Alloc
Call
Copy
Free
Get
Int64Op
Store
Overview
overview
7Static
static
30262065334...18.exe
windows7-x64
70262065334...18.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ib.dll
windows7-x64
3$PLUGINSDI...ib.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$R0.dll
windows7-x64
1$R0.dll
windows10-2004-x64
1$R2/NSIS.L...2_.exe
windows7-x64
1$R2/NSIS.L...2_.exe
windows10-2004-x64
1$SYSDIR/DWSHK80.dll
windows7-x64
1$SYSDIR/DWSHK80.dll
windows10-2004-x64
1$SYSDIR/MSVBVM60.dll
windows7-x64
1$SYSDIR/MSVBVM60.dll
windows10-2004-x64
1$SYSDIR/VB6KO.dll
windows7-x64
1$SYSDIR/VB6KO.dll
windows10-2004-x64
1$SYSDIR/dwsbc80.dll
windows7-x64
1$SYSDIR/dwsbc80.dll
windows10-2004-x64
1$SYSDIR/dw...80.dll
windows7-x64
1$SYSDIR/dw...80.dll
windows10-2004-x64
1UrlUpdate.exe
windows7-x64
7UrlUpdate.exe
windows10-2004-x64
7efbbar.dll
windows7-x64
1efbbar.dll
windows10-2004-x64
1efsbar.dll
windows7-x64
1efsbar.dll
windows10-2004-x64
1iewindow.exe
windows7-x64
1iewindow.exe
windows10-2004-x64
1nnlogon.exe
windows7-x64
1nnlogon.exe
windows10-2004-x64
1Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
02620653340ad8d2a425b5e5f8af258f_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
15 signatures
150 seconds
Behavioral task
behavioral2
Sample
02620653340ad8d2a425b5e5f8af258f_JaffaCakes118.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
15 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/TypeLib.dll
Resource
win7-20240611-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/TypeLib.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral9
Sample
$R0.dll
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral10
Sample
$R0.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral11
Sample
$R2/NSIS.Library.RegTool.v3.$_2_.exe
Resource
win7-20231129-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral12
Sample
$R2/NSIS.Library.RegTool.v3.$_2_.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral13
Sample
$SYSDIR/DWSHK80.dll
Resource
win7-20240419-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral14
Sample
$SYSDIR/DWSHK80.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral15
Sample
$SYSDIR/MSVBVM60.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral16
Sample
$SYSDIR/MSVBVM60.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral17
Sample
$SYSDIR/VB6KO.dll
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral18
Sample
$SYSDIR/VB6KO.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral19
Sample
$SYSDIR/dwsbc80.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral20
Sample
$SYSDIR/dwsbc80.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral21
Sample
$SYSDIR/dwshengine80.dll
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral22
Sample
$SYSDIR/dwshengine80.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral23
Sample
UrlUpdate.exe
Resource
win7-20240220-en
windows7-x64
11 signatures
150 seconds
Behavioral task
behavioral24
Sample
UrlUpdate.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
10 signatures
150 seconds
Behavioral task
behavioral25
Sample
efbbar.dll
Resource
win7-20240611-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral26
Sample
efbbar.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral27
Sample
efsbar.dll
Resource
win7-20240611-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral28
Sample
efsbar.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral29
Sample
iewindow.exe
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral30
Sample
iewindow.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral31
Sample
nnlogon.exe
Resource
win7-20240220-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral32
Sample
nnlogon.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
02620653340ad8d2a425b5e5f8af258f_JaffaCakes118
-
Size
1.5MB
-
MD5
02620653340ad8d2a425b5e5f8af258f
-
SHA1
94f8d4cc9ec4615cfd4a790549e23870f7c8f7a8
-
SHA256
577a7ec9e58665b9b840ce9618e2d330c065dc9a7d7b2109f52e392b77e839c4
-
SHA512
cbf3d33fde12a9d2347550a4a462d1d604fea3b72ffc60ccd51234241b8f1f79ee7923c00b4c762204b473411f082726c2daa950736ada322b8f6baf4c9cb6d3
-
SSDEEP
24576:V2xjlqM8GzLDG8tTo2Rig30oPQ1xTufJLckEY/fudN9GQcCeIRLhlAB2lX:ErqYzGRoqChcC/fkGQwIRLhlKS
Score
3/10
Malware Config
Signatures
-
Unsigned PE 17 IoCs
Checks for missing Authenticode signature.
resource 02620653340ad8d2a425b5e5f8af258f_JaffaCakes118 unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/TypeLib.dll unpack001/$PLUGINSDIR/nsExec.dll unpack001/$R2/NSIS.Library.RegTool.v3.$_2_.exe unpack001/$SYSDIR/DWSHK80.OCX unpack001/$SYSDIR/MSVBVM60.DLL unpack001/$SYSDIR/VB6KO.DLL unpack001/$SYSDIR/dwsbc80.OCX unpack001/$SYSDIR/dwshengine80.dll unpack001/efbbar.dll unpack001/nnlogon.exe unpack001/ntmEnd.exe unpack001/sslaunch.dll unpack001/uninst.exe unpack002/$PLUGINSDIR/System.dll unpack001/urld.exe -
NSIS installer 4 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2 static1/unpack001/uninst.exe nsis_installer_1 static1/unpack001/uninst.exe nsis_installer_2
Files
-
02620653340ad8d2a425b5e5f8af258f_JaffaCakes118.exe windows:4 windows x86 arch:x86
7fa974366048f9c551ef45714595665e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 151KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
2017f2acbdaa42ab3e4adeb8b4c37e7b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 520B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/TypeLib.dll.dll windows:4 windows x86 arch:x86
eb1a2c7475dd540716bf042f99de49fc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
MultiByteToWideChar
user32
wsprintfA
oleaut32
LoadTypeLibEx
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
Exports
Exports
GetLibVersion
Register
UnRegister
Sections
.text Size: 1024B - Virtual size: 674B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 20B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 138B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/nsExec.dll.dll windows:4 windows x86 arch:x86
d83f71e61ee459ee63ca3e829966a9dc
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess
user32
SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA
advapi32
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
Exports
Exports
Exec
ExecToLog
ExecToStack
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 410B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$R0.dll regsvr32 windows:4 windows x86 arch:x86
3aba9c53cb8b842efe6f51798f0d33af
Code Sign
01Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before01-08-1996 00:00Not After31-12-2020 23:59SubjectCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d44:cb:21:0b:f9:87:80:82:c1:6e:e6:6b:2e:c2:64:d8Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before28-07-2009 00:00Not After28-07-2011 23:59SubjectCN=OmniRealityBroadband Co. Ltd.,OU=M&C Team,O=OmniRealityBroadband Co. Ltd.,L=Mapo-gu,ST=Seoul,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
urlmon
CoInternetParseUrl
ole32
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
kernel32
GetProcAddress
GetSystemDirectoryA
GetCurrentProcess
GetTempPathA
RtlMoveMemory
GetModuleHandleA
FormatMessageA
LoadLibraryA
GetWindowsDirectoryA
GetCurrentProcessId
FreeLibrary
lstrlenA
CloseHandle
lstrlenW
advapi32
RevertToSelf
GetUserNameA
user32
IsWindow
GetWindowTextA
FindWindowA
AttachThreadInput
SendMessageTimeoutA
SetForegroundWindow
GetWindowThreadProcessId
IsWindowUnicode
GetClassNameA
RegisterWindowMessageA
BringWindowToTop
GetForegroundWindow
GetParent
msvbvm60
EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaAptOffset
ord696
__vbaFreeVarList
_adj_fdiv_m64
ord512
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaResume
__vbaStrCat
ord660
__vbaLsetFixstr
__vbaSetSystemError
ord662
__vbaHresultCheckObj
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
EVENT_SINK2_Release
__vbaVarForInit
__vbaForEachCollObj
__vbaExitProc
ord300
ord301
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord305
ord306
ord520
ord307
ord309
__vbaVarTstLt
__vbaRefVarAry
_CIsin
ord709
__vbaErase
ord631
ord632
__vbaNextEachCollObj
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaExitEachColl
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
ord560
__vbaObjVar
ord561
DllFunctionCall
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
ord310
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaStrUI1
__vbaExceptHandler
ord312
ord711
ord313
ord605
__vbaPrintFile
ord712
__vbaStrToUnicode
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord607
__vbaFailedFriend
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord535
__vbaDateVar
__vbaI2Var
__vbaLsetFixstrFree
ord537
ord644
ord645
_CIlog
__vbaFileOpen
__vbaVarLateMemCallLdRf
ord648
__vbaVar2Vec
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
ord577
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
ord104
ord610
ord105
__vbaLateMemCall
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVarLateMemCallLd
__vbaUnkVar
__vbaVarCopy
ord616
ord617
__vbaLateMemCallLd
_CIatan
__vbaUI1Str
ord540
ord618
__vbaAryCopy
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
ord650
_allmul
ord651
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 124KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$R2/NSIS.Library.RegTool.v3.$_2_.exe.exe windows:4 windows x86 arch:x86
a56a9c58ddb2b2da8fde66551747ce70
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WaitForSingleObject
CloseHandle
CreateProcessA
GetSystemDirectoryA
FreeLibrary
LoadLibraryExA
MultiByteToWideChar
lstrcmpiA
lstrlenA
SetEndOfFile
GetProcAddress
UnmapViewOfFile
lstrcpyA
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
lstrcatA
GetWindowsDirectoryA
GetShortPathNameA
GetCommandLineA
ExitProcess
GetModuleHandleA
GetModuleFileNameA
SetFilePointer
SetErrorMode
oleaut32
LoadTypeLi
RegisterTypeLi
advapi32
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey
user32
wsprintfA
CharNextA
ole32
OleInitialize
OleUninitialize
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
$SYSDIR/DWSHK80.OCX.dll regsvr32 windows:5 windows x86 arch:x86
f978e4fab943d628f5846aafd74b8faa
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
dwshengine80
ord303
ord306
ord304
ord3000
ord307
ord217
ord305
kernel32
InterlockedDecrement
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
IsDBCSLeadByte
SetLastError
FreeLibrary
LoadLibraryA
LoadLibraryExA
GetCurrentProcessId
lstrcmpA
GlobalFree
GlobalSize
lstrcpyA
_lclose
lstrcatA
WaitForSingleObject
ReleaseMutex
DebugBreak
CreateMutexA
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
OpenFile
GetVersion
IsBadReadPtr
FreeResource
GetPrivateProfileStringA
GetPrivateProfileIntA
_lread
_lwrite
_llseek
FileTimeToDosDateTime
GetFileTime
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
MultiByteToWideChar
InterlockedIncrement
WideCharToMultiByte
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrlenA
lstrcmpiA
SizeofResource
LockResource
LoadResource
FindResourceA
FlushInstructionCache
GetSystemTimeAsFileTime
GetCurrentProcess
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
IsDebuggerPresent
GetModuleFileNameA
GetModuleHandleA
DisableThreadLibraryCalls
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
user32
SetTimer
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsDlgButtonChecked
CreateDialogParamA
EnableWindow
GetDlgItem
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemInt
KillTimer
DialogBoxParamA
DestroyIcon
GetParent
SetFocus
GetAsyncKeyState
MapVirtualKeyA
IsCharAlphaA
RegisterWindowMessageA
LoadIconA
DrawIconEx
SetRectEmpty
GetDlgCtrlID
EndDialog
SetDlgItemTextA
LoadStringA
UnregisterClassA
GetPropA
UpdateWindow
GetClassNameA
IsWindowEnabled
EnumWindows
GetActiveWindow
GetWindowThreadProcessId
PostMessageA
SendMessageA
WinHelpA
CreateWindowExA
GetFocus
IsChild
RegisterClassExA
InvalidateRect
GetKeyState
IsWindow
DefWindowProcA
CallWindowProcA
BeginPaint
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
LoadCursorA
GetClassInfoExA
GetDC
ReleaseDC
GetDialogBaseUnits
GetWindowLongA
SetWindowLongA
DestroyWindow
IsDialogMessageA
MoveWindow
ShowWindow
CharNextW
UnionRect
PtInRect
CharNextA
wsprintfA
MessageBoxA
CheckDlgButton
CharPrevA
gdi32
CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileA
Rectangle
DeleteMetaFile
SetTextColor
GetObjectA
CreateRectRgnIndirect
DeleteObject
GetTextExtentPointA
GetTextMetricsA
SelectObject
CreateFontIndirectA
GetDeviceCaps
GetStockObject
SetTextAlign
TextOutA
advapi32
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
ole32
OleRegGetMiscStatus
OleRegGetUserType
CreateDataAdviseHolder
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CreateOleAdviseHolder
CoCreateInstance
StringFromGUID2
OleLoadFromStream
WriteClassStm
OleSaveToStream
OleRegEnumVerbs
oleaut32
SysAllocString
OleCreatePropertyFrame
SysAllocStringByteLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantChangeType
SysAllocStringLen
VariantClear
VariantInit
SysStringByteLen
SysStringLen
CreateErrorInfo
SetErrorInfo
SysFreeString
msvcr90
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
??3@YAXPAX@Z
??_V@YAXPAX@Z
strstr
memcmp
malloc
free
memcpy_s
_CxxThrowException
strcpy_s
_initterm_e
wcsncpy_s
strncpy_s
strcat_s
memset
_recalloc
sprintf_s
_resetstkoflw
??2@YAPAXI@Z
__CxxFrameHandler3
??_U@YAPAXI@Z
_purecall
strlen
memmove
atol
strcspn
memcpy
?terminate@@YAXXZ
_except_handler4_common
_unlock
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
calloc
__dllonexit
_amsg_exit
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 102KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$SYSDIR/MSVBVM60.DLL.dll regsvr32 windows:4 windows x86 arch:x86
ce5958d8adf86078d58c0c6f95621ee9
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Imports
kernel32
GetTimeZoneInformation
CreateThread
ExitThread
FlushFileBuffers
CreateDirectoryA
RemoveDirectoryA
MoveFileA
LockFile
UnlockFile
TerminateProcess
SetEnvironmentVariableA
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
GetStringTypeW
RaiseException
LCMapStringW
GetStringTypeA
GetModuleFileNameW
GetUserDefaultLangID
GetComputerNameA
SetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
SetFileTime
GetLocalTime
SetLocalTime
RtlUnwind
OpenFile
CreateProcessW
IsValidCodePage
FormatMessageW
GetStartupInfoA
UnhandledExceptionFilter
ExitProcess
SetCurrentDirectoryA
GetStringTypeExA
GetVolumeInformationA
FindFirstFileA
FindNextFileA
FindClose
VirtualFree
GetSystemInfo
VirtualAlloc
VirtualProtect
FlushInstructionCache
FindResourceExA
GetShortPathNameA
WinExec
lstrlenW
lstrcpyW
WriteFile
SetEndOfFile
SetFilePointer
GetSystemTime
SystemTimeToFileTime
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
GetCurrentProcess
DuplicateHandle
ResumeThread
GetCommandLineA
TlsSetValue
TlsFree
TlsAlloc
GetVersion
CompareStringW
lstrcmpiW
MulDiv
CreateProcessA
GetExitCodeProcess
LoadLibraryExA
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
GetTickCount
GetEnvironmentVariableA
FreeResource
GetSystemDefaultLCID
GetPrivateProfileIntA
IsBadCodePtr
GetUserDefaultLCID
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
Sleep
GlobalDeleteAtom
HeapDestroy
SetErrorMode
GlobalAddAtomA
ReleaseSemaphore
LCMapStringA
CreateSemaphoreA
VirtualQuery
GetCurrentProcessId
MultiByteToWideChar
GetProfileStringA
WideCharToMultiByte
HeapReAlloc
GetDriveTypeA
CompareStringA
GetFileAttributesA
GetCurrentDirectoryA
GetModuleFileNameA
SetLastError
GetFullPathNameA
SearchPathA
GetFileType
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
SizeofResource
GlobalAlloc
GlobalSize
GlobalHandle
GlobalReAlloc
GlobalLock
_lwrite
_lread
LockResource
GetTempPathA
GetTempFileNameA
lstrcpynA
_lclose
_llseek
FreeLibrary
GetLocaleInfoA
lstrcmpiA
GetLastError
GetModuleHandleA
GetSystemDefaultLangID
FormatMessageA
HeapCreate
GetWindowsDirectoryA
GetPrivateProfileStringA
lstrcatA
CreateFileA
ReadFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
IsBadReadPtr
TlsGetValue
lstrcpyA
DeleteFileA
lstrcmpA
GetCurrentThreadId
GetVersionExA
HeapAlloc
HeapFree
HeapSize
lstrlenA
user32
DdeClientTransaction
DdeAbandonTransaction
DdeGetData
DdeGetLastError
DdeCreateDataHandle
DdeCmpStringHandles
SetCursorPos
EnumClipboardFormats
DestroyCursor
GetAsyncKeyState
WaitForInputIdle
GetForegroundWindow
VkKeyScanW
SetWindowsHookExW
keybd_event
CharUpperBuffW
CharUpperBuffA
CharLowerBuffW
FindWindowW
FindWindowA
SetActiveWindow
GetClassInfoExA
LoadIconA
LoadImageA
RegisterClassExA
FrameRect
CreateDialogParamA
IsDialogMessageA
EnableMenuItem
ShowCursor
OemToCharA
CharToOemBuffA
GetWindowTextA
EndDialog
DrawTextA
SendDlgItemMessageA
SetDlgItemTextA
GetWindowPlacement
GetSystemMetrics
LoadBitmapA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
WaitMessage
PostQuitMessage
UnhookWindowsHookEx
RegisterClipboardFormatA
CreateCursor
CreateIcon
PostMessageW
PeekMessageW
EnumWindows
EnumChildWindows
GetPropA
RemovePropA
SetPropA
SetForegroundWindow
ClipCursor
CallWindowProcA
DefFrameProcA
GetKeyState
GetDlgItem
IsWindow
UnregisterClassA
RegisterClassA
AdjustWindowRect
GetTabbedTextExtentA
TabbedTextOutA
FillRect
CharToOemA
MessageBoxA
wsprintfA
WinHelpA
GetDesktopWindow
SetRect
GetWindowDC
DestroyIcon
GetClassInfoA
AdjustWindowRectEx
GetMenuItemCount
RemoveMenu
GetMenuStringA
GetMenuState
DdePostAdvise
GetCaretPos
CharPrevA
CharNextA
GetUpdateRgn
GetUpdateRect
PtInRect
ChildWindowFromPointEx
ReleaseCapture
SetCapture
InflateRect
GetWindowRect
ClientToScreen
MoveWindow
IsWindowEnabled
IsChild
SetParent
IsIconic
IsZoomed
DefMDIChildProcA
MessageBeep
PeekMessageA
PostMessageA
LoadStringA
AppendMenuA
DestroyMenu
CreatePopupMenu
GetMessageTime
GetMessagePos
DrawFocusRect
CopyAcceleratorTableA
GetWindowRgn
CharUpperA
TranslateMDISysAccel
SubtractRect
IsRectEmpty
InvalidateRgn
InvalidateRect
CopyRect
GetDCEx
IntersectRect
LoadAcceleratorsA
BringWindowToTop
GetWindowThreadProcessId
AttachThreadInput
EqualRect
EnableWindow
SetFocus
SendMessageA
SetWindowsHookExA
GetClassNameA
LoadCursorA
SetCursor
SetWindowLongA
GetWindow
GetFocus
GetKeyboardLayout
GetSystemMenu
CallNextHookEx
GetParent
DestroyWindow
SetWindowTextA
SetWindowPos
UpdateWindow
CreateWindowExA
SystemParametersInfoA
GetCapture
WindowFromPoint
ScreenToClient
SetTimer
IsWindowVisible
ShowWindow
KillTimer
GetDC
ReleaseDC
MapWindowPoints
GetCursorPos
GetCursor
OffsetRect
GetIconInfo
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
GetSysColor
GetActiveWindow
GetWindowLongA
DdeDisconnect
DdeConnect
DdeSetUserHandle
DdeNameService
DdeCreateStringHandleA
DdeUninitialize
DdeInitializeA
DdeFreeStringHandle
DdeQueryConvInfo
DdeQueryStringA
DdeFreeDataHandle
SetScrollRange
SetScrollPos
DrawFrameControl
LockWindowUpdate
CharLowerBuffA
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
GetCaretBlinkTime
SetCaretPos
GetWindowTextLengthA
CreateCaret
ShowCaret
HideCaret
DestroyCaret
GetScrollPos
GetClipboardFormatNameA
DrawTextExA
SetWindowRgn
ToAscii
CreateAcceleratorTableA
DestroyAcceleratorTable
ShowScrollBar
GetScrollInfo
GetLastActivePopup
GetMenuItemInfoA
SetMenuItemInfoA
SetKeyboardState
GetKeyboardState
GetQueueStatus
GetDoubleClickTime
SetWindowContextHelpId
TrackPopupMenu
SetMenuDefaultItem
DrawMenuBar
DeleteMenu
InsertMenuA
GetSubMenu
GetMenuItemID
GetMenu
SetMenu
CreateMenu
ModifyMenuA
CheckMenuItem
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
PostThreadMessageA
VkKeyScanA
CharLowerA
DrawIcon
MessageBoxIndirectA
DialogBoxParamA
IsCharAlphaA
EnumThreadWindows
SetScrollInfo
gdi32
RestoreDC
RealizePalette
SetROP2
SaveDC
GetClipBox
SetWindowOrgEx
ExcludeClipRect
CreateHalftonePalette
GetTextMetricsA
PatBlt
EnumFontsA
TranslateCharsetInfo
GetROP2
SetBrushOrgEx
GetDeviceCaps
GetObjectType
CreatePenIndirect
CreateBrushIndirect
Rectangle
GetStockObject
Arc
LineTo
MoveToEx
Pie
Ellipse
SetStretchBltMode
GetPixel
GetTextExtentPoint32A
SetPixelV
StretchDIBits
GetCurrentObject
TextOutA
GetBkColor
StretchBlt
CreateDIBitmap
CloseMetaFile
SetWindowExtEx
CreateMetaFileA
EndDoc
AbortDoc
StartPage
CreateCompatibleBitmap
StartDocA
CreateDCA
ResetDCA
Escape
ScaleViewportExtEx
SetViewportExtEx
SetMapMode
DeleteMetaFile
PlayMetaFile
SetAbortProc
DeleteEnhMetaFile
PlayEnhMetaFile
CreateICA
GetEnhMetaFileHeader
ScaleWindowExtEx
GetWindowOrgEx
GetPaletteEntries
CreateDIBSection
CloseEnhMetaFile
CreateEnhMetaFileA
LPtoDP
EqualRgn
ExtCreateRegion
GetDIBits
SetTextAlign
GetWindowExtEx
GetViewportExtEx
CopyMetaFileA
CopyEnhMetaFileA
PathToRegion
EndPath
BeginPath
WidenPath
GetTextColor
GetMapMode
SetDIBColorTable
RoundRect
CreateEllipticRgnIndirect
CreateRoundRectRgn
GetSystemPaletteEntries
GetNearestColor
CreateCompatibleDC
SetViewportOrgEx
BitBlt
DeleteDC
IntersectClipRect
OffsetWindowOrgEx
SelectClipRgn
SelectPalette
CreatePalette
PtInRegion
OffsetRgn
ExtSelectClipRgn
CreateRectRgnIndirect
CreateRectRgn
SetRectRgn
CombineRgn
CreateFontIndirectA
GetTextExtentPointA
GetObjectA
GetBitmapBits
SetBkMode
SelectObject
ExtTextOutA
CreateBitmap
CreatePatternBrush
SetTextColor
SetBkColor
CreatePen
CreateHatchBrush
UnrealizeObject
CreateSolidBrush
EndPage
DeleteObject
advapi32
RegQueryInfoKeyA
RegCreateKeyW
RegQueryValueExW
RegEnumValueA
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegDeleteValueA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
ole32
CoTaskMemAlloc
CoTaskMemFree
BindMoniker
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CreateILockBytesOnHGlobal
OleFlushClipboard
OleIsCurrentClipboard
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CreateDataAdviseHolder
CreateOleAdviseHolder
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
OleDoAutoConvert
OleRegGetUserType
OleSaveToStream
ReadClassStg
ReadClassStm
OleConvertIStorageToOLESTREAM
OleConvertOLESTREAMToIStorage
StgIsStorageILockBytes
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleCreateFromData
OleCreateLinkFromData
OleGetIconOfClass
OleGetClipboard
OleSetClipboard
OleCreateLink
OleCreateLinkToFile
OleGetAutoConvert
OleCreateFromFile
CoMarshalInterface
CoUnmarshalInterface
CreateStreamOnHGlobal
StringFromCLSID
StringFromGUID2
CLSIDFromProgID
ProgIDFromCLSID
CoGetClassObject
CoCreateInstance
MkParseDisplayName
CoIsOle1Class
OleQueryLinkFromData
OleQueryCreateFromData
GetClassFile
CreateBindCtx
OleDuplicateData
ReleaseStgMedium
OleSetMenuDescriptor
CoRegisterMessageFilter
OleUninitialize
OleInitialize
CoGetMalloc
OleRegGetMiscStatus
CoCreateGuid
IIDFromString
CoFreeUnusedLibraries
CoDisconnectObject
IsAccelerator
OleIsRunning
OleRun
OleLockRunning
StgCreateDocfile
WriteClassStg
OleSave
StgOpenStorage
OleLoad
CoLockObjectExternal
oleaut32
OleTranslateColor
OleCreatePropertyFrame
VariantInit
VariantClear
SysAllocString
SysFreeString
OleCreateFontIndirect
OleCreatePictureIndirect
SysAllocStringByteLen
OaBuildVersion
SysAllocStringLen
VariantChangeType
SetErrorInfo
CreateErrorInfo
GetErrorInfo
DispGetParam
LoadTypeLi
SysStringByteLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLibEx
UnRegisterTypeLi
LHashValOfNameSys
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
OleLoadPicture
SafeArrayDestroy
VariantCopy
VariantCopyInd
SafeArrayDestroyData
VariantChangeTypeEx
CreateDispTypeInfo
DispGetIDsOfNames
DispInvoke
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
SafeArrayCopy
OleIconToCursor
RevokeActiveObject
SafeArrayAllocDescriptor
SafeArrayDestroyDescriptor
SafeArrayAllocData
SafeArrayLock
SafeArrayUnlock
VarDateFromStr
SysReAllocStringLen
GetActiveObject
VarR8FromStr
VarCyFromI4
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromR8
VarBstrFromDate
VarBstrFromCy
VarI2FromStr
VarI4FromStr
VarI4FromR8
VarR4FromStr
VarCyFromStr
SysReAllocString
LHashValOfNameSysA
SysStringLen
Exports
Exports
BASIC_CLASS_AddRef
BASIC_CLASS_GetIDsOfNames
BASIC_CLASS_Invoke
BASIC_CLASS_QueryInterface
BASIC_CLASS_Release
BASIC_DISPINTERFACE_GetTICount
BASIC_DISPINTERFACE_GetTypeInfo
CopyRecord
CreateIExprSrvObj
DLLGetDocumentation
DllCanUnloadNow
DllFunctionCall
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EVENT_SINK2_AddRef
EVENT_SINK2_Release
EVENT_SINK_AddRef
EVENT_SINK_GetIDsOfNames
EVENT_SINK_Invoke
EVENT_SINK_QueryInterface
EVENT_SINK_Release
EbCreateContext
EbDestroyContext
EbGetErrorInfo
EbGetHandleOfExecutingProject
EbGetObjConnectionCounts
EbGetVBAObject
EbIsProjectOnStack
EbLibraryLoad
EbLibraryUnload
EbLoadRunTime
EbResetProject
EbResetProjectNormal
EbSetContextWorkerThread
GetMem1
GetMem2
GetMem4
GetMem8
GetMemEvent
GetMemNewObj
GetMemObj
GetMemStr
GetMemVar
IID_IVbaHost
MethCallEngine
ProcCallEngine
PutMem1
PutMem2
PutMem4
PutMem8
PutMemEvent
PutMemNewObj
PutMemObj
PutMemStr
PutMemVar
SetMemEvent
SetMemNewObj
SetMemObj
SetMemVar
ThunRTMain
TipCreateInstanceEx
TipCreateInstanceProject2
TipGetAddressOfPredeclaredInstance
TipInvokeMethod
TipInvokeMethod2
TipSetOption
TipUnloadInstance
TipUnloadProject
UserDllMain
VBDllCanUnloadNow
VBDllGetClassObject
VBDllRegisterServer
VBDllUnRegisterServer
VarPtr
Zombie_AddRef
Zombie_GetIDsOfNames
Zombie_GetTypeInfo
Zombie_GetTypeInfoCount
Zombie_Invoke
Zombie_QueryInterface
Zombie_Release
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
__vbaAptOffset
__vbaAryConstruct
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryRebase1Var
__vbaAryRecCopy
__vbaAryRecMove
__vbaAryUnlock
__vbaAryVar
__vbaAryVarVarg
__vbaBoolErrVar
__vbaBoolStr
__vbaBoolVar
__vbaBoolVarNull
__vbaCVarAryUdt
__vbaCastObj
__vbaCastObjVar
__vbaCheckType
__vbaCheckTypeVar
__vbaChkstk
__vbaCopyBytes
__vbaCopyBytesZero
__vbaCyAbs
__vbaCyAdd
__vbaCyErrVar
__vbaCyFix
__vbaCyForInit
__vbaCyForNext
__vbaCyI2
__vbaCyI4
__vbaCyInt
__vbaCyMul
__vbaCyMulI2
__vbaCySgn
__vbaCyStr
__vbaCySub
__vbaCyUI1
__vbaCyVar
__vbaDateR4
__vbaDateR8
__vbaDateStr
__vbaDateVar
__vbaDerefAry
__vbaDerefAry1
__vbaEnd
__vbaErase
__vbaEraseKeepData
__vbaEraseNoPop
__vbaError
__vbaErrorOverflow
__vbaExceptHandler
__vbaExitEachAry
__vbaExitEachColl
__vbaExitEachVar
__vbaExitProc
__vbaFPException
__vbaFPFix
__vbaFPInt
__vbaFailedFriend
__vbaFileClose
__vbaFileCloseAll
__vbaFileLock
__vbaFileOpen
__vbaFileSeek
__vbaFixstrConstruct
__vbaForEachAry
__vbaForEachCollAd
__vbaForEachCollObj
__vbaForEachCollVar
__vbaForEachVar
__vbaFpCDblR4
__vbaFpCDblR8
__vbaFpCSngR4
__vbaFpCSngR8
__vbaFpCmpCy
__vbaFpCy
__vbaFpI2
__vbaFpI4
__vbaFpR4
__vbaFpR8
__vbaFpUI1
__vbaFreeObj
__vbaFreeObjList
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaFreeVarg
__vbaGenerateBoundsError
__vbaGet3
__vbaGet4
__vbaGetFxStr3
__vbaGetFxStr4
__vbaGetOwner3
__vbaGetOwner4
__vbaGosub
__vbaGosubFree
__vbaGosubReturn
__vbaHresultCheck
__vbaHresultCheckNonvirt
__vbaHresultCheckObj
__vbaI2Abs
__vbaI2Cy
__vbaI2ErrVar
__vbaI2ForNextCheck
__vbaI2I4
__vbaI2Sgn
__vbaI2Str
__vbaI2Var
__vbaI4Abs
__vbaI4Cy
__vbaI4ErrVar
__vbaI4ForNextCheck
__vbaI4Sgn
__vbaI4Str
__vbaI4Var
__vbaInStr
__vbaInStrB
__vbaInStrVar
__vbaInStrVarB
__vbaInputFile
__vbaLateIdCall
__vbaLateIdCallLd
__vbaLateIdCallSt
__vbaLateIdNamedCall
__vbaLateIdNamedCallLd
__vbaLateIdNamedCallSt
__vbaLateIdNamedStAd
__vbaLateIdSt
__vbaLateIdStAd
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemCallSt
__vbaLateMemNamedCall
__vbaLateMemNamedCallLd
__vbaLateMemNamedCallSt
__vbaLateMemNamedStAd
__vbaLateMemSt
__vbaLateMemStAd
__vbaLbound
__vbaLdZeroAry
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLenVarB
__vbaLineInputStr
__vbaLineInputVar
__vbaLsetFixstr
__vbaLsetFixstrFree
__vbaMidStmtBstr
__vbaMidStmtBstrB
__vbaMidStmtVar
__vbaMidStmtVarB
__vbaNameFile
__vbaNew
__vbaNew2
__vbaNextEachAry
__vbaNextEachCollAd
__vbaNextEachCollObj
__vbaNextEachCollVar
__vbaNextEachVar
__vbaObjAddref
__vbaObjIs
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaOnGoCheck
__vbaPowerR8
__vbaPrintFile
__vbaPrintObj
__vbaPut3
__vbaPut4
__vbaPutFxStr3
__vbaPutFxStr4
__vbaPutOwner3
__vbaPutOwner4
__vbaR4Cy
__vbaR4ErrVar
__vbaR4ForNextCheck
__vbaR4Sgn
__vbaR4Str
__vbaR4Var
__vbaR8Cy
__vbaR8ErrVar
__vbaR8FixI2
__vbaR8FixI4
__vbaR8ForNextCheck
__vbaR8IntI2
__vbaR8IntI4
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRaiseEvent
__vbaRecAnsiToUni
__vbaRecAssign
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaRedimPreserveVar
__vbaRedimPreserveVar2
__vbaRedimVar
__vbaRedimVar2
__vbaRefVarAry
__vbaResume
__vbaRsetFixstr
__vbaRsetFixstrFree
__vbaSetSystemError
__vbaStopExe
__vbaStr2Vec
__vbaStrAryToAnsi
__vbaStrAryToUnicode
__vbaStrBool
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCompVar
__vbaStrCopy
__vbaStrCy
__vbaStrDate
__vbaStrErrVarCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrLike
__vbaStrMove
__vbaStrR4
__vbaStrR8
__vbaStrTextCmp
__vbaStrTextLike
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarCopy
__vbaStrVarMove
__vbaStrVarVal
__vbaUI1Cy
__vbaUI1ErrVar
__vbaUI1I2
__vbaUI1I4
__vbaUI1Sgn
__vbaUI1Str
__vbaUI1Var
__vbaUbound
__vbaUdtVar
__vbaUnkVar
__vbaVar2Vec
__vbaVarAbs
__vbaVarAdd
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCmpGe
__vbaVarCmpGt
__vbaVarCmpLe
__vbaVarCmpLt
__vbaVarCmpNe
__vbaVarCopy
__vbaVarDateVar
__vbaVarDiv
__vbaVarDup
__vbaVarEqv
__vbaVarErrI4
__vbaVarFix
__vbaVarForInit
__vbaVarForNext
__vbaVarIdiv
__vbaVarImp
__vbaVarIndexLoad
__vbaVarIndexLoadRef
__vbaVarIndexLoadRefLock
__vbaVarIndexStore
__vbaVarIndexStoreObj
__vbaVarInt
__vbaVarLateMemCallLd
__vbaVarLateMemCallLdRf
__vbaVarLateMemCallSt
__vbaVarLateMemSt
__vbaVarLateMemStAd
__vbaVarLike
__vbaVarLikeVar
__vbaVarMod
__vbaVarMove
__vbaVarMul
__vbaVarNeg
__vbaVarNot
__vbaVarOr
__vbaVarPow
__vbaVarSetObj
__vbaVarSetObjAddref
__vbaVarSetUnk
__vbaVarSetUnkAddref
__vbaVarSetVar
__vbaVarSetVarAddref
__vbaVarSub
__vbaVarTextCmpEq
__vbaVarTextCmpGe
__vbaVarTextCmpGt
__vbaVarTextCmpLe
__vbaVarTextCmpLt
__vbaVarTextCmpNe
__vbaVarTextLike
__vbaVarTextLikeVar
__vbaVarTextTstEq
__vbaVarTextTstGe
__vbaVarTextTstGt
__vbaVarTextTstLe
__vbaVarTextTstLt
__vbaVarTextTstNe
__vbaVarTstEq
__vbaVarTstGe
__vbaVarTstGt
__vbaVarTstLe
__vbaVarTstLt
__vbaVarTstNe
__vbaVarVargNofree
__vbaVarXor
__vbaVarZero
__vbaVargObj
__vbaVargObjAddref
__vbaVargParmRef
__vbaVargUnk
__vbaVargUnkAddref
__vbaVargVar
__vbaVargVarCopy
__vbaVargVarMove
__vbaVargVarRef
__vbaVerifyVarObj
__vbaWriteFile
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_allmul
rtBoolFromErrVar
rtBstrFromErrVar
rtCyFromErrVar
rtDecFromVar
rtI2FromErrVar
rtI4FromErrVar
rtR4FromErrVar
rtR8FromErrVar
rtUI1FromErrVar
rtcAbsVar
rtcAnsiValueBstr
rtcAppActivate
rtcAppleScript
rtcArray
rtcAtn
rtcBeep
rtcBstrFromAnsi
rtcBstrFromByte
rtcBstrFromChar
rtcBstrFromError
rtcBstrFromFormatVar
rtcByteValueBstr
rtcCVErrFromVar
rtcCallByName
rtcChangeDir
rtcChangeDrive
rtcCharValueBstr
rtcChoose
rtcCommandBstr
rtcCommandVar
rtcCompareBstr
rtcCos
rtcCreateObject
rtcCreateObject2
rtcCurrentDir
rtcCurrentDirBstr
rtcDDB
rtcDateAdd
rtcDateDiff
rtcDateFromVar
rtcDatePart
rtcDeleteSetting
rtcDir
rtcDoEvents
rtcEndOfFile
rtcEnvironBstr
rtcEnvironVar
rtcErrObj
rtcExp
rtcFV
rtcFileAttributes
rtcFileCopy
rtcFileDateTime
rtcFileLen
rtcFileLength
rtcFileLocation
rtcFileReset
rtcFileSeek
rtcFileWidth
rtcFilter
rtcFixVar
rtcFormatCurrency
rtcFormatDateTime
Sections
.text Size: 1008KB - Virtual size: 1007KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
ENGINE Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 196KB - Virtual size: 195KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 64KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$SYSDIR/VB6KO.DLL.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 98KB - Virtual size: 97KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$SYSDIR/dwsbc80.OCX.dll regsvr32 windows:5 windows x86 arch:x86
c9ec1a52290f09be08b86844f9145fc4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
dwshengine80
ord3000
ord513
ord217
ord305
ord303
ord304
ord306
ord302
ord301
ord202
ord512
kernel32
GlobalAlloc
IsDebuggerPresent
GetModuleFileNameA
GetModuleHandleA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetModuleHandleW
IsDBCSLeadByte
FreeLibrary
LoadLibraryA
LoadLibraryExA
lstrcmpA
GetCurrentProcessId
GlobalFree
GlobalSize
lstrcpyA
lstrcatA
_lclose
WaitForSingleObject
ReleaseMutex
DebugBreak
CreateMutexA
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
OpenFile
GetVersion
IsBadReadPtr
GetPrivateProfileStringA
GetPrivateProfileIntA
_lread
_lwrite
_llseek
FileTimeToDosDateTime
GetFileTime
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GlobalLock
UnhandledExceptionFilter
TerminateProcess
Sleep
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
RaiseException
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
MultiByteToWideChar
GetSystemTimeAsFileTime
WideCharToMultiByte
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrlenA
lstrcmpiA
SizeofResource
LockResource
LoadResource
FindResourceA
MulDiv
GlobalUnlock
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
user32
SetWindowTextA
SendMessageA
GetWindowTextLengthA
GetWindowTextA
EnableWindow
SendDlgItemMessageA
DialogBoxParamA
DestroyIcon
GetParent
PostMessageA
SetRectEmpty
LoadIconA
DrawIconEx
WinHelpA
CreateWindowExA
GetFocus
IsChild
RegisterClassExA
InvalidateRect
GetKeyState
IsWindow
GetDlgCtrlID
EndDialog
SetDlgItemTextA
LoadStringA
CharPrevA
UnregisterClassA
RegisterWindowMessageA
DefWindowProcA
CallWindowProcA
BeginPaint
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
LoadCursorA
GetClassInfoExA
GetDC
ReleaseDC
GetDialogBaseUnits
GetWindowLongA
CharNextW
DestroyWindow
IsDialogMessageA
MoveWindow
UnionRect
PtInRect
CharNextA
wsprintfA
MessageBoxA
CreateDialogParamA
ShowWindow
SetFocus
GetDlgItem
SetDlgItemInt
IsDlgButtonChecked
GetDlgItemInt
CheckDlgButton
SetWindowLongA
GetActiveWindow
gdi32
CloseMetaFile
RestoreDC
SetWindowExtEx
SetWindowOrgEx
SaveDC
CreateMetaFileA
Rectangle
DeleteMetaFile
SetTextColor
GetObjectA
DeleteObject
GetTextExtentPointA
GetTextMetricsA
SelectObject
CreateFontIndirectA
GetDeviceCaps
TextOutA
GetStockObject
CreateRectRgnIndirect
SetTextAlign
advapi32
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
ole32
CoTaskMemFree
CoTaskMemAlloc
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CreateOleAdviseHolder
CoCreateInstance
StringFromGUID2
OleLoadFromStream
WriteClassStm
OleSaveToStream
CoTaskMemRealloc
oleaut32
SysAllocStringLen
OleCreatePropertyFrame
SysAllocStringByteLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantChangeType
SysAllocString
VariantClear
VariantInit
SysStringByteLen
SysStringLen
CreateErrorInfo
SetErrorInfo
SysFreeString
msvcr90
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_initterm_e
_initterm
_encoded_null
??3@YAXPAX@Z
_CxxThrowException
_decode_pointer
??_V@YAXPAX@Z
??_U@YAPAXI@Z
__CxxFrameHandler3
strstr
memcmp
malloc
free
memcpy_s
strcpy_s
wcsncpy_s
strncpy_s
strcat_s
_recalloc
calloc
sprintf_s
_resetstkoflw
??2@YAPAXI@Z
_purecall
strlen
memmove
atol
strcspn
memcpy
?terminate@@YAXXZ
_except_handler4_common
_unlock
_encode_pointer
_lock
_onexit
memset
__dllonexit
_malloc_crt
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 90KB - Virtual size: 89KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$SYSDIR/dwshengine80.dll.dll regsvr32 windows:5 windows x86 arch:x86
f100d2d25a87b6fc145678492da88656
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentProcess
OpenProcess
GetVersionExA
CreateEventA
GetCurrentThreadId
IsBadCodePtr
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
FlushInstructionCache
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
IsDBCSLeadByte
SetLastError
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpyA
IsBadReadPtr
lstrcatA
DuplicateHandle
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
OpenFile
GetVersion
Sleep
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetEvent
GetProcAddress
FreeLibrary
GetModuleHandleA
lstrlenW
IsBadWritePtr
CloseHandle
LoadLibraryA
CreateMutexA
DebugBreak
GetCurrentProcessId
ReleaseMutex
WaitForSingleObject
GetModuleFileNameA
lstrcmpiA
lstrcmpA
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
MapViewOfFile
GetSystemDefaultLangID
TerminateProcess
user32
DestroyWindow
PostMessageA
MessageBeep
FindWindowA
SendMessageA
SetForegroundWindow
GetWindow
SetWindowLongA
DefWindowProcA
SetWindowWord
GetWindowWord
CreateWindowExA
RegisterClassA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowThreadProcessId
SendMessageTimeoutA
GetForegroundWindow
GetWindowLongA
GetClassNameA
GetKeyState
GetGUIThreadInfo
SetWindowLongW
GetWindowLongW
CallWindowProcA
CallWindowProcW
SetRectEmpty
EnumWindows
IsWindowEnabled
UpdateWindow
GetPropA
CharPrevA
LoadStringA
LoadBitmapA
GetDlgCtrlID
GetParent
SetTimer
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
EndDialog
KillTimer
CharUpperA
GetActiveWindow
DialogBoxParamA
CharNextW
CharNextA
RegisterWindowMessageA
GetWindowRect
PtInRect
ScreenToClient
InflateRect
InvalidateRect
OffsetRect
IsWindow
GetClientRect
ClientToScreen
ShowWindow
UnregisterClassA
gdi32
SetTextColor
DeleteObject
CreateFontIndirectA
GetObjectA
advapi32
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
ole32
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
oleaut32
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString
VariantChangeType
SysStringByteLen
VariantClear
VariantInit
SysAllocStringByteLen
msvcr90
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
_itoa_s
atoi
memmove
_recalloc
??_V@YAXPAX@Z
strncpy_s
memcpy_s
strstr
??2@YAPAXI@Z
_resetstkoflw
memset
strcat_s
wcsncpy_s
strcpy_s
_CxxThrowException
free
malloc
memcmp
memcpy
??_U@YAPAXI@Z
__CxxFrameHandler3
??3@YAXPAX@Z
Exports
Exports
ChangeMessageDetect
ConstituentEnable
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetGraphicalControlForPoint
HookWindow
HookWindowsHook
SetHookMode
Spxrvv2
Spxrvv3
UnhookTheWindowsHook
UnhookWindow
VerifySystemHooks
dw2IntegersToDWORD
dw4BytesToDWORD
dwAddFileTimes
dwConvertDoubleToFileTime
dwConvertFileTimeToDouble
dwCopyData
dwCopyDataSpecial
dwDWORDto2Integers
dwDWORDto4Bytes
dwFreeUDT
dwGetAddressForObject
dwGetAddressForVBString
dwGetControlNameByID
dwGetInstance
dwGetPropertyValue
dwGetReturnHlstr
dwGetSpyWorksVersion
dwGetStringFrom2NullBuffer
dwGetStringFromLPSTR
dwGetWndInstance
dwHugeOffset
dwInp
dwInpd
dwInpw
dwIsValidName
dwMakeROP4
dwNegateFileTime
dwOutp
dwOutpd
dwOutpw
dwPOINTStoLong
dwPackUDT
dwPackedUDTSize
dwPrivGetMapping
dwPrivLockMapTest
dwPrivMemTest
dwRegisterUDT
dwSetPropertyValue
dwSubtractFileTimes
dwSwapBytes
dwSwapWords
dwUnpackUDT
dwXAllocateDataFrom
dwXCTSWL
dwXCopyAnsiStringFrom
dwXCopyDataFrom
dwXCopyDataTo
dwXCopyUnicodeStringFrom
dwXFreeDataFrom
dwXGetControlIDForHwnd
dwXGetEditLine
dwXGetHwndControl
dwXGetModuleFileName
dwXGetSpyworksAppID
dwXGetSpyworksFormID
dwXGetVBNames
dwXReleaseSpyworksID
dwXSetForegroundWindow
dwiGetControlExtender
dwiGetControlHwndForName
dwiGetControlNameForHwnd
dwiGetControlNames
dwiGetControlUnknown
dwiGetGraphicalControlForPoint
dwiGetHwndHookList
dwiGetObjectPropertyHelper
dwiGetPrivateInfo
dwiGetProcessHwndList
dwiSetObjectPropertyHelper
dwiShiftGraphicalControl
dwiShiftGraphicalControl2
dwiShiftWindowControl
dwiTest1
Sections
.text Size: 89KB - Virtual size: 89KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
UrlUpdate.exe.exe windows:4 windows x86 arch:x86
4cbf148669482228ddfaf747b9ba50a3
Code Sign
03:5b:15:96:bf:70:ad:7d:b7:fe:31:9a:a3:79:c3:cbCertificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before18-03-2009 00:00Not After18-03-2011 23:59SubjectCN=NetimoCommunications Co\,.Ltd\ ,O=NetimoCommunications Co\,.Ltd\ ,L=Mapo-gu\ ,ST=Seoul,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
urlmon
URLDownloadToFileA
oleaut32
SysAllocString
advapi32
OpenProcessToken
kernel32
GetSystemDirectoryA
GetCurrentProcess
GetTempPathA
RtlMoveMemory
GetPrivateProfileIntA
FileTimeToLocalFileTime
WritePrivateProfileSectionA
FileTimeToSystemTime
FormatMessageA
GetWindowsDirectoryA
MoveFileExA
GetCurrentProcessId
GetLastError
Sleep
SetLastError
SetFileTime
SystemTimeToFileTime
CloseHandle
ExitProcess
GetTempFileNameA
LocalFileTimeToFileTime
GetFullPathNameA
OpenProcess
DeleteFileA
msvbvm60
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaResume
__vbaStrCat
ord553
ord660
__vbaLsetFixstr
__vbaRecDestruct
ord661
__vbaSetSystemError
ord662
__vbaHresultCheckObj
ord557
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
EVENT_SINK2_Release
__vbaBoolStr
__vbaForEachCollObj
__vbaExitProc
ord300
ord595
__vbaObjSet
__vbaOnError
ord302
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord306
ord520
__vbaStrFixstr
ord308
ord309
__vbaRefVarAry
_CIsin
ord631
__vbaNextEachCollObj
ord525
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaDateR8
ord561
__vbaI2I4
DllFunctionCall
ord670
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaExceptHandler
ord711
ord605
__vbaPrintFile
ord712
__vbaStrToUnicode
ord606
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord607
ord530
ord608
ord531
__vbaFPException
__vbaInStrVar
ord533
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaDateVar
__vbaI2Var
__vbaLsetFixstrFree
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord648
__vbaR8Str
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaFreeStrList
ord576
_adj_fdivr_m32
ord577
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
ord610
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaFpI4
ord616
__vbaRecDestructAnsi
_CIatan
__vbaCastObj
ord540
ord618
__vbaAryCopy
__vbaStrMove
ord542
ord543
ord650
_allmul
ord544
ord651
ord545
_CItan
ord546
ord547
__vbaAryUnlock
_CIexp
ord580
__vbaFreeObj
__vbaFreeStr
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
autoup.ini
-
bhocfg.ini
-
bhocode.ini
-
efbbar.dll.dll regsvr32 windows:4 windows x86 arch:x86
f8422f0450fc5da280dfde447fa2d466
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
oleaut32
SysAllocString
urlmon
CoInternetParseUrl
advapi32
RevertToSelf
GetUserNameA
comctl32
InitCommonControlsEx
ole32
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
kernel32
GetProcAddress
GetSystemDirectoryA
GetCurrentProcess
lstrcpyA
GetTempPathA
RtlMoveMemory
GetModuleHandleA
FormatMessageA
LoadLibraryA
GetWindowsDirectoryA
GetCurrentProcessId
FreeLibrary
lstrlenA
CloseHandle
lstrlenW
GetTickCount
user32
MessageBoxA
IsWindow
GetWindowRect
GetWindowTextA
AttachThreadInput
GetWindowLongA
SetForegroundWindow
GetWindowThreadProcessId
GetClassNameA
SetWindowLongA
IsWindowVisible
GetFocus
ShowWindow
BringWindowToTop
GetAsyncKeyState
GetForegroundWindow
GetCursorPos
GetParent
msvbvm60
EVENT_SINK_GetIDsOfNames
__vbaVarSub
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaAptOffset
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaCopyBytes
__vbaResume
__vbaStrCat
ord660
__vbaLsetFixstr
__vbaSetSystemError
ord661
__vbaLenBstrB
__vbaHresultCheckObj
ord662
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
EVENT_SINK2_Release
__vbaVarForInit
__vbaExitProc
__vbaForEachCollObj
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
__vbaBoolVar
__vbaRefVarAry
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaErase
ord632
ord525
__vbaNextEachCollObj
__vbaVarCmpGt
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaExitEachColl
__vbaObjVar
__vbaI2I4
ord561
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
__vbaPrintFile
__vbaStrToUnicode
ord605
ord606
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord607
ord608
ord716
__vbaFPException
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
ord648
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
ord577
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
ord104
ord610
ord105
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI4
__vbaVarLateMemCallLd
__vbaUnkVar
ord616
__vbaVarCopy
__vbaVarTstGe
ord617
__vbaLateMemCallLd
_CIatan
ord618
__vbaAryCopy
ord540
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord650
_allmul
ord651
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 140KB - Virtual size: 137KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
efsbar.dll.dll regsvr32 windows:4 windows x86 arch:x86
070d5ebb721bafb3cf8902887baed7a8
Code Sign
01Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before01-08-1996 00:00Not After31-12-2020 23:59SubjectCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d44:cb:21:0b:f9:87:80:82:c1:6e:e6:6b:2e:c2:64:d8Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before28-07-2009 00:00Not After28-07-2011 23:59SubjectCN=OmniRealityBroadband Co. Ltd.,OU=M&C Team,O=OmniRealityBroadband Co. Ltd.,L=Mapo-gu,ST=Seoul,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
comctl32
InitCommonControlsEx
oleaut32
SysAllocString
urlmon
CoInternetParseUrl
ole32
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
advapi32
RevertToSelf
GetUserNameA
user32
MessageBoxA
IsWindow
CreateWindowExA
GetWindowTextA
FindWindowA
AttachThreadInput
SetForegroundWindow
GetWindowThreadProcessId
DestroyWindow
GetClassNameA
IsWindowVisible
ShowWindow
BringWindowToTop
GetAsyncKeyState
GetForegroundWindow
GetClientRect
kernel32
GetProcAddress
GetSystemDirectoryA
GetCurrentProcess
lstrcpyA
GetTempPathA
RtlMoveMemory
GetModuleHandleA
FormatMessageA
LoadLibraryA
GetWindowsDirectoryA
GetCurrentProcessId
FreeLibrary
lstrlenA
CloseHandle
lstrlenW
GetTickCount
msvbvm60
EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaHresultCheck
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaAptOffset
__vbaLenBstr
__vbaStrVarMove
ord696
__vbaFreeVarList
_adj_fdiv_m64
ord512
EVENT_SINK_Invoke
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
__vbaResume
__vbaStrCat
ord660
__vbaLsetFixstr
ord661
__vbaSetSystemError
__vbaLenBstrB
ord662
__vbaHresultCheckObj
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
EVENT_SINK2_Release
__vbaForEachCollObj
__vbaVarForInit
__vbaExitProc
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
ord520
__vbaVarTstLt
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
ord631
__vbaErase
__vbaNextEachCollObj
__vbaVarCmpGt
ord632
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord529
__vbaExitEachColl
__vbaStrCmp
__vbaVarTstEq
ord561
__vbaObjVar
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
ord711
__vbaPrintFile
ord605
__vbaStrToUnicode
ord712
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaI2Str
ord607
ord608
ord716
__vbaFPException
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
ord537
ord644
ord645
_CIlog
__vbaFileOpen
ord648
__vbaNew2
__vbaVar2Vec
__vbaInStr
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
ord577
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
ord104
ord610
ord105
__vbaLateMemCall
__vbaAryLock
ord320
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaVarTstGe
__vbaVarLateMemCallLd
__vbaUnkVar
ord616
__vbaVarCopy
ord617
__vbaLateMemCallLd
_CIatan
__vbaUI1Str
ord540
__vbaStrMove
ord618
__vbaAryCopy
__vbaCastObj
__vbaStrVarCopy
ord650
_allmul
ord651
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 116KB - Virtual size: 114KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
iewindow.exe.exe windows:4 windows x86 arch:x86
f056f5cb00c3565cbf7ed854854fa8e2
Code Sign
01Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before01-08-1996 00:00Not After31-12-2020 23:59SubjectCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d44:cb:21:0b:f9:87:80:82:c1:6e:e6:6b:2e:c2:64:d8Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before28-07-2009 00:00Not After28-07-2011 23:59SubjectCN=OmniRealityBroadband Co. Ltd.,OU=M&C Team,O=OmniRealityBroadband Co. Ltd.,L=Mapo-gu,ST=Seoul,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
urlmon
CoInternetParseUrl
shlwapi
SHAutoComplete
SHDeleteKeyW
ole32
CLSIDFromString
CoTaskMemFree
oleaut32
OleTranslateColor
gdi32
SelectObject
GetObjectA
GetDeviceCaps
CreateFontIndirectA
CreatePen
MoveToEx
GetStockObject
CreateSolidBrush
LineTo
SetTextColor
DeleteObject
SetBkMode
SetBkColor
user32
SetWindowPos
IsWindow
GetWindowRect
CreateWindowExA
GetWindowTextA
ScreenToClient
FillRect
SetParent
InvalidateRect
AttachThreadInput
GetWindowLongA
SendMessageTimeoutA
GetClassLongA
SetForegroundWindow
SetWindowTextA
GetWindowThreadProcessId
EnableWindow
MoveWindow
FindWindowExA
GetSysColor
DestroyWindow
GetClassNameA
DrawTextA
SetFocus
SetWindowLongA
IsIconic
SendMessageA
ReleaseDC
IsWindowVisible
WindowFromPoint
RegisterWindowMessageA
CopyRect
GetFocus
ShowWindow
keybd_event
BringWindowToTop
GetDC
GetAsyncKeyState
SetClassLongA
GetSysColorBrush
GetForegroundWindow
EqualRect
GetClientRect
GetCursorPos
GetParent
MapWindowPoints
advapi32
RevertToSelf
GetUserNameA
kernel32
GetProcAddress
GetSystemDirectoryA
GlobalUnlock
lstrcpyA
GetTempPathA
RtlMoveMemory
GetPrivateProfileIntA
GlobalFree
GetModuleHandleA
FormatMessageA
LoadLibraryA
GetWindowsDirectoryA
GetCurrentProcessId
FreeLibrary
lstrlenA
Sleep
MulDiv
CloseHandle
lstrlenW
GlobalAlloc
OpenProcess
GetCurrentThreadId
GetExitCodeProcess
TerminateProcess
GlobalLock
msvbvm60
EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
ord696
__vbaFreeVarList
_adj_fdiv_m64
ord512
__vbaAryRecMove
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaResume
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaRecDestruct
__vbaSetSystemError
ord662
__vbaHresultCheckObj
ord557
__vbaLenVar
ord558
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
EVENT_SINK2_Release
ord592
__vbaVarForInit
__vbaForEachCollObj
__vbaExitProc
ord300
ord301
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaVarIndexLoad
ord305
__vbaFpR4
ord306
ord520
__vbaStrFixstr
__vbaForEachCollVar
__vbaBoolVar
ord307
ord309
__vbaRefVarAry
__vbaFpR8
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
__vbaNextEachCollObj
ord525
ord632
__vbaVarCmpGt
__vbaChkstk
__vbaCyVar
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
__vbaExitEachColl
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaNextEachCollVar
__vbaObjVar
ord561
__vbaI2I4
DllFunctionCall
ord563
__vbaVarOr
ord670
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaR4Cy
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
ord601
_CIsqrt
__vbaLateIdCallSt
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaUI1I4
__vbaExceptHandler
ord711
ord313
ord605
ord712
__vbaStrToUnicode
__vbaPrintFile
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaFailedFriend
ord607
ord608
ord716
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord535
__vbaDateVar
__vbaI2Var
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaVarLateMemCallLdRf
__vbaNew2
__vbaInStr
ord648
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaFreeStrList
_adj_fdivr_m32
ord577
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
ord610
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaUnkVar
__vbaVarTstGe
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
ord616
ord617
__vbaRecDestructAnsi
__vbaLateMemCallLd
__vbaR8IntI2
_CIatan
__vbaUI1Str
ord618
__vbaAryCopy
__vbaStrMove
__vbaCastObj
ord540
__vbaI4Cy
__vbaStrVarCopy
ord650
_allmul
__vbaLateIdSt
ord651
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
ord580
__vbaFreeStr
__vbaFreeObj
ord581
Sections
.text Size: 384KB - Virtual size: 380KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
navigator.ico
-
nnlogon.exe.exe windows:4 windows x86 arch:x86
0f6521efe2d57b917abb4225eeeffdc8
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
DeleteCriticalSection
GetModuleFileNameA
InitializeCriticalSection
GetExitCodeProcess
WaitForSingleObject
FormatMessageA
OpenProcess
Process32Next
ProcessIdToSessionId
Process32First
WritePrivateProfileStringA
WriteFile
GetModuleHandleA
GetVersionExA
WTSGetActiveConsoleSessionId
GetLastError
GetPrivateProfileSectionNamesA
lstrcpynA
lstrcmpiA
GetPrivateProfileStringA
Sleep
EnterCriticalSection
GetLocalTime
CreateFileA
GetFileTime
CloseHandle
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
DeleteFileA
CreateToolhelp32Snapshot
LeaveCriticalSection
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
SetFilePointer
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadCodePtr
GetProcAddress
LoadLibraryA
SetEndOfFile
ReadFile
advapi32
LookupPrivilegeValueA
DuplicateTokenEx
SetTokenInformation
AdjustTokenPrivileges
ImpersonateLoggedOnUser
CreateProcessAsUserA
RevertToSelf
StartServiceCtrlDispatcherA
CreateServiceA
DeleteService
RegisterServiceCtrlHandlerExA
SetServiceStatus
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
OpenProcessToken
wtsapi32
WTSQueryUserToken
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
Sections
.text Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
nnlogon.ini
-
ntmEnd.exe.exe windows:4 windows x86 arch:x86
d0fb765084a07b4713899c8666b1c17e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
TerminateProcess
user32
FindWindowA
GetWindowThreadProcessId
GetClassNameA
msvbvm60
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaLsetFixstr
__vbaSetSystemError
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaVarForInit
__vbaExitProc
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
_CIsin
ord525
__vbaChkstk
ord526
ord528
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord670
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
_CIsqrt
__vbaObjIs
__vbaExceptHandler
ord711
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaAryLock
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
__vbaVarLateMemCallLd
__vbaUnkVar
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
__vbaAryCopy
ord618
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
Sections
.text Size: 16KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 972B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ntmurl.dll.dll regsvr32 windows:4 windows x86 arch:x86
3aba9c53cb8b842efe6f51798f0d33af
Code Sign
01Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before01-08-1996 00:00Not After31-12-2020 23:59SubjectCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d44:cb:21:0b:f9:87:80:82:c1:6e:e6:6b:2e:c2:64:d8Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before28-07-2009 00:00Not After28-07-2011 23:59SubjectCN=OmniRealityBroadband Co. Ltd.,OU=M&C Team,O=OmniRealityBroadband Co. Ltd.,L=Mapo-gu,ST=Seoul,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
urlmon
CoInternetParseUrl
ole32
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
kernel32
GetProcAddress
GetSystemDirectoryA
GetCurrentProcess
GetTempPathA
RtlMoveMemory
GetModuleHandleA
FormatMessageA
LoadLibraryA
GetWindowsDirectoryA
GetCurrentProcessId
FreeLibrary
lstrlenA
CloseHandle
lstrlenW
advapi32
RevertToSelf
GetUserNameA
user32
IsWindow
GetWindowTextA
FindWindowA
AttachThreadInput
SendMessageTimeoutA
SetForegroundWindow
GetWindowThreadProcessId
IsWindowUnicode
GetClassNameA
RegisterWindowMessageA
BringWindowToTop
GetForegroundWindow
GetParent
msvbvm60
EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaAptOffset
ord696
__vbaFreeVarList
_adj_fdiv_m64
ord512
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
__vbaStrErrVarCopy
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaResume
__vbaStrCat
ord660
__vbaLsetFixstr
__vbaSetSystemError
ord662
__vbaHresultCheckObj
ord557
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
EVENT_SINK2_Release
__vbaVarForInit
__vbaForEachCollObj
__vbaExitProc
ord300
ord301
ord595
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord305
ord306
ord520
ord307
ord309
__vbaVarTstLt
__vbaRefVarAry
_CIsin
ord709
__vbaErase
ord631
ord632
__vbaNextEachCollObj
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaExitEachColl
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
ord560
__vbaObjVar
ord561
DllFunctionCall
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
ord310
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaStrUI1
__vbaExceptHandler
ord312
ord711
ord313
ord605
__vbaPrintFile
ord712
__vbaStrToUnicode
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord607
__vbaFailedFriend
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord535
__vbaDateVar
__vbaI2Var
__vbaLsetFixstrFree
ord537
ord644
ord645
_CIlog
__vbaFileOpen
__vbaVarLateMemCallLdRf
ord648
__vbaVar2Vec
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
ord577
_adj_fdiv_r
ord685
__vbaVarTstNe
ord101
ord102
__vbaI4Var
ord103
ord104
ord610
ord105
__vbaLateMemCall
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVarLateMemCallLd
__vbaUnkVar
__vbaVarCopy
ord616
ord617
__vbaLateMemCallLd
_CIatan
__vbaUI1Str
ord540
ord618
__vbaAryCopy
__vbaCastObj
__vbaStrMove
__vbaStrVarCopy
ord650
_allmul
ord651
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeStr
__vbaFreeObj
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 124KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ntmurl.exe.exe windows:4 windows x86 arch:x86
36236f3377aa689f7f81d6f5aac47359
Code Sign
01Certificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before01-08-1996 00:00Not After31-12-2020 23:59SubjectCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d44:cb:21:0b:f9:87:80:82:c1:6e:e6:6b:2e:c2:64:d8Certificate
IssuerCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZANot Before28-07-2009 00:00Not After28-07-2011 23:59SubjectCN=OmniRealityBroadband Co. Ltd.,OU=M&C Team,O=OmniRealityBroadband Co. Ltd.,L=Mapo-gu,ST=Seoul,C=KRExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
0aCertificate
IssuerCN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6dNot Before06-08-2003 00:00Not After05-08-2013 23:59SubjectCN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZAExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
urlmon
URLDownloadToFileA
shlwapi
SHDeleteKeyW
advapi32
RevertToSelf
GetUserNameA
ole32
CLSIDFromString
CoTaskMemFree
kernel32
GetProcAddress
GetSystemDirectoryA
lstrcpyA
GetTempPathA
RtlMoveMemory
GetPrivateProfileIntA
CopyFileA
GetModuleHandleA
FormatMessageA
LoadLibraryA
GetWindowsDirectoryA
GetCurrentProcessId
FreeLibrary
lstrlenA
Sleep
CloseHandle
ExitProcess
lstrlenW
OpenProcess
GetExitCodeProcess
TerminateProcess
user32
GetWindowTextA
FindWindowA
AttachThreadInput
GetWindowLongA
SetForegroundWindow
GetWindowThreadProcessId
IsWindowUnicode
GetClassNameA
SetWindowLongA
SystemParametersInfoA
SendMessageA
RegisterWindowMessageA
BringWindowToTop
SetTimer
GetForegroundWindow
KillTimer
msvbvm60
EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaHresultCheck
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLineInputStr
__vbaLenBstr
ord696
__vbaFreeVarList
_adj_fdiv_m64
__vbaAryRecMove
ord512
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord660
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaNameFile
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
EVENT_SINK2_Release
__vbaForEachCollObj
__vbaVarForInit
__vbaExitProc
ord301
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaBoolVar
__vbaStrFixstr
ord307
__vbaRefVarAry
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
__vbaNextEachCollObj
__vbaVarZero
ord632
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner3
ord560
ord561
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord670
__vbaFpUI1
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaExceptHandler
ord711
__vbaPrintFile
ord605
ord712
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
ord717
ord532
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
ord573
EVENT_SINK2_AddRef
__vbaI4Str
ord681
__vbaFreeStrList
ord576
_adj_fdivr_m32
ord577
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
ord610
__vbaLateMemCall
__vbaAryLock
__vbaFreeVarg
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaUnkVar
ord616
__vbaR8IntI2
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaCastObj
ord540
__vbaUI1Str
ord618
__vbaAryCopy
__vbaStrMove
__vbaStrVarCopy
ord650
_allmul
ord651
_CItan
ord546
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaI4ErrVar
ord580
__vbaFreeStr
__vbaFreeObj
ord581
Sections
.text Size: 196KB - Virtual size: 195KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
sslaunch.dll.dll windows:4 windows x86 arch:x86
6ffa5f5d1228a2c4756bfa1b12af339a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
WaitForSingleObject
FormatMessageA
GetLastError
OpenProcess
GetExitCodeProcess
ProcessIdToSessionId
Process32First
CreateToolhelp32Snapshot
GetLocalTime
CreateFileA
GetFileTime
CloseHandle
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
Process32Next
DeleteFileA
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
HeapFree
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
FlushFileBuffers
SetFilePointer
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
ReadFile
advapi32
LookupPrivilegeValueA
DuplicateTokenEx
SetTokenInformation
AdjustTokenPrivileges
ImpersonateLoggedOnUser
CreateProcessAsUserA
RevertToSelf
OpenProcessToken
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
wtsapi32
WTSQueryUserToken
Exports
Exports
LaunchAppIntoSession
Sections
.text Size: 28KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 928B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tagstemp.mdb
-
uninst.exe.exe windows:4 windows x86 arch:x86
7fa974366048f9c551ef45714595665e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 151KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
2017f2acbdaa42ab3e4adeb8b4c37e7b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 520B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
urld.exe.exe windows:4 windows x86 arch:x86
24b7b93ba1d4e1764f7271f7486e9cb0
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
urlmon
URLDownloadToFileA
kernel32
GetTempPathA
GetTempFileNameA
msvbvm60
_CIcos
_adj_fptan
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaAryConstruct2
DllFunctionCall
ord670
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
__vbaRecUniToAnsi
_CIsqrt
__vbaExceptHandler
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFPException
__vbaUbound
__vbaStrVarVal
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaAryLock
__vbaStrToAnsi
__vbaFpI4
ord616
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr
__vbaFreeObj
Sections
.text Size: 12KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 892B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ