per_dts
av_interleaved_write_frame
av_match_ext
av_new_program
av_new_stream
av_oformat_next
av_pkt_dump2
av_pkt_dump_log2
av_probe_input_buffer
av_probe_input_format
av_probe_input_format2
av_probe_input_format3
av_read_frame
av_read_packet
av_read_pause
av_read_play
av_register_all
av_register_input_format
av_register_output_format
av_register_rdt_dynamic_payload_handlers
av_register_rtp_dynamic_payload_handlers
av_sdp_create
av_seek_frame
av_set_pts_info
av_url_split
av_write_frame
av_write_trailer
avformat_alloc_context
avformat_alloc_output_context
avformat_alloc_output_context2
avformat_close_input
avformat_configuration
avformat_find_stream_info
avformat_free_context
avformat_get_class
avformat_get_riff_audio_tags
avformat_get_riff_video_tags
avformat_license
avformat_match_stream_specifier
avformat_network_deinit
avformat_network_init
avformat_new_stream
avformat_open_input
avformat_query_codec
avformat_queue_attached_pictures
avformat_seek_file
avformat_version
avformat_write_header
avio_alloc_context
avio_check
avio_close
avio_close_dyn_buf
avio_closep
avio_enum_protocols
avio_flush
avio_get_str
avio_get_str16be
avio_get_str16le
avio_open
avio_open2
avio_open_dyn_buf
avio_pause
avio_printf
avio_put_str
avio_put_str16le
avio_r8
avio_rb16
avio_rb24
avio_rb32
avio_rb64
avio_read
avio_rl16
avio_rl24
avio_rl32
avio_rl64
avio_seek
avio_seek_time
avio_size
avio_skip
avio_w8
avio_wb16
avio_wb24
avio_wb32
avio_wb64
avio_wl16
avio_wl24
avio_wl32
avio_wl64
avio_write
avpriv_dv_get_packet
avpriv_dv_init_demux
avpriv_dv_produce_packet
avpriv_new_chapter
avpriv_set_pts_info
ff_guess_image2_codec
ff_inet_aton
ff_mpegts_parse_close
ff_mpegts_parse_open
ff_mpegts_parse_packet
ff_rtp_get_local_rtcp_port
ff_rtp_get_local_rtp_port
ff_rtsp_parse_line
ff_socket_nonblock
ffio_open_dyn_packet_buf
ffio_set_buf_size
ffurl_close
ffurl_open
ffurl_protocol_next
ffurl_read_complete
ffurl_register_protocol
ffurl_seek
ffurl_size
ffurl_write
get_crc_table
url_feof

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/media_dll/avutil-52.dll
.dll windows:4 windows x86 arch:x86

e0df73c0f31393cc9d0c80ae058cb473

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

kernel32

CloseHandle
CreateFileMappingA
DeleteCriticalSection
EnterCriticalSection
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStdHandle
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
SetConsoleTextAttribute
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_isatty
_open
_read
_tempnam
__dllonexit
__mb_cur_max
__setusermatherr
_amsg_exit
_errno
_fstati64
_get_osfhandle
_initterm
_iob
_lock
_onexit
isxdigit
localeconv
localtime
malloc
memcmp
memcpy
memmove
memset
mktime
realloc
setlocale
sinh
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strrchr
strspn
strtol
strtoul
_unlock
abort
acos
asin
atan
atoi
bsearch
calloc
clock
cosh
fputc
fputs
free
frexp
getc
getenv
gmtime
islower
isspace
isupper
tan
tanh
time
tolower
toupper
ungetc
wcslen

Exports

Exports

av_add_q
av_adler32_update
av_aes_alloc
av_aes_crypt
av_aes_init
av_aes_size
av_asprintf
av_audio_fifo_alloc
av_audio_fifo_drain
av_audio_fifo_free
av_audio_fifo_read
av_audio_fifo_realloc
av_audio_fifo_reset
av_audio_fifo_size
av_audio_fifo_space
av_audio_fifo_write
av_base64_decode
av_base64_encode
av_basename
av_blowfish_crypt
av_blowfish_crypt_ecb
av_blowfish_init
av_bmg_get
av_bprint_channel_layout
av_bprint_chars
av_bprint_clear
av_bprint_finalize
av_bprint_get_buffer
av_bprint_init
av_bprint_init_for_buffer
av_bprint_strftime
av_bprintf
av_calloc
av_channel_layout_extract_channel
av_compare_mod
av_compare_ts
av_crc
av_crc_get_table
av_crc_init
av_ctz
av_d2q
av_d2str
av_dbl2ext
av_dbl2int
av_default_get_category
av_default_item_name
av_des_crypt
av_des_init
av_des_mac
av_dict_copy
av_dict_count
av_dict_free
av_dict_get
av_dict_set
av_dirname
av_div_q
av_dynarray_add
av_evaluate_lls
av_expr_eval
av_expr_free
av_expr_parse
av_expr_parse_and_eval
av_ext2dbl
av_fifo_alloc
av_fifo_drain
av_fifo_free
av_fifo_generic_read
av_fifo_generic_write
av_fifo_grow
av_fifo_realloc2
av_fifo_reset
av_fifo_size
av_fifo_space
av_file_map
av_file_unmap
av_find_info_tag
av_find_nearest_q_idx
av_find_opt
av_flt2int
av_force_cpu_flags
av_free
av_freep
av_gcd
av_get_alt_sample_fmt
av_get_bits_per_pixel
av_get_bits_per_sample_fmt
av_get_bytes_per_sample
av_get_channel_description
av_get_channel_layout
av_get_channel_layout_channel_index
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_channel_name
av_get_cpu_flags
av_get_default_channel_layout
av_get_double
av_get_int
av_get_media_type_string
av_get_packed_sample_fmt
av_get_padded_bits_per_pixel
av_get_picture_type_char
av_get_pix_fmt
av_get_pix_fmt_name
av_get_pix_fmt_string
av_get_planar_sample_fmt
av_get_q
av_get_random_seed
av_get_sample_fmt
av_get_sample_fmt_name
av_get_sample_fmt_string
av_get_standard_channel_layout
av_get_string
av_get_token
av_gettime
av_image_alloc
av_image_check_size
av_image_copy
av_image_copy_plane
av_image_copy_to_buffer
av_image_fill_arrays
av_image_fill_linesizes
av_image_fill_max_pixsteps
av_image_fill_pointers
av_image_get_buffer_size
av_image_get_linesize
av_init_lls
av_int2dbl
av_int2flt
av_lfg_init
av_log
av_log2
av_log2_16bit
av_log_default_callback
av_log_format_line
av_log_get_level
av_log_set_callback
av_log_set_flags
av_log_set_level
av_lzo1x_decode
av_malloc
av_mallocz
av_max_alloc
av_md5_alloc
av_md5_final
av_md5_init
av_md5_size
av_md5_sum
av_md5_update
av_memcpy_backptr
av_mul_q
av_nearer_q
av_next_option
av_opt_child_class_next
av_opt_child_next
av_opt_eval_double
av_opt_eval_flags
av_opt_eval_float
av_opt_eval_int
av_opt_eval_int64
av_opt_eval_q
av_opt_find
av_opt_find2
av_opt_flag_is_set
av_opt_free
av_opt_freep_ranges
av_opt_get
av_opt_get_double
av_opt_get_image_size
av_opt_get_int
av_opt_get_key_value
av_opt_get_pixel_fmt
av_opt_get_q
av_opt_get_sample_fmt
av_opt_next
av_opt_ptr
av_opt_query_ranges
av_opt_query_ranges_default
av_opt_set
av_opt_set_bin
av_opt_set_defaults
av_opt_set_defaults2
av_opt_set_dict
av_opt_set_double
av_opt_set_from_string
av_opt_set_image_size
av_opt_set_int
av_opt_set_pixel_fmt
av_opt_set_q
av_opt_set_sample_fmt
av_opt_show2
av_parse_color
av_parse_cpu_caps
av_parse_cpu_flags
av_parse_ratio
av_parse_time
av_parse_video_rate
av_parse_video_size
av_pix_fmt_desc_get
av_pix_fmt_desc_get_id
av_pix_fmt_desc_next
av_pix_fmt_descriptors
av_pix_fmt_get_chroma_sub_sample
av_rc4_crypt
av_rc4_init
av_read_image_line
av_realloc
av_realloc_f
av_reduce
av_rescale
av_rescale_delta
av_rescale_q
av_rescale_q_rnd
av_rescale_rnd
av_reverse
av_sample_fmt_is_planar
av_samples_alloc
av_samples_copy
av_samples_fill_arrays
av_samples_get_buffer_size
av_samples_set_silence
av_set_cpu_flags_mask
av_set_double
av_set_int
av_set_options_string
av_set_q
av_set_string3
av_sha_alloc
av_sha_final
av_sha_init
av_sha_size
av_sha_update
av_small_strptime
av_solve_lls
av_strcasecmp
av_strdup
av_strerror
av_stristart
av_stristr
av_strlcat
av_strlcatf
av_strlcpy
av_strncasecmp
av_strstart
av_strtod
av_strtok
av_sub_q
av_tempfile
av_timecode_adjust_ntsc_framenum2
av_timecode_check_frame_rate
av_timecode_get_smpte_from_framenum
av_timecode_init
av_timecode_init_from_string
av_timecode_make_mpeg_tc_string
av_timecode_make_smpte_tc_string
av_timecode_make_string
av_timegm
av_tree_destroy
av_tree_enumerate
av_tree_find
av_tree_insert
av_tree_node_alloc
av_tree_node_size
av_update_lls
av_usleep
av_vlog
av_write_image_line
av_xtea_crypt
av_xtea_init
avpriv_cga_font
avpriv_float_dsp_init
avpriv_set_systematic_pal2
avpriv_vga16_font
avutil_configuration
avutil_license
avutil_version
ff_cpu_cpuid
ff_cpu_cpuid_test
ff_cpu_xgetbv
ff_float_dsp_init_x86
ff_get_cpu_flags_x86
ff_log2_tab
ff_vector_dmul_scalar_avx
ff_vector_dmul_scalar_sse2
ff_vector_fmac_scalar_avx
ff_vector_fmac_scalar_sse
ff_vector_fmul_avx
ff_vector_fmul_scalar_sse
ff_vector_fmul_sse

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/media_dll/swresample-0.dll
.dll windows:4 windows x86 arch:x86

d8f91c2740a8964dfcb434832db800e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__dllonexit
__mb_cur_max
__setusermatherr
_amsg_exit
_errno
_initterm
_iob
_lock
_onexit
localeconv
malloc
memcpy
memset
setlocale
strchr
strerror
strlen
strncmp
_unlock
abort
atoi
calloc
fputc
free
getenv
wcslen

avutil-52

av_free
av_freep
av_get_bytes_per_sample
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_cpu_flags
av_get_default_channel_layout
av_get_packed_sample_fmt
av_get_planar_sample_fmt
av_get_sample_fmt_name
av_log
av_malloc
av_mallocz
av_opt_set_defaults
av_opt_set_int
av_reduce
av_rescale
av_sample_fmt_is_planar

Exports

Exports

ff_float_to_int16_a_sse2
ff_float_to_int16_u_sse2
ff_float_to_int32_a_sse2
ff_float_to_int32_u_sse2
ff_int16_to_float_a_sse2
ff_int16_to_float_u_sse2
ff_int16_to_int32_a_mmx
ff_int16_to_int32_a_sse2
ff_int16_to_int32_u_mmx
ff_int16_to_int32_u_sse2
ff_int32_to_float_a_avx
ff_int32_to_float_a_sse2
ff_int32_to_float_u_avx
ff_int32_to_float_u_sse2
ff_int32_to_int16_a_mmx
ff_int32_to_int16_a_sse2
ff_int32_to_int16_u_mmx
ff_int32_to_int16_u_sse2
ff_log2_tab
ff_mix_1_1_a_float_avx
ff_mix_1_1_a_float_sse
ff_mix_1_1_a_int16_mmx
ff_mix_1_1_a_int16_sse2
ff_mix_1_1_u_float_avx
ff_mix_1_1_u_float_sse
ff_mix_1_1_u_int16_mmx
ff_mix_1_1_u_int16_sse2
ff_mix_2_1_a_float_avx
ff_mix_2_1_a_float_sse
ff_mix_2_1_a_int16_mmx
ff_mix_2_1_a_int16_sse2
ff_mix_2_1_u_float_avx
ff_mix_2_1_u_float_sse
ff_mix_2_1_u_int16_mmx
ff_mix_2_1_u_int16_sse2
ff_pack_2ch_float_to_int16_a_sse2
ff_pack_2ch_float_to_int16_u_sse2
ff_pack_2ch_float_to_int32_a_sse2
ff_pack_2ch_float_to_int32_u_sse2
ff_pack_2ch_int16_to_float_a_sse2
ff_pack_2ch_int16_to_float_u_sse2
ff_pack_2ch_int16_to_int16_a_sse2
ff_pack_2ch_int16_to_int16_u_sse2
ff_pack_2ch_int16_to_int32_a_sse2
ff_pack_2ch_int16_to_int32_u_sse2
ff_pack_2ch_int32_to_float_a_sse2
ff_pack_2ch_int32_to_float_u_sse2
ff_pack_2ch_int32_to_int16_a_sse2
ff_pack_2ch_int32_to_int16_u_sse2
ff_pack_2ch_int32_to_int32_a_sse2
ff_pack_2ch_int32_to_int32_u_sse2
ff_pack_6ch_float_to_float_a_avx
ff_pack_6ch_float_to_float_a_mmx
ff_pack_6ch_float_to_float_a_sse4
ff_pack_6ch_float_to_float_u_avx
ff_pack_6ch_float_to_float_u_mmx
ff_pack_6ch_float_to_float_u_sse4
ff_pack_6ch_float_to_int32_a_avx
ff_pack_6ch_float_to_int32_a_sse4
ff_pack_6ch_float_to_int32_u_avx
ff_pack_6ch_float_to_int32_u_sse4
ff_pack_6ch_int32_to_float_a_avx
ff_pack_6ch_int32_to_float_a_sse4
ff_pack_6ch_int32_to_float_u_avx
ff_pack_6ch_int32_to_float_u_sse4
ff_resample_int16_rounder
ff_unpack_2ch_float_to_int16_a_sse2
ff_unpack_2ch_float_to_int16_u_sse2
ff_unpack_2ch_float_to_int32_a_sse2
ff_unpack_2ch_float_to_int32_u_sse2
ff_unpack_2ch_int16_to_float_a_sse2
ff_unpack_2ch_int16_to_float_a_ssse3
ff_unpack_2ch_int16_to_float_u_sse2
ff_unpack_2ch_int16_to_float_u_ssse3
ff_unpack_2ch_int16_to_int16_a_sse2
ff_unpack_2ch_int16_to_int16_a_ssse3
ff_unpack_2ch_int16_to_int16_u_sse2
ff_unpack_2ch_int16_to_int16_u_ssse3
ff_unpack_2ch_int16_to_int32_a_sse2
ff_unpack_2ch_int16_to_int32_a_ssse3
ff_unpack_2ch_int16_to_int32_u_sse2
ff_unpack_2ch_int16_to_int32_u_ssse3
ff_unpack_2ch_int32_to_float_a_sse2
ff_unpack_2ch_int32_to_float_u_sse2
ff_unpack_2ch_int32_to_int16_a_sse2
ff_unpack_2ch_int32_to_int16_u_sse2
ff_unpack_2ch_int32_to_int32_a_sse2
ff_unpack_2ch_int32_to_int32_u_sse2
swr_alloc
swr_alloc_set_opts
swr_convert
swr_drop_output
swr_free
swr_get_class
swr_get_delay
swr_init
swr_inject_silence
swr_next_pts
swr_set_channel_mapping
swr_set_compensation
swr_set_matrix
swresample_configuration
swresample_license
swresample_version

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��⬠�/media_dll/swscale-2.dll
.dll windows:4 windows x86 arch:x86

bdd686222e4dc451f28b77a336761e78

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__dllonexit
__mb_cur_max
__setusermatherr
_amsg_exit
_errno
_initterm
_iob
_lock
_onexit
localeconv
malloc
memcpy
memset
setlocale
strchr
strerror
strlen
strncmp
_unlock
abort
atoi
calloc
fputc
free
getenv
wcslen

avutil-52

av_free
av_freep
av_get_bits_per_pixel
av_get_cpu_flags
av_get_pix_fmt_name
av_log
av_malloc
av_mallocz
av_opt_set_defaults
av_pix_fmt_desc_get

Exports

Exports

sws_addVec
sws_allocVec
sws_alloc_context
sws_cloneVec
sws_context_class
sws_convVec
sws_convertPalette8ToPacked24
sws_convertPalette8ToPacked32
sws_format_name
sws_freeContext
sws_freeFilter
sws_freeVec
sws_getCachedContext
sws_getCoefficients
sws_getColorspaceDetails
sws_getConstVec
sws_getContext
sws_getDefaultFilter
sws_getGaussianVec
sws_getIdentityVec
sws_get_class
sws_init_context
sws_isSupportedInput
sws_isSupportedOutput
sws_normalizeVec
sws_printVec2
sws_rgb2rgb_init
sws_scale
sws_scaleVec
sws_setColorspaceDetails
sws_shiftVec
sws_subVec
swscale_configuration
swscale_license
swscale_version

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04de0ad9c37eb7bd52043d2ecac958df

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7fCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate

Extended Key Usages

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

04:0d:50:34:d9:d5:b2:74:e3:7b:42:9c:b2:20:c0:e4:f0:a0:be:42:30:5f:68:9d:f1:2c:5e:79:08:f0:27:e1Signer

be:c9:d8:3f:06:9b:df:1c:14:7d:4a:b1:44:ad:e3:46:1e:7a:46:c3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

winsta

comctl32

version

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 865KB - Virtual size: 864KB

.rdata Size: 243KB - Virtual size: 243KB

.data Size: 16KB - Virtual size: 31KB

.gfids Size: 512B - Virtual size: 228B

.rsrc Size: 239KB - Virtual size: 239KB

.reloc Size: 50KB - Virtual size: 49KB

f4bb5c922d37f0e22b46ddcb970a0a3a

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7fCertificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

04:0d:50:34:d9:d5:b2:74:e3:7b:42:9c:b2:20:c0:e4:f0:a0:be:42:30:5f:68:9d:f1:2c:5e:79:08:f0:27:e1
Signer

be:c9:d8:3f:06:9b:df:1c:14:7d:4a:b1:44:ad:e3:46:1e:7a:46:c3
Signer

.text
Size: 865KB - Virtual size: 864KB

.rdata
Size: 243KB - Virtual size: 243KB

.data
Size: 16KB - Virtual size: 31KB

.gfids
Size: 512B - Virtual size: 228B

.rsrc
Size: 239KB - Virtual size: 239KB

.reloc
Size: 50KB - Virtual size: 49KB

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

57:98:20:57:ba:e3:80:8a:bd:34:17:d0:82:7f:cf:59:6f:97:9f:82:4c:ff:14:9b:2f:8c:dc:f2:5b:86:39:6f
Signer

63:3d:86:e3:de:24:2f:57:82:4a:48:82:99:25:ae:95:57:07:83:11
Signer

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 460B

PAGE
Size: 12KB - Virtual size: 11KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 760B

.reloc
Size: 1KB - Virtual size: 1KB

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

f1:18:37:f1:d6:ef:25:08:a7:0a:cd:46:90:ca:7f:ba:63:64:95:b0:20:67:e9:d1:f8:d1:0f:3e:3b:5a:77:9a
Signer

9d:43:78:67:ff:93:b1:11:4c:0b:8f:71:36:fd:c8:07:45:a2:08:10
Signer