p:\p\agents\hpac4.eem\recipes\662730680\base\googleclient\picasa39-stable\NSIS_Unicode\Plugins\NSIS_Picasa_Unicode.pdb
Overview
overview
4Static
static
34eced79ab0...02.exe
windows7-x64
34eced79ab0...02.exe
windows10-2004-x64
3$PLUGINSDI...de.dll
windows7-x64
3$PLUGINSDI...de.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$SYSDIR/GPhotos.scr
windows7-x64
1$SYSDIR/GPhotos.scr
windows10-2004-x64
1$TEMP/Pica...sg.dll
windows7-x64
1$TEMP/Pica...sg.dll
windows10-2004-x64
1$TEMP/Pica...st.exe
windows7-x64
1$TEMP/Pica...st.exe
windows10-2004-x64
1$TEMP/Pica...vc.exe
windows7-x64
1$TEMP/Pica...vc.exe
windows10-2004-x64
1$TEMP/Pica...om.sys
windows7-x64
1$TEMP/Pica...om.sys
windows10-2004-x64
1$TEMP/Pica...i2.dll
windows7-x64
1$TEMP/Pica...i2.dll
windows10-2004-x64
1$TEMP/Pica...fs.dll
windows7-x64
1$TEMP/Pica...fs.dll
windows10-2004-x64
1$TEMP/Pica...om.dll
windows7-x64
1$TEMP/Pica...om.dll
windows10-2004-x64
1$TEMP/Pica...te.exe
windows7-x64
4$TEMP/Pica...te.exe
windows10-2004-x64
4$TEMP/Pica...pi.dll
windows7-x64
1$TEMP/Pica...pi.dll
windows10-2004-x64
1$TEMP/Pica...om.sys
windows7-x64
1$TEMP/Pica...om.sys
windows10-2004-x64
1$TEMP/Pica...i2.dll
windows7-x64
1$TEMP/Pica...i2.dll
windows10-2004-x64
1Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4eced79ab0c6c9ae5caf57c953a3ecc0eed3d6858e8c6084d7a8aa0db4e8b202.exe
Resource
win7-20240220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
4eced79ab0c6c9ae5caf57c953a3ecc0eed3d6858e8c6084d7a8aa0db4e8b202.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/NSIS_Picasa_Unicode.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/NSIS_Picasa_Unicode.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral9
Sample
$SYSDIR/GPhotos.scr
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
$SYSDIR/GPhotos.scr
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral11
Sample
$TEMP/PicasaInstaller/spmsg.dll
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral12
Sample
$TEMP/PicasaInstaller/spmsg.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral13
Sample
$TEMP/PicasaInstaller/spuninst.exe
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral14
Sample
$TEMP/PicasaInstaller/spuninst.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral15
Sample
$TEMP/PicasaInstaller/spupdsvc.exe
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral16
Sample
$TEMP/PicasaInstaller/spupdsvc.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral17
Sample
$TEMP/PicasaInstaller/srv2k3/cdrom.sys
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral18
Sample
$TEMP/PicasaInstaller/srv2k3/cdrom.sys
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral19
Sample
$TEMP/PicasaInstaller/srv2k3/imapi2.dll
Resource
win7-20240419-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral20
Sample
$TEMP/PicasaInstaller/srv2k3/imapi2.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral21
Sample
$TEMP/PicasaInstaller/srv2k3/imapi2fs.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral22
Sample
$TEMP/PicasaInstaller/srv2k3/imapi2fs.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral23
Sample
$TEMP/PicasaInstaller/update/spcustom.dll
Resource
win7-20240611-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral24
Sample
$TEMP/PicasaInstaller/update/spcustom.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral25
Sample
$TEMP/PicasaInstaller/update/update.exe
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral26
Sample
$TEMP/PicasaInstaller/update/update.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral27
Sample
$TEMP/PicasaInstaller/update/updspapi.dll
Resource
win7-20240611-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral28
Sample
$TEMP/PicasaInstaller/update/updspapi.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral29
Sample
$TEMP/PicasaInstaller/winxp/cdrom.sys
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral30
Sample
$TEMP/PicasaInstaller/winxp/cdrom.sys
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral31
Sample
$TEMP/PicasaInstaller/winxp/imapi2.dll
Resource
win7-20240220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral32
Sample
$TEMP/PicasaInstaller/winxp/imapi2.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
4eced79ab0c6c9ae5caf57c953a3ecc0eed3d6858e8c6084d7a8aa0db4e8b202
-
Size
8.2MB
-
MD5
7f9f09bb4fa39b6a5e8d8d918fc37a51
-
SHA1
bac612116ae876dfbb88cb4c5bf4ab6eb0cd6bd3
-
SHA256
4eced79ab0c6c9ae5caf57c953a3ecc0eed3d6858e8c6084d7a8aa0db4e8b202
-
SHA512
829caf02202d5c30d65a4d2224d7bf429139bd7f98c779a0c6279e7a3285a9b9402e0c6591f307f8c7534549ab0efd9ec62221c4e8621e52564f5105c3cb0612
-
SSDEEP
196608:KqCaX5HH/VsK+pbdE0MBIvxMVWfLc/1MNUsZAyAUEW5ThzQxeVKH/fT:KqCaXpKpxSI566vZAeEEThUu4
Score
3/10
Malware Config
Signatures
-
Unsigned PE 11 IoCs
Checks for missing Authenticode signature.
resource 4eced79ab0c6c9ae5caf57c953a3ecc0eed3d6858e8c6084d7a8aa0db4e8b202 unpack001/$PLUGINSDIR/NSIS_Picasa_Unicode.dll unpack001/$PLUGINSDIR/System.dll unpack001/$PLUGINSDIR/nsDialogs.dll unpack001/$SYSDIR/GPhotos.scr unpack001/$TEMP/PicasaInstaller/srv2k3/cdrom.sys unpack001/$TEMP/PicasaInstaller/srv2k3/imapi2.dll unpack001/$TEMP/PicasaInstaller/srv2k3/imapi2fs.dll unpack001/$TEMP/PicasaInstaller/winxp/cdrom.sys unpack001/$TEMP/PicasaInstaller/winxp/imapi2.dll unpack001/$TEMP/PicasaInstaller/winxp/imapi2fs.dll
Files
-
4eced79ab0c6c9ae5caf57c953a3ecc0eed3d6858e8c6084d7a8aa0db4e8b202.exe windows:4 windows x86 arch:x86
fa87d05da8cd992552ea846b6a9a1bb2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
GetUserDefaultLCID
user32
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
GetClassInfoW
ScreenToClient
SystemParametersInfoW
RegisterClassW
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CreateWindowExW
CharNextW
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject
shell32
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation
advapi32
RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
Sections
.text Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 409KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 1.5MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/NSIS_Picasa_Unicode.dll.dll windows:4 windows x86 arch:x86
dd4d4b4320a71ab0c16c5077ded3ee8a
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
sti
StiCreateInstanceW
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
kernel32
lstrcpynW
MultiByteToWideChar
GlobalFree
GetLastError
GetProcAddress
FindFirstFileW
FindClose
LoadLibraryW
RemoveDirectoryW
GetLocaleInfoW
CreateProcessW
MoveFileExW
Sleep
lstrcatW
FindNextFileW
GetVersionExW
CreateDirectoryW
GetFileAttributesW
GetUserDefaultLCID
WaitForSingleObject
CreateFileW
CloseHandle
GetVersion
DeleteFileW
GetCommandLineW
GetModuleHandleW
lstrcpyW
GetPrivateProfileStringW
OpenProcess
GetExitCodeProcess
TerminateProcess
OpenMutexA
GetModuleHandleA
GetCurrentProcessId
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
WideCharToMultiByte
GlobalAlloc
HeapSize
CreateFileA
InitializeCriticalSection
WritePrivateProfileStringW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetConsoleCP
FreeEnvironmentStringsW
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
ExitProcess
WriteFile
GetModuleFileNameA
ReadFile
FreeEnvironmentStringsA
GetEnvironmentStrings
SetStdHandle
user32
MapWindowPoints
GetClassNameA
EnumWindows
GetWindowLongW
FindWindowA
MoveWindow
FindWindowExW
GetWindowRect
CreateWindowExW
MessageBoxW
SendMessageW
wsprintfW
GetDlgItem
SetWindowLongW
GetClientRect
CallWindowProcW
DestroyWindow
advapi32
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
shell32
SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW
ole32
CoCreateInstance
Exports
Exports
TokenizeVersionString
addlink
appopencheck
closelink
distrocheck
fixshortcuts
getlicenselangco
installdircheck
movenextbutton
ntusercheck
resizeokbutton
setie7registry
stiregister
stiseticon
uninstall
upgradedirectory
upgradewindow
versioncheck
Sections
.text Size: 72KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:5 windows x86 arch:x86
6c41c5e4d44f55745b925cc4e42b7fab
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary
user32
wsprintfW
ole32
CLSIDFromString
StringFromGUID2
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 899B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 574B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/modern-wizard.bmp
-
$PLUGINSDIR/nsDialogs.dll.dll windows:5 windows x86 arch:x86
9ea5bdc8c90dfcffe309465c26c89758
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree
user32
LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW
gdi32
SetTextColor
shell32
SHGetPathFromIDListW
SHBrowseForFolderW
comdlg32
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
ole32
CoTaskMemFree
Exports
Exports
Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 590B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$SYSDIR/GPhotos.scr.exe windows:4 windows x86 arch:x86
8fb60ab5ea73162c8708c2b7e5a510ee
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
p:\p\agents\hpac4.eem\recipes\662730680\base\googleclient\picasa39-stable\build\GPhotos.pdb
Imports
comctl32
ImageList_Destroy
ImageList_Create
ImageList_Add
InitCommonControlsEx
PropertySheetW
CreatePropertySheetPageW
PropertySheetA
CreatePropertySheetPageA
psapi
GetModuleFileNameExA
GetModuleBaseNameA
EnumProcesses
EnumProcessModules
rasapi32
RasEnumEntriesA
wininet
InternetConnectA
InternetSetStatusCallback
InternetGetConnectedState
InternetQueryOptionA
InternetCloseHandle
InternetGetConnectedStateEx
InternetSetOptionA
HttpSendRequestExA
InternetCrackUrlA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetErrorDlg
InternetOpenA
InternetReadFile
HttpEndRequestA
HttpOpenRequestA
HttpSendRequestA
InternetGetCookieExA
InternetWriteFile
kernel32
GetACP
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEvent
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
InterlockedCompareExchange
CloseHandle
GetLastError
GetCurrentProcess
CreateEventA
ExpandEnvironmentStringsA
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
LoadResource
SizeofResource
GetModuleFileNameA
FindResourceA
OpenProcess
GetProcAddress
lstrcmpiA
ReadProcessMemory
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
lstrlenW
FreeLibrary
CreateThread
RaiseException
IsDBCSLeadByte
GetCommandLineA
Sleep
GetModuleHandleA
lstrlenA
GetCurrentProcessId
TerminateProcess
ExitProcess
SetThreadAffinityMask
GetCurrentThread
CreateFileA
GetDevicePowerState
GetProcessTimes
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
GetCPInfo
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
HeapCreate
HeapDestroy
GetFileType
GetStartupInfoA
GetVersionExA
UnhandledExceptionFilter
GetSystemPowerStatus
GetTickCount
LoadLibraryA
SetStdHandle
ExitThread
RtlUnwind
HeapReAlloc
VirtualProtect
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetThreadLocale
SearchPathA
GetSystemTimeAsFileTime
Module32Next
Module32First
CreateToolhelp32Snapshot
GetSystemDefaultLCID
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemInfo
FindClose
FlushFileBuffers
SetEndOfFile
SetFilePointer
VirtualAlloc
VirtualFree
ReadFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetDriveTypeA
GetTempPathA
GetTempPathW
LockResource
QueryPerformanceFrequency
CompareFileTime
GetLocaleInfoA
SystemTimeToFileTime
GlobalLock
GlobalAlloc
GlobalUnlock
lstrcmpA
SetLastError
MulDiv
FlushInstructionCache
DisableThreadLibraryCalls
GlobalFree
WriteFile
GetStringTypeA
LocalFree
GetTimeZoneInformation
OutputDebugStringA
FormatMessageA
QueryPerformanceCounter
GetFileSize
LCMapStringW
GetUserDefaultLCID
DebugBreak
FindFirstFileW
LoadLibraryW
FindFirstFileA
CreateDirectoryW
LoadLibraryExW
CreateDirectoryExW
FindFirstFileExW
GetDateFormatA
FindFirstFileExA
SetFileAttributesA
GetTimeFormatA
FindNextFileW
GetFileAttributesExA
FindNextFileA
RemoveDirectoryA
GetShortPathNameW
GetShortPathNameA
CopyFileW
CreateFileW
MoveFileW
SetFileAttributesW
MoveFileExW
GetFileAttributesExW
CopyFileA
CreateProcessA
CreateDirectoryA
GetDateFormatW
MoveFileA
GetTimeFormatW
CreateDirectoryExA
RemoveDirectoryW
MoveFileExA
CopyFileExW
MoveFileWithProgressW
CreateProcessW
GetVersion
CopyFileExA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
MoveFileWithProgressA
CompareStringW
CompareStringA
GetFileAttributesW
GetModuleFileNameW
GetFileAttributesA
DeleteFileW
GetModuleHandleW
DeleteFileA
InterlockedExchange
TerminateThread
SetThreadPriority
GetThreadPriority
WaitForMultipleObjects
SetErrorMode
GetLongPathNameW
GetLongPathNameA
GetSystemDirectoryA
SetCurrentDirectoryA
GetDiskFreeSpaceExA
VirtualQuery
TzSpecificLocalTimeToSystemTime
user32
GetScrollBarInfo
IsWindowEnabled
CreateDialogIndirectParamA
DrawTextW
CharNextA
PostThreadMessageA
GetMessageA
DispatchMessageA
SetParent
EnumChildWindows
ShowWindow
GetKeyState
MoveWindow
PostMessageA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SendMessageA
DestroyWindow
DestroyAcceleratorTable
GetFocus
SetWindowPos
RegisterClassExA
FillRect
SetPropA
RemovePropA
BeginPaint
EndPaint
GetClassNameA
InvalidateRect
GetSysColor
CreateAcceleratorTableA
InvalidateRgn
ClientToScreen
ReleaseCapture
ScreenToClient
GetWindow
SetWindowTextA
IsChild
GetWindowTextLengthA
RedrawWindow
GetClassInfoExA
SetCapture
LoadCursorA
DialogBoxIndirectParamA
GetWindowRect
IsWindowVisible
GetPropA
GetWindowTextLengthW
GetWindowTextW
FlashWindowEx
SetActiveWindow
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
AppendMenuW
MessageBoxW
GetMenuItemInfoA
SetWindowLongW
GetWindowLongW
CallWindowProcW
RegisterClassW
UnregisterClassA
UnregisterClassW
GetClassInfoA
SetMenuItemInfoA
SetClassLongW
SetClassLongA
SetWindowTextW
InsertMenuItemA
DialogBoxParamW
SendMessageW
AppendMenuA
SetDlgItemTextW
DefWindowProcW
MessageBoxA
CreateDialogParamW
CreateWindowExW
CreateDialogParamA
IsIconic
DefWindowProcA
EnumThreadWindows
GetActiveWindow
MessageBeep
TranslateAcceleratorA
MsgWaitForMultipleObjects
GetAsyncKeyState
GetCursor
ShowCursor
IsDialogMessageA
DialogBoxIndirectParamW
FindWindowExA
GetTopWindow
UpdateWindow
AdjustWindowRectEx
GetMenu
GetClassLongA
KillTimer
SetTimer
GetDlgItem
EnableWindow
SetFocus
LoadBitmapA
GetMessagePos
MapWindowPoints
GetSystemMetrics
GetDC
ReleaseDC
FindWindowA
RegisterWindowMessageA
RegisterClassA
CreateWindowExA
TranslateMessage
PeekMessageA
DialogBoxParamA
IsWindow
SetCursor
PostQuitMessage
GetCursorPos
SystemParametersInfoA
GetClientRect
SetDlgItemTextA
CallNextHookEx
SetWindowsHookExA
LoadIconA
UnhookWindowsHookEx
GetUserObjectInformationA
GetThreadDesktop
CheckDlgButton
IsDlgButtonChecked
GetForegroundWindow
AllowSetForegroundWindow
GetParent
GetDesktopWindow
EndDialog
EnumWindows
SetForegroundWindow
GetWindowTextA
GetWindowModuleFileNameA
gdi32
GetTextExtentPoint32A
ExtTextOutA
TextOutA
GetTextExtentPoint32W
SelectObject
GetDeviceCaps
GetObjectA
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
GetTextMetricsA
TextOutW
ExtTextOutW
CreateFontIndirectA
CreatePen
Rectangle
CreateDIBSection
GetICMProfileA
SetBkMode
GetGlyphOutlineW
GetGlyphOutlineA
GetKerningPairsA
GetStockObject
GetClipBox
DeleteObject
advapi32
RegUnLoadKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueA
CryptReleaseContext
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptDecrypt
DeregisterEventSource
ReportEventA
RegisterEventSourceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegLoadKeyA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegEnumKeyExA
ole32
OleUninitialize
OleInitialize
OleLockRunning
CLSIDFromString
CoGetClassObject
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoInitializeEx
CoCreateGuid
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
oleaut32
SysFreeString
LoadRegTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
VarDateFromStr
VarBstrCat
OleCreateFontIndirect
VariantInit
SysAllocStringLen
SysStringByteLen
VariantClear
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
VarUI4FromStr
SysStringLen
mscms
GetColorDirectoryA
shlwapi
SHDeleteValueA
SHDeleteKeyA
urlmon
FindMimeFromData
CoInternetGetSession
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
ws2_32
gethostbyname
comdlg32
GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW
shell32
DragQueryFileA
SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHBrowseForFolderA
DragQueryFileW
SHFileOperationW
ShellExecuteExA
SHGetFileInfoW
SHGetFileInfoA
ShellExecuteA
SHGetSpecialFolderPathW
Shell_NotifyIconA
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW
SHGetPathFromIDListW
SHFileOperationA
SHGetMalloc
SHBrowseForFolderW
Exports
Exports
JSON_parser_char
JSON_parser_done
JSON_parser_is_legal_white_space_string
delete_JSON_parser
init_JSON_config
new_JSON_parser
Sections
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 424KB - Virtual size: 422KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 92KB - Virtual size: 210KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/PicasaInstaller/spmsg.dll.dll windows:5 windows x86 arch:x86
Code Sign
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before04/12/2003, 00:00Not After03/12/2008, 23:59SubjectCN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10/01/1997, 07:00Not After31/12/2020, 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before04/04/2006, 17:44Not After26/04/2012, 07:00SubjectCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
61:46:9e:cb:00:04:00:00:00:65Certificate
IssuerCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/04/2006, 19:43Not After04/10/2007, 19:53SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
5b:e0:42:c5:97:92:d2:a3:f3:f1:6f:84:2c:9a:ce:81:fb:43:5c:daSigner
Actual PE Digest5b:e0:42:c5:97:92:d2:a3:f3:f1:6f:84:2c:9a:ce:81:fb:43:5c:daDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/PicasaInstaller/spuninst.exe.exe .vbs windows:5 windows x86 arch:x86 polyglot
7e70b13b1b3b9a3dfbb06b778dced783
Code Sign
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before04/12/2003, 00:00Not After03/12/2008, 23:59SubjectCN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10/01/1997, 07:00Not After31/12/2020, 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before04/04/2006, 17:44Not After26/04/2012, 07:00SubjectCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
61:46:9e:cb:00:04:00:00:00:65Certificate
IssuerCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/04/2006, 19:43Not After04/10/2007, 19:53SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
d1:0d:93:d2:b5:86:e2:01:0d:61:a5:a1:f2:66:a4:71:64:23:d5:0fSigner
Actual PE Digestd1:0d:93:d2:b5:86:e2:01:0d:61:a5:a1:f2:66:a4:71:64:23:d5:0fDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
spuninst.pdb
Imports
comctl32
CreatePropertySheetPageW
PropertySheetW
user32
GetWindow
EnumWindowStationsA
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
GetWindowThreadProcessId
wvsprintfW
EnableWindow
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
MessageBoxW
FindWindowExA
CloseDesktop
EnumWindows
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
CloseWindowStation
LoadIconA
MessageBoxA
SetDlgItemTextA
DialogBoxParamA
SetWindowTextA
DialogBoxParamW
KillTimer
CheckDlgButton
SetTimer
IsDlgButtonChecked
SetDlgItemTextW
DestroyWindow
EnumDesktopsA
SendDlgItemMessageA
ShowWindow
SendMessageA
GetDlgItem
LoadStringW
LoadStringA
EndDialog
SetForegroundWindow
SendMessageW
PostMessageA
SetWindowTextW
SetWindowLongA
GetWindowLongA
GetWindowTextA
GetParent
ntdll
RtlUnwind
strrchr
_strcmpi
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlUnicodeStringToAnsiString
strncat
_itoa
_chkstk
wcslen
wcscpy
_snwprintf
strtoul
_stricmp
_snprintf
strncpy
strchr
sprintf
_strnicmp
strstr
_vsnprintf
NtQueryVirtualMemory
ole32
CoUninitialize
CoInitialize
updspapi
UpdSpGetLineByIndexA
UpdSpGetFieldCount
UpdSpGetLineCountA
UpdSpSetDynamicStringA
UpdSpGetTargetPathA
UpdSpCopyErrorA
UpdSpPromptForDiskA
UpdSpSetDirectoryIdA
UpdSpGetSourceInfoA
UpdSpOpenFileQueue
UpdSpInstallFilesFromInfSectionA
UpdSpInitDefaultQueueCallbackEx
UpdSpScanFileQueueA
UpdSpDefaultQueueCallbackW
UpdSpDefaultQueueCallbackA
UpdSpInstallFromInfSectionA
UpdSpOpenAppendInfFileA
UpdSpDecompressOrCopyFileA
UpdSpGetLineTextW
UpdSpGetIntField
UpdSpCloseInfFile
UpdSpGetBinaryField
UpdSpGetLineTextA
UpdSpGetTargetPathW
UpdSpGetStringFieldW
UpdSpOpenInfFileA
UpdSpFindFirstLineA
UpdSpGetStringFieldA
UpdSpFindNextLine
UpdSpGetMultiSzFieldW
UpdSpFindFirstLineW
UpdSpCommitFileQueueA
UpdSpFindNextMatchLineW
msvcrt
wcscmp
toupper
strspn
atol
strpbrk
_close
_read
_open
mbstowcs
getenv
_ultoa
_wtoi64
_wcsicmp
swprintf
wcstoul
exit
_itow
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
calloc
isdigit
memmove
strcspn
malloc
free
_mbslwr
_strdup
strtok
_vsnwprintf
_lseek
advapi32
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
OpenServiceW
EnumServicesStatusExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyA
InitiateSystemShutdownA
AbortSystemShutdownA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
GetFileSecurityA
LockServiceDatabase
QueryServiceConfigA
ChangeServiceConfigA
UnlockServiceDatabase
GetNamedSecurityInfoA
SetNamedSecurityInfoA
FreeSid
AdjustTokenPrivileges
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
RegQueryValueExW
EnumDependentServicesA
OpenSCManagerA
StartServiceA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetServiceDisplayNameA
ControlService
SetFileSecurityA
RegCreateKeyExA
RegRestoreKeyA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
kernel32
DelayLoadFailureHook
DeleteFileA
GetStartupInfoA
CreateProcessW
DeleteFileW
MapViewOfFile
DuplicateHandle
GetSystemDefaultLangID
GetModuleFileNameW
ReleaseMutex
CopyFileW
GetWindowsDirectoryW
GetTempFileNameW
lstrlenW
VirtualFree
GetVersionExW
ExpandEnvironmentStringsW
SearchPathW
lstrcpyW
lstrcpynW
GetDriveTypeW
GetLocalTime
OpenEventA
GetTempFileNameA
CreateFileW
SetEndOfFile
InterlockedIncrement
OpenProcess
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
CreateEventA
CreateEventW
lstrcmpiA
QueryDosDeviceA
DefineDosDeviceA
lstrcmpA
LoadLibraryW
lstrcmpiW
FormatMessageW
GetFileSize
LocalFree
LocalAlloc
CreateFileMappingA
MapViewOfFileEx
FindResourceA
LoadResource
UnmapViewOfFile
ReadFile
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
FindClose
DeviceIoControl
GetSystemDirectoryA
GetDiskFreeSpaceA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
FreeLibrary
GetVersionExA
GetSystemInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentVariableA
CreateMutexA
SetUnhandledExceptionFilter
FormatMessageA
lstrcpynA
lstrcpyA
SetEvent
WaitForSingleObject
GetModuleHandleA
CreateThread
GetCurrentProcess
GetWindowsDirectoryA
SetCurrentDirectoryA
LoadLibraryA
Sleep
VirtualAlloc
WideCharToMultiByte
CopyFileA
SetFileAttributesA
MultiByteToWideChar
GetProcAddress
SetFilePointer
CreateFileA
WriteFile
CloseHandle
RemoveDirectoryA
MoveFileExA
lstrlenA
GetFullPathNameA
ExitProcess
SetLastError
GetModuleFileNameA
SetEnvironmentVariableA
GetFileAttributesA
MoveFileA
GetLastError
gdi32
GetObjectA
CreateFontIndirectA
shell32
SHGetSpecialFolderPathA
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
psapi
GetModuleFileNameExA
userenv
ord119
ord138
ord121
rpcrt4
UuidFromStringA
imagehlp
EnumerateLoadedModules64
Sections
.text Size: 162KB - Virtual size: 162KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 398KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/PicasaInstaller/spupdsvc.exe.exe windows:5 windows x86 arch:x86
e206a5499fa29af0ec1b23f008ea51f7
Code Sign
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before04/12/2003, 00:00Not After03/12/2008, 23:59SubjectCN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10/01/1997, 07:00Not After31/12/2020, 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before04/04/2006, 17:44Not After26/04/2012, 07:00SubjectCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
61:46:9e:cb:00:04:00:00:00:65Certificate
IssuerCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/04/2006, 19:43Not After04/10/2007, 19:53SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
e9:d7:8b:f7:b4:65:35:bd:af:ca:1a:dd:5d:d7:41:53:99:a5:5e:8fSigner
Actual PE Digeste9:d7:8b:f7:b4:65:35:bd:af:ca:1a:dd:5d:d7:41:53:99:a5:5e:8fDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
spupdsvc.pdb
Imports
advapi32
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyW
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
DeleteService
OpenServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
ntdll
RtlUnwind
_wcsicmp
_snwprintf
wcsncpy
wcschr
wcscpy
wcsrchr
NtQuerySystemInformation
sprintf
_vsnprintf
NtQueryVirtualMemory
setupapi
SetupCloseInfFile
SetupGetLineTextW
SetupFindFirstLineW
SetupOpenInfFileW
SetupFindNextLine
msvcrt
_initterm
__wgetmainargs
exit
_controlfp
_XcptFilter
_exit
_c_exit
free
malloc
wprintf
printf
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_cexit
__setusermatherr
__winitenv
kernel32
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
DeleteFileW
GetVersionExW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetFileAttributesW
GetModuleFileNameW
FlushFileBuffers
GetWindowsDirectoryA
SetFileAttributesA
DeleteFileA
CreateFileA
SetFilePointer
GetLocalTime
GetLastError
GetTickCount
WriteFile
SetLastError
Sections
.text Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 992B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/PicasaInstaller/srv2k3/cdrom.sys.sys windows:5 windows x86 arch:x86
6cc5dc1a1393363f8ddd770ed1c89928
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
cdrom.pdb
Imports
ntoskrnl.exe
IoSetHardErrorOrVerifyDevice
_allshr
MmLockPagableDataSection
KeDelayExecutionThread
_allmul
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlGetVersion
KeInitializeSpinLock
MmUnlockPagableImageSection
RtlFreeUnicodeString
IoSetStartIoAttributes
strchr
memmove
_allshl
IoFreeWorkItem
IoReportTargetDeviceChangeAsynchronous
KeReleaseMutex
_aullshr
KeTickCount
ZwCreateKey
KeBugCheckEx
IoGetAttachedDeviceReference
ObfDereferenceObject
IoGetDriverObjectExtension
sprintf
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeMutex
KeSetEvent
KeClearEvent
IoReuseIrp
KeInitializeEvent
IofCompleteRequest
KeEnterCriticalRegion
KeWaitForSingleObject
KeLeaveCriticalRegion
IoStartPacket
IoAllocateWorkItem
IoQueueWorkItem
RtlWriteRegistryValue
IoOpenDeviceRegistryKey
RtlQueryRegistryValues
ZwClose
RtlInitUnicodeString
swprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoAllocateIrp
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
IoFreeIrp
ExAllocatePoolWithTag
IoBuildAsynchronousFsdRequest
ExFreePoolWithTag
IofCallDriver
IoGetConfigurationInformation
IoWMIRegistrationControl
WmiQueryTraceInformation
WmiTraceMessage
IoAllocateDriverObjectExtension
IoStartNextPacket
hal
KfRaiseIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel
KfLowerIrql
classpnp.sys
ClassGetVpb
ClassDisableMediaChangeDetection
ClassFindModePage
ClassSpinDownPowerHandler
ClassInitialize
ClassDeleteSrbLookasideList
ClassGetDriverExtension
ClassInitializeSrbLookasideList
ClassQueryTimeOutRegistryValue
ClassReadDriveCapacity
ClassInitializeMediaChangeDetection
ClassGetDeviceParameter
ClassSetDeviceParameter
ClassResetMediaChangeTimer
ClassScanForSpecial
ClassReleaseQueue
ClassBuildRequest
ClassSplitRequest
ClassClaimDevice
ClassCreateDeviceObject
ClassUpdateInformationInRegistry
ClassInterpretSenseInfo
ClassEnableMediaChangeDetection
ClassIoComplete
ClassSendSrbAsynchronous
ClassSendSrbSynchronous
ClassSendDeviceIoControlSynchronous
ClassAsynchronousCompletion
ClassSendStartUnit
ClassAcquireRemoveLockEx
ClassReleaseRemoveLock
ClassCompleteRequest
ClassDeviceControl
Sections
.text Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 80B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEHIT2 Size: 512B - Virtual size: 101B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEHITA Size: 512B - Virtual size: 404B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGETOSH Size: 1024B - Virtual size: 534B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 512B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/PicasaInstaller/srv2k3/imapi2.dll.dll regsvr32 windows:6 windows x86 arch:x86
26c8e31b611b022d57aa8726567f3671
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
imapi2.pdb
Imports
msvcrt
free
wcsncmp
_wcsnicmp
wcstol
iswdigit
malloc
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memset
??3@YAXPAX@Z
_onexit
_lock
__dllonexit
_unlock
realloc
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_wcslwr
_errno
memmove
_resetstkoflw
calloc
memcpy
??2@YAPAXI@Z
ntdll
RtlUnwind
user32
CharNextW
PostQuitMessage
GetWindowLongW
PostMessageW
DefWindowProcW
UnregisterDeviceNotification
DestroyWindow
UnregisterClassW
MsgWaitForMultipleObjects
RegisterClassExW
CreateWindowExW
SetWindowLongW
RegisterDeviceNotificationW
advapi32
UnregisterTraceGuids
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage
ole32
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
StringFromGUID2
oleaut32
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VariantClear
SysAllocStringByteLen
SafeArrayCreateVector
SysAllocStringLen
SafeArrayDestroy
SysAllocString
DispCallFunc
VariantInit
LoadTypeLi
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysFreeString
VarUI4FromStr
SysStringLen
LoadRegTypeLi
setupapi
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
rpcrt4
NdrStubCall2
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
kernel32
InterlockedExchange
GetVersionExA
GetThreadLocale
SetThreadLocale
WaitForSingleObject
InterlockedExchangeAdd
ResetEvent
CreateThread
ResumeThread
GetExitCodeThread
SetEvent
GetVolumeNameForVolumeMountPointW
CreateEventW
DeviceIoControl
GetOverlappedResult
GetVolumePathNamesForVolumeNameW
SetErrorMode
InterlockedCompareExchange
VirtualAlloc
GetNativeSystemInfo
VirtualFree
CloseHandle
InitializeCriticalSectionAndSpinCount
SetLastError
GetTickCount
Sleep
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
LocalAlloc
GetSystemTimeAsFileTime
LocalFree
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
OutputDebugStringA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 264KB - Virtual size: 264KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 512B - Virtual size: 477B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 38KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/PicasaInstaller/srv2k3/imapi2fs.dll.dll regsvr32 windows:6 windows x86 arch:x86
3042d7185f81dda08a65ad7485a4a0ee
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
imapi2fs.pdb
Imports
msvcrt
_vscwprintf
srand
_wstat
_localtime64
_gmtime64
_time64
__RTDynamicCast
rand
?name@type_info@@QBEPBDXZ
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
_onexit
__RTtypeid
__dllonexit
_unlock
realloc
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
_XcptFilter
??0exception@@QAE@ABV0@@Z
_resetstkoflw
calloc
wcsstr
wcsncmp
wcsrchr
qsort
mbtowc
wcschr
_wgetenv
swscanf
iswspace
_wcsicmp
memmove
_vsnprintf
_vsnwprintf
_errno
__CxxFrameHandler
memset
_CxxThrowException
_wtoi
_wremove
ceil
_wcsupr
_lock
memcpy
free
_amsg_exit
ntdll
RtlAllocateHeap
RtlFreeHeap
RtlOemToUnicodeN
RtlMultiByteToUnicodeN
RtlUnicodeToOemN
RtlUnicodeToMultiByteN
NtDeviceIoControlFile
NtClose
NtReadFile
NtWriteFile
NtOpenFile
RtlInitUnicodeString
NtQueryInformationFile
RtlFreeUnicodeString
NtSetInformationFile
RtlDeleteElementGenericTable
RtlFindSetBits
RtlClearBits
RtlInitializeBitMap
RtlLookupElementGenericTable
RtlNumberOfSetBits
RtlEnumerateGenericTableWithoutSplaying
RtlSetBits
RtlInsertElementGenericTable
RtlInitializeGenericTable
RtlPrefixUnicodeString
DbgPrint
RtlQueryRegistryValues
RtlUnwind
user32
wsprintfW
UnregisterClassW
CharNextW
advapi32
RegQueryValueExW
RegEnumKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
ole32
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CreateStreamOnHGlobal
oleaut32
CreateErrorInfo
SafeArrayUnlock
SafeArrayCreateVector
SafeArrayLock
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
VariantInit
VariantClear
SetErrorInfo
SysAllocStringLen
GetErrorInfo
kernel32
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
OutputDebugStringA
InterlockedExchange
GetVersionExA
CreateEventA
GetOverlappedResult
GetTempPathW
GlobalFree
GetDriveTypeW
LocalAlloc
LocalFree
Sleep
HeapSize
GetModuleHandleExW
FormatMessageW
FindNextFileW
FindClose
SetLastError
GetFullPathNameW
GetSystemTime
SetUnhandledExceptionFilter
FileTimeToSystemTime
ReadFile
CreateFileW
CloseHandle
WriteFile
DeviceIoControl
WideCharToMultiByte
GetConsoleCP
InterlockedCompareExchange
FindFirstFileW
SetErrorMode
SleepEx
GetThreadLocale
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LockResource
FindResourceExW
GetDiskFreeSpaceExW
GetFileAttributesExW
SetFilePointer
SetEndOfFile
GetFileSize
GlobalAlloc
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SetThreadLocale
RaiseException
lstrlenW
rpcrt4
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrClientCall2
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_QueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
msvcp60
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
shlwapi
SHCreateStreamOnFileW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 562KB - Virtual size: 561KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 1024B - Virtual size: 657B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 274KB - Virtual size: 273KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/PicasaInstaller/update/kb952011.cat
-
$TEMP/PicasaInstaller/update/spcustom.dll.dll windows:5 windows x86 arch:x86
97061b17fbea6e074ad332f811a6f9c7
Code Sign
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before04/12/2003, 00:00Not After03/12/2008, 23:59SubjectCN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10/01/1997, 07:00Not After31/12/2020, 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before04/04/2006, 17:44Not After26/04/2012, 07:00SubjectCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
61:46:9e:cb:00:04:00:00:00:65Certificate
IssuerCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/04/2006, 19:43Not After04/10/2007, 19:53SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
b3:72:b8:94:fa:0c:6c:d6:43:3a:ad:01:54:17:da:b0:78:1b:f2:95Signer
Actual PE Digestb3:72:b8:94:fa:0c:6c:d6:43:3a:ad:01:54:17:da:b0:78:1b:f2:95Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
spcustom.pdb
Imports
msvcrt
_adjust_fdiv
_initterm
_stricmp
sprintf
_strlwr
_strnicmp
strstr
strchr
memmove
atoi
strrchr
_except_handler3
malloc
free
kernel32
TerminateProcess
GetCurrentProcess
GetVersionExA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnmapViewOfFile
CloseHandle
LoadResource
SetLastError
GetLastError
FindResourceA
MapViewOfFileEx
CreateFileMappingA
CreateFileA
GetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
FreeLibrary
lstrcpyA
GetProcAddress
LoadLibraryA
GetCurrentProcessId
GetSystemInfo
GetCommandLineA
Sleep
lstrlenA
ExpandEnvironmentStringsA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
UnhandledExceptionFilter
advapi32
OpenSCManagerA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
ControlService
RegCloseKey
OpenServiceA
CloseServiceHandle
StartServiceA
QueryServiceStatus
winspool.drv
GetPrinterDriverDirectoryA
GetPrintProcessorDirectoryA
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
Exports
Exports
ArchivingComplete
BeginInstallation
BlockMSNCopy
ConfirmInstallation
CopyingComplete
EndInstallation
FailedInstallation
GetClusterPathName
GetFPNWPathName
GetHTRPathName
GetJVMStage
GetMSI20Stage
GetMtsPathName
GetOsProductType
GetPBAPath
GetPrintProcessorPath
GetPrinterDriverPath
GetRISAdminPathName
GetRISPathName
GetSmsPathName
GetSupportToolsPathName
IsMediaCenterPC
IsStartEdition
IsTabletPC
IsWMUpgradeable
OnACPower
SuccessInstallation
WindowsFirewallIsOpmodeOff
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 938B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/PicasaInstaller/update/update.exe.exe .vbs windows:5 windows x86 arch:x86 polyglot
6c65741b84ef10d29b294ed68e8a07f6
Code Sign
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before04/12/2003, 00:00Not After03/12/2008, 23:59SubjectCN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10/01/1997, 07:00Not After31/12/2020, 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before04/04/2006, 17:44Not After26/04/2012, 07:00SubjectCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
61:46:9e:cb:00:04:00:00:00:65Certificate
IssuerCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/04/2006, 19:43Not After04/10/2007, 19:53SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
3f:cb:4c:3c:c4:0c:f2:69:46:65:03:a8:ba:e9:c7:20:67:de:80:0aSigner
Actual PE Digest3f:cb:4c:3c:c4:0c:f2:69:46:65:03:a8:ba:e9:c7:20:67:de:80:0aDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
D:\binaries.x86fre\SCP_WPA\update.PDB
Imports
advapi32
QueryServiceConfigA
UnlockServiceDatabase
GetNamedSecurityInfoA
SetNamedSecurityInfoA
GetTokenInformation
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
RegLoadKeyA
RegUnLoadKeyA
AdjustTokenPrivileges
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
GetLengthSid
CopySid
GetAclInformation
SetFileSecurityW
AddAce
RegQueryInfoKeyA
RegSaveKeyA
RegFlushKey
EnumDependentServicesA
InitializeAcl
AddAccessAllowedAce
SetFileSecurityA
QueryServiceStatus
GetServiceDisplayNameA
RegOpenKeyA
RegDeleteValueA
OpenSCManagerA
OpenServiceA
StartServiceA
ControlService
CloseServiceHandle
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegSetKeySecurity
FreeSid
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
LockServiceDatabase
GetFileSecurityA
RegOpenKeyExW
AbortSystemShutdownA
InitiateSystemShutdownA
OpenServiceW
EnumServicesStatusExA
ChangeServiceConfigA
comctl32
PropertySheetW
CreatePropertySheetPageW
crypt32
CertCreateCertificateContext
CertOpenStore
CryptEncodeObject
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CertCloseStore
CertFreeCertificateContext
gdi32
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateCompatibleDC
GetDIBits
SelectObject
StretchBlt
BitBlt
imagehlp
EnumerateLoadedModules64
kernel32
GetCompressedFileSizeA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetCurrentProcess
GetTempPathA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
FreeResource
lstrlenA
GetSystemInfo
SetEnvironmentVariableA
SetUnhandledExceptionFilter
ExitProcess
GetFullPathNameA
GetVolumeInformationA
lstrcmpA
GetWindowsDirectoryW
GetVolumeInformationW
SetErrorMode
GetCommandLineA
GetCommandLineW
CreateMutexA
WaitForSingleObject
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
FileTimeToDosDateTime
GetModuleHandleA
FormatMessageW
ReadFile
GetTickCount
CreateEventA
CreateThread
SetThreadPriority
WaitForMultipleObjects
SetEvent
RemoveDirectoryA
EnterCriticalSection
GetExitCodeProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessA
MapViewOfFileEx
FreeLibrary
DeviceIoControl
GetFileAttributesExA
VirtualFree
WritePrivateProfileStringA
SetCurrentDirectoryA
GetModuleFileNameA
VirtualAlloc
FindNextFileW
GetEnvironmentVariableA
InitializeCriticalSection
Sleep
GetThreadLocale
lstrcmpiW
FindFirstFileW
GetLocaleInfoA
GetPrivateProfileStringA
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
GetStartupInfoA
GetFileTime
FlushFileBuffers
GetProcessHeap
GetComputerNameA
SetFilePointer
WriteFile
HeapFree
InterlockedCompareExchange
GetSystemDirectoryA
GetTempFileNameA
CopyFileA
OpenProcess
MoveFileExA
SetFileAttributesA
GetVersionExA
LocalAlloc
LocalFree
SetLastError
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetDriveTypeA
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
lstrcmpiA
FormatMessageA
GetFileAttributesA
CreateDirectoryA
GetSystemDirectoryW
LoadLibraryA
GetProcAddress
GetLastError
GetWindowsDirectoryA
DeleteFileA
lstrcpynA
DefineDosDeviceA
QueryDosDeviceA
CreateEventW
WriteProcessMemory
VirtualAllocEx
CreateRemoteThread
InterlockedIncrement
GetFullPathNameW
GetFileSizeEx
OpenEventA
GetLocalTime
lstrlenW
GetDriveTypeW
lstrcpynW
lstrcpyW
SearchPathW
ExpandEnvironmentStringsW
GetVersionExW
GetTempFileNameW
CopyFileW
ReleaseMutex
GetModuleFileNameW
GetSystemDefaultLangID
DuplicateHandle
CreateProcessW
OpenFileMappingA
RaiseException
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
HeapDestroy
HeapCreate
ReleaseSemaphore
SetEndOfFile
InterlockedDecrement
GetCurrentThread
GetExitCodeThread
CreateSemaphoreA
MoveFileA
HeapAlloc
DeleteFileW
CreateFileW
FlushViewOfFile
QueryPerformanceCounter
DelayLoadFailureHook
LeaveCriticalSection
FindClose
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemTime
VirtualProtect
InitializeCriticalSectionAndSpinCount
GetVersion
TlsFree
mpr
WNetGetUniversalNameA
WNetGetUserA
msvcrt
_itoa
strncpy
_except_handler3
strchr
_stricmp
sprintf
strrchr
mbstowcs
malloc
free
_vsnprintf
memmove
vsprintf
strncat
_wcsdup
_errno
_open
_read
_snprintf
_write
_close
_lseek
remove
_tempnam
wcscat
_vsnwprintf
ctime
_wcsicmp
_strnicmp
wcsstr
_snwprintf
_local_unwind2
_memicmp
atoi
realloc
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memchr
_strcmpi
wcscpy
_mbslwr
strstr
swprintf
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_ltoa
wcschr
fprintf
wcstoul
wcslen
_strdup
calloc
getenv
strtoul
strncmp
_mbsupr
rename
strcspn
isdigit
wcsrchr
wcscmp
wcsncat
wcsncpy
toupper
strspn
atol
strpbrk
isspace
_ultoa
_wtoi64
_wcslwr
strtok
_itow
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
__CxxFrameHandler
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
fclose
??2@YAPAXI@Z
fopen
ntdll
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlRaiseStatus
RtlFreeHeap
RtlAllocateHeap
NtYieldExecution
NtSetSystemInformation
NtCreateSection
NtOpenFile
NtOpenSection
NtOpenDirectoryObject
RtlCompareUnicodeString
NtCreateFile
RtlDosPathNameToNtPathName_U
LdrUnloadDll
NtFreeVirtualMemory
NtQueryInformationThread
NtWaitForSingleObject
RtlCreateUserThread
NtWriteVirtualMemory
NtAllocateVirtualMemory
NtOpenProcess
LdrGetProcedureAddress
LdrLoadDll
RtlDestroyHeap
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlGetAce
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
RtlCreateHeap
DbgPrint
RtlFreeUnicodeString
NtQuerySystemTime
RtlTimeToTimeFields
ole32
CoInitialize
CoUninitialize
CoCreateInstance
oleaut32
SysFreeString
psapi
GetModuleFileNameExA
rpcrt4
UuidFromStringA
shell32
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderPathA
SHBrowseForFolderA
updspapi
UpdSpSetDynamicStringA
UpdSpCopyErrorA
UpdSpPromptForDiskA
UpdSpInitDefaultQueueCallbackEx
UpdSpIterateCabinetA
UpdSpGetLineCountW
UpdSpGetLineByIndexW
UpdSpGetStringFieldW
UpdSpCommitFileQueueA
UpdSpOpenFileQueue
UpdSpGetSourceInfoA
UpdSpGetSourceFileLocationA
UpdSpCloseFileQueue
UpdSpDefaultQueueCallbackW
UpdSpDefaultQueueCallbackA
UpdSpDecompressOrCopyFileA
UpdSpGetTargetPathW
UpdSpInstallFromInfSectionA
UpdSpQueueCopyA
UpdSpGetIntField
UpdSpGetBinaryField
UpdSpScanFileQueueA
UpdSpGetLineTextW
UpdSpOpenInfFileA
UpdSpCloseInfFile
UpdSpSetDirectoryIdA
UpdSpInstallFilesFromInfSectionA
UpdSpGetLineCountA
UpdSpGetLineByIndexA
UpdSpGetStringFieldA
UpdSpFindFirstLineA
UpdSpGetLineTextA
UpdSpGetFieldCount
UpdSpFindNextLine
UpdSpGetMultiSzFieldW
UpdSpFindFirstLineW
UpdSpFindNextMatchLineW
UpdSpGetTargetPathA
user32
ShowWindow
wvsprintfW
EnumWindowStationsA
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
EnumDesktopsA
CloseWindowStation
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
EnumWindows
CloseDesktop
GetClientRect
FindWindowExA
GetWindowThreadProcessId
GetWindow
RegisterClassA
CreateWindowExA
DefWindowProcA
MessageBoxW
GetSystemMetrics
LoadStringA
LoadStringW
MessageBoxA
PostQuitMessage
DestroyWindow
SendMessageA
SetDlgItemTextA
SystemParametersInfoA
EnableWindow
GetDlgItem
DispatchMessageA
TranslateMessage
GetMessageA
PostThreadMessageA
SetWindowTextW
RedrawWindow
SetWindowLongA
GetWindowLongA
GetWindowTextA
PostMessageA
EnumChildWindows
SetDlgItemTextW
LoadBitmapA
IsDlgButtonChecked
SetTimer
CheckDlgButton
KillTimer
ReleaseDC
GetDC
SetForegroundWindow
SetWindowTextA
EndDialog
DialogBoxParamA
GetDesktopWindow
SetFocus
userenv
ord138
ord121
ord119
version
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
winspool.drv
GetPrinterDriverDirectoryA
Sections
.text Size: 598KB - Virtual size: 597KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 503KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 116KB - Virtual size: 115KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$TEMP/PicasaInstaller/update/update.ver
-
$TEMP/PicasaInstaller/update/update_srv2k3.inf
-
$TEMP/PicasaInstaller/update/update_xp.inf
-
$TEMP/PicasaInstaller/update/updatebr.inf
-
$TEMP/PicasaInstaller/update/updspapi.dll.dll windows:5 windows x86 arch:x86
48d33c128589c5c1581b1025133d0e4a
Code Sign
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before04/12/2003, 00:00Not After03/12/2008, 23:59SubjectCN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before10/01/1997, 07:00Not After31/12/2020, 07:00SubjectCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before04/04/2006, 17:44Not After26/04/2012, 07:00SubjectCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
61:46:9e:cb:00:04:00:00:00:65Certificate
IssuerCN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/04/2006, 19:43Not After04/10/2007, 19:53SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
78:c3:2a:66:88:74:4e:47:d7:c1:e0:31:6a:e4:04:c8:d3:c1:97:4bSigner
Actual PE Digest78:c3:2a:66:88:74:4e:47:d7:c1:e0:31:6a:e4:04:c8:d3:c1:97:4bDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
updspapi.pdb
Imports
msvcrt
swprintf
_wcsicmp
wcsrchr
_wcsnicmp
towupper
_endthread
_beginthread
wcstoul
memmove
wcscat
wcschr
wcscpy
_strnicmp
iswctype
_vsnwprintf
strrchr
wcscmp
wcslen
_abnormal_termination
free
_initterm
_adjust_fdiv
malloc
wcsncmp
_except_handler3
ntdll
NtQueryInformationProcess
advapi32
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
SetFileSecurityW
GetFileSecurityW
IsTextUnicode
RegSetValueExW
gdi32
GetTextExtentExPointW
SelectObject
kernel32
HeapAlloc
CompareStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapReAlloc
FreeLibrary
GetProcAddress
GetSystemDirectoryA
LoadLibraryA
FindClose
ResetEvent
GetDriveTypeW
HeapFree
GetProcessHeap
CreateMutexW
InterlockedCompareExchange
OutputDebugStringW
GetModuleHandleW
FindFirstFileW
SetErrorMode
CreateDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
SetLastError
GetLastError
Sleep
FlushFileBuffers
SetEndOfFile
CloseHandle
UnmapViewOfFile
LocalFree
WriteFile
FormatMessageW
GetVersionExW
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
SetFilePointer
lstrlenA
GetCurrentProcessId
GetLocalTime
lstrlenW
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetFileAttributesW
InitializeCriticalSection
lstrcatW
lstrcpyW
DeleteFileW
SetFileAttributesW
GetTempFileNameW
lstrcpynW
lstrcmpiW
GetFileTime
SetFileTime
CopyFileW
MoveFileW
CreateFileA
ReadFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
RaiseException
TlsSetValue
LocalAlloc
TlsGetValue
GetModuleFileNameW
GetSystemDirectoryW
TlsAlloc
TlsFree
WaitForMultipleObjects
ReleaseMutex
GetLocaleInfoW
SetEvent
DuplicateHandle
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
CreateEventW
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
MoveFileExW
GetShortPathNameW
GetFullPathNameW
lstrcpyA
LoadLibraryW
lstrcmpiA
ExpandEnvironmentStringsW
GetStringTypeExW
GetThreadLocale
lstrcpynA
lstrcmpW
DeviceIoControl
mpr
WNetCancelConnection2W
WNetGetResourceInformationW
WNetAddConnection3W
ole32
OleUninitialize
OleInitialize
shell32
SHGetSpecialFolderPathW
user32
wvsprintfW
ClientToScreen
GetClientRect
GetSystemMetrics
MoveWindow
CharNextW
CharLowerW
CharPrevA
DialogBoxParamW
GetWindowTextLengthW
UpdateWindow
RemovePropW
LoadIconW
SendDlgItemMessageW
GetParent
EnableWindow
GetWindowLongW
MessageBeep
CharUpperW
GetDC
GetWindowRect
ReleaseDC
IsWindow
wsprintfW
CharPrevW
GetUserObjectInformationW
GetProcessWindowStation
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
SendMessageW
SetWindowTextW
ShowWindow
GetDlgItem
SetDlgItemTextW
GetWindowTextW
GetKeyboardType
PostMessageW
EndDialog
LoadStringW
GetDlgItemTextW
SetPropW
GetPropW
SetForegroundWindow
GetWindow
SetFocus
DestroyWindow
SetWindowLongW
RegisterWindowMessageW
SystemParametersInfoW
MessageBoxW
winspool.drv
GetPrintProcessorDirectoryW
GetPrinterDriverDirectoryW
Exports
Exports
UpdSpCloseFileQueue
UpdSpCloseInfFile
UpdSpCommitFileQueueA
UpdSpCommitFileQueueW
UpdSpCopyErrorA
UpdSpCopyErrorW
UpdSpDecompressOrCopyFileA
UpdSpDecompressOrCopyFileW
UpdSpDefaultQueueCallbackA
UpdSpDefaultQueueCallbackW
UpdSpDeleteErrorA
UpdSpDeleteErrorW
UpdSpEnumInfSectionsA
UpdSpEnumInfSectionsW
UpdSpFindFirstLineA
UpdSpFindFirstLineW
UpdSpFindNextLine
UpdSpFindNextMatchLineA
UpdSpFindNextMatchLineW
UpdSpGetBinaryField
UpdSpGetFieldCount
UpdSpGetIntField
UpdSpGetLineByIndexA
UpdSpGetLineByIndexW
UpdSpGetLineCountA
UpdSpGetLineCountW
UpdSpGetLineTextA
UpdSpGetLineTextW
UpdSpGetMultiSzFieldA
UpdSpGetMultiSzFieldW
UpdSpGetSourceFileLocationA
UpdSpGetSourceFileLocationW
UpdSpGetSourceInfoA
UpdSpGetSourceInfoW
UpdSpGetStringFieldA
UpdSpGetStringFieldW
UpdSpGetTargetPathA
UpdSpGetTargetPathW
UpdSpInitDefaultQueueCallback
UpdSpInitDefaultQueueCallbackEx
UpdSpInstallFilesFromInfSectionA
UpdSpInstallFilesFromInfSectionW
UpdSpInstallFromInfSectionA
UpdSpInstallFromInfSectionW
UpdSpIterateCabinetA
UpdSpIterateCabinetW
UpdSpOpenAppendInfFileA
UpdSpOpenAppendInfFileW
UpdSpOpenFileQueue
UpdSpOpenInfFileA
UpdSpOpenInfFileW
UpdSpPromptForDiskA
UpdSpPromptForDiskW
UpdSpQueueCopyA
UpdSpQueueCopySectionA
UpdSpQueueCopySectionW
UpdSpQueueCopyW
UpdSpQueueDeleteA
UpdSpQueueDeleteSectionA
UpdSpQueueDeleteSectionW
UpdSpQueueDeleteW
UpdSpScanFileQueueA
UpdSpScanFileQueueW
UpdSpSetDirectoryIdA
UpdSpSetDirectoryIdW
UpdSpSetDynamicStringA
UpdSpSetDynamicStringExA
UpdSpSetDynamicStringExW
UpdSpSetDynamicStringW
UpdSpTermDefaultQueueCallback
Sections
.text Size: 133KB - Virtual size: 133KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 220KB - Virtual size: 219KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/PicasaInstaller/winxp/cdrom.sys.sys windows:5 windows x86 arch:x86
f509526c57659135a7b9400d79e03340
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
cdrom.pdb
Imports
ntoskrnl.exe
IoSetHardErrorOrVerifyDevice
_allshr
MmLockPagableDataSection
KeDelayExecutionThread
_allmul
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
RtlGetVersion
KeInitializeSpinLock
MmUnlockPagableImageSection
RtlFreeUnicodeString
IoSetStartIoAttributes
strchr
memmove
_allshl
IoFreeWorkItem
IoReportTargetDeviceChangeAsynchronous
KeReleaseMutex
_aullshr
KeTickCount
ZwCreateKey
KeBugCheckEx
IoGetAttachedDeviceReference
ObfDereferenceObject
IoGetDriverObjectExtension
sprintf
IoAttachDeviceToDeviceStack
IoDeleteDevice
KeInitializeMutex
KeSetEvent
KeClearEvent
IoReuseIrp
KeInitializeEvent
IofCompleteRequest
KeEnterCriticalRegion
KeWaitForSingleObject
KeLeaveCriticalRegion
IoStartPacket
IoAllocateWorkItem
IoQueueWorkItem
RtlWriteRegistryValue
IoOpenDeviceRegistryKey
RtlQueryRegistryValues
ZwClose
swprintf
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoAllocateIrp
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
IoFreeIrp
ExAllocatePoolWithTag
IoBuildAsynchronousFsdRequest
ExFreePoolWithTag
IofCallDriver
IoGetConfigurationInformation
IoWMIRegistrationControl
RtlInitUnicodeString
WmiQueryTraceInformation
WmiTraceMessage
IoAllocateDriverObjectExtension
IoStartNextPacket
hal
KfRaiseIrql
KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel
KfLowerIrql
classpnp.sys
ClassGetVpb
ClassDisableMediaChangeDetection
ClassFindModePage
ClassSpinDownPowerHandler
ClassInitialize
ClassDeleteSrbLookasideList
ClassGetDriverExtension
ClassInitializeSrbLookasideList
ClassQueryTimeOutRegistryValue
ClassReadDriveCapacity
ClassInitializeMediaChangeDetection
ClassGetDeviceParameter
ClassSetDeviceParameter
ClassResetMediaChangeTimer
ClassScanForSpecial
ClassReleaseQueue
ClassBuildRequest
ClassSplitRequest
ClassClaimDevice
ClassCreateDeviceObject
ClassUpdateInformationInRegistry
ClassInterpretSenseInfo
ClassEnableMediaChangeDetection
ClassIoComplete
ClassSendSrbAsynchronous
ClassSendSrbSynchronous
ClassSendDeviceIoControlSynchronous
ClassAsynchronousCompletion
ClassSendStartUnit
ClassAcquireRemoveLockEx
ClassReleaseRemoveLock
ClassCompleteRequest
ClassDeviceControl
Sections
.text Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 128B - Virtual size: 80B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEHIT2 Size: 128B - Virtual size: 101B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEHITA Size: 512B - Virtual size: 404B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGETOSH Size: 640B - Virtual size: 534B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 384B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/PicasaInstaller/winxp/imapi2.dll.dll regsvr32 windows:6 windows x86 arch:x86
fdf50ba05f0e81e8a26e5b6d120a441a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
imapi2.pdb
Imports
msvcrt
free
wcsncmp
_wcsnicmp
wcstol
iswdigit
malloc
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memset
??3@YAXPAX@Z
_onexit
_lock
__dllonexit
_unlock
realloc
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
_wcslwr
_errno
memmove
_resetstkoflw
calloc
memcpy
??2@YAPAXI@Z
ntdll
RtlUnwind
user32
MsgWaitForMultipleObjects
CharNextW
PostQuitMessage
GetWindowLongW
PostMessageW
DefWindowProcW
UnregisterDeviceNotification
DestroyWindow
UnregisterClassW
RegisterClassExW
CreateWindowExW
SetWindowLongW
RegisterDeviceNotificationW
advapi32
UnregisterTraceGuids
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
TraceMessage
RegEnumKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
RegSetValueExW
ole32
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
StringFromGUID2
oleaut32
SysAllocStringLen
SafeArrayCreateVector
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VariantInit
SafeArrayDestroy
SysAllocString
DispCallFunc
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysFreeString
VarUI4FromStr
setupapi
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
rpcrt4
CStdStubBuffer_AddRef
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
CStdStubBuffer_QueryInterface
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
kernel32
InterlockedExchange
GetVersionExA
GetThreadLocale
SetThreadLocale
WaitForSingleObject
InterlockedExchangeAdd
ResetEvent
CreateThread
ResumeThread
GetExitCodeThread
SetEvent
GetVolumeNameForVolumeMountPointW
CreateEventW
DeviceIoControl
GetOverlappedResult
GetVolumePathNamesForVolumeNameW
SetErrorMode
InterlockedCompareExchange
VirtualAlloc
GetNativeSystemInfo
VirtualFree
CloseHandle
InitializeCriticalSectionAndSpinCount
SetLastError
GetTickCount
Sleep
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
LocalAlloc
GetSystemTimeAsFileTime
LocalFree
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
OutputDebugStringA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 264KB - Virtual size: 264KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 512B - Virtual size: 477B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 38KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$TEMP/PicasaInstaller/winxp/imapi2fs.dll.dll regsvr32 windows:6 windows x86 arch:x86
983aad5138ce75b4be04c13b0e89bd90
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
imapi2fs.pdb
Imports
msvcrt
_vscwprintf
srand
_wstat
_localtime64
_gmtime64
_time64
__RTDynamicCast
rand
?name@type_info@@QBEPBDXZ
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
_onexit
_lock
__RTtypeid
_unlock
realloc
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
malloc
_XcptFilter
??0exception@@QAE@ABV0@@Z
_resetstkoflw
calloc
wcsstr
wcsncmp
wcsrchr
qsort
mbtowc
wcschr
_wgetenv
swscanf
iswspace
_wcsicmp
memmove
_vsnprintf
_vsnwprintf
memcpy
_errno
__CxxFrameHandler
memset
_CxxThrowException
_wtoi
_wremove
ceil
_wcsupr
__dllonexit
free
_initterm
ntdll
RtlAllocateHeap
RtlFreeHeap
RtlOemToUnicodeN
RtlMultiByteToUnicodeN
RtlUnicodeToOemN
RtlUnicodeToMultiByteN
NtDeviceIoControlFile
NtClose
NtReadFile
NtWriteFile
NtOpenFile
RtlInitUnicodeString
NtQueryInformationFile
RtlFreeUnicodeString
NtSetInformationFile
RtlDeleteElementGenericTable
RtlFindSetBits
RtlClearBits
RtlInitializeBitMap
RtlLookupElementGenericTable
RtlNumberOfSetBits
RtlEnumerateGenericTableWithoutSplaying
RtlSetBits
RtlInsertElementGenericTable
RtlInitializeGenericTable
RtlPrefixUnicodeString
DbgPrint
RtlQueryRegistryValues
RtlUnwind
user32
wsprintfW
UnregisterClassW
CharNextW
advapi32
RegQueryValueExW
RegEnumKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
ole32
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
oleaut32
CreateErrorInfo
SafeArrayUnlock
SafeArrayCreateVector
SafeArrayLock
SafeArrayGetElement
SafeArrayGetUBound
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SafeArrayGetLBound
SafeArrayGetDim
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
VariantInit
VariantClear
SetErrorInfo
SysAllocStringLen
GetErrorInfo
kernel32
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
OutputDebugStringA
InterlockedExchange
GetVersionExA
CreateEventA
GetOverlappedResult
GetTempPathW
GlobalFree
GetDriveTypeW
LocalAlloc
LocalFree
Sleep
HeapSize
GetModuleHandleExW
FormatMessageW
FindNextFileW
FindClose
SetLastError
GetFullPathNameW
GetSystemTime
SystemTimeToFileTime
SetUnhandledExceptionFilter
ReadFile
CreateFileW
CloseHandle
WriteFile
DeviceIoControl
WideCharToMultiByte
GetConsoleCP
InterlockedCompareExchange
FindFirstFileW
SetErrorMode
SleepEx
GetThreadLocale
SetThreadLocale
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
LockResource
FindResourceExW
GetDiskFreeSpaceExW
GetFileAttributesExW
SetFilePointer
SetEndOfFile
GetFileSize
GlobalAlloc
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetModuleHandleW
rpcrt4
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_QueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
NdrClientCall2
msvcp60
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
shlwapi
SHCreateStreamOnFileW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 562KB - Virtual size: 561KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 1024B - Virtual size: 657B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 274KB - Virtual size: 273KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
MovieThumb.exe.exe windows:4 windows x86 arch:x86
d5b1cc60e3b220ebffdfda29c1fa5cc0
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before29/01/2014, 00:00Not After29/01/2016, 23:59SubjectCN=Google Inc,OU=Digital ID Class 3 - Java Object Signing+OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
90:80:02:75:44:85:54:1d:b3:b1:45:2c:aa:6b:a7:6e:c3:30:40:72Signer
Actual PE Digest90:80:02:75:44:85:54:1d:b3:b1:45:2c:aa:6b:a7:6e:c3:30:40:72Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
p:\p\agents\hpac4.eem\recipes\662730680\base\googleclient\picasa39-stable\build\MovieThumb.pdb
Imports
msvfw32
ICClose
ICSendMessage
avifil32
AVIFileOpenA
AVIFileInit
AVIStreamRelease
AVIStreamGetFrameClose
AVIStreamGetFrame
AVIStreamLength
AVIStreamGetFrameOpen
AVIStreamInfoA
AVIFileGetStream
AVIFileRelease
winmm
mmioDescend
mmioRead
mmioAscend
mmioClose
mciGetErrorStringA
timeKillEvent
timeEndPeriod
timeBeginPeriod
timeGetTime
mciSendCommandA
mciSendStringA
mmioOpenA
timeSetEvent
kernel32
SetUnhandledExceptionFilter
CreateEventA
GetLastError
ResetEvent
WaitForMultipleObjects
WaitForSingleObject
WriteProcessMemory
LoadLibraryExA
FreeLibrary
GetProcAddress
LoadLibraryA
DeleteCriticalSection
InitializeCriticalSection
ExitProcess
InterlockedDecrement
Sleep
InterlockedIncrement
OpenEventA
LeaveCriticalSection
SetErrorMode
GetCommandLineW
InterlockedCompareExchange
ReadProcessMemory
CloseHandle
OpenProcess
SetEvent
GetCurrentThreadId
EnterCriticalSection
GetCurrentProcessId
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
LCMapStringA
HeapCreate
HeapDestroy
SetHandleCount
GetEnvironmentStringsW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetModuleFileNameA
GetModuleHandleA
GetLongPathNameW
GetShortPathNameW
CreateFileW
GetLongPathNameA
InterlockedExchange
TerminateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetCurrentProcess
GetVersion
GetVersionExA
GetModuleFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileAttributesA
GetDateFormatA
LoadLibraryExW
CreateDirectoryW
DeleteFileW
CreateDirectoryExW
GetTimeFormatA
DeleteFileA
SetFileAttributesA
FindFirstFileW
RemoveDirectoryA
GetFileAttributesExA
FindFirstFileA
GetShortPathNameA
FindFirstFileExW
CreateFileA
FindFirstFileExA
CreateProcessA
SetFileAttributesW
FindNextFileW
GetFileAttributesExW
FindNextFileA
GetDateFormatW
CreateDirectoryA
CopyFileW
GetTimeFormatW
MoveFileW
CreateDirectoryExA
RemoveDirectoryW
MoveFileExW
CopyFileA
MoveFileA
CreateProcessW
MoveFileExA
FindFirstChangeNotificationW
CopyFileExW
FindFirstChangeNotificationA
MoveFileWithProgressW
CopyFileExA
CompareStringW
CompareStringA
MoveFileWithProgressA
GetModuleHandleW
LoadLibraryW
GetFileAttributesW
ReadFile
WriteFile
VirtualFree
VirtualAlloc
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetSystemInfo
GetLocaleInfoA
MulDiv
GetACP
CreateThread
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
HeapReAlloc
ExitThread
RtlUnwind
SetStdHandle
GetFileType
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
IsDebuggerPresent
RaiseException
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
user32
MsgWaitForMultipleObjects
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
AppendMenuW
MessageBoxW
SetWindowLongW
CallWindowProcA
GetWindowLongW
CallWindowProcW
RegisterClassW
UnregisterClassA
GetMenuItemInfoA
UnregisterClassW
SetMenuItemInfoA
GetClassInfoA
SetClassLongW
SetClassLongA
InsertMenuItemA
SetWindowTextA
PeekMessageA
AppendMenuA
SendMessageW
SetDlgItemTextW
DialogBoxParamA
MessageBoxA
DefWindowProcW
SetDlgItemTextA
CreateDialogParamA
CreateWindowExW
PostThreadMessageA
RegisterWindowMessageA
SetWindowTextW
GetQueueStatus
SendMessageA
RegisterClassA
CreateWindowExA
wsprintfW
ReleaseDC
GetDC
DefWindowProcA
DestroyWindow
SetWindowLongA
GetWindowTextA
GetWindowLongA
GetWindowTextW
CreateDialogParamW
DialogBoxParamW
gdi32
CreateDIBSection
SetDIBits
DeleteDC
SelectObject
CreateCompatibleDC
DeleteObject
TextOutA
ExtTextOutA
GetTextExtentPoint32A
TextOutW
ExtTextOutW
GetTextExtentPoint32W
ole32
CoInitialize
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CreateItemMoniker
GetRunningObjectTable
oleaut32
SysAllocString
SysFreeString
comctl32
CreatePropertySheetPageW
PropertySheetW
CreatePropertySheetPageA
PropertySheetA
comdlg32
GetOpenFileNameA
GetSaveFileNameW
GetOpenFileNameW
GetSaveFileNameA
advapi32
RegSetValueExW
RegEnumValueW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExA
RegEnumKeyExW
shell32
Shell_NotifyIconW
SHBrowseForFolderW
SHGetSpecialFolderPathA
SHGetPathFromIDListW
SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileW
ShellExecuteA
ShellExecuteExA
DragQueryFileA
SHFileOperationW
Shell_NotifyIconA
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetFileInfoA
SHFileOperationA
Sections
.text Size: 528KB - Virtual size: 526KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 108KB - Virtual size: 105KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 48KB - Virtual size: 131KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Picasa3.exe.exe windows:4 windows x86 arch:x86
28531f1c87a9d537704d5c91f095a9ea
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before29/01/2014, 00:00Not After29/01/2016, 23:59SubjectCN=Google Inc,OU=Digital ID Class 3 - Java Object Signing+OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
ec:d8:ca:c4:f4:dc:b4:12:6c:19:2f:0c:08:7e:a3:3b:4e:3b:dc:eeSigner
Actual PE Digestec:d8:ca:c4:f4:dc:b4:12:6c:19:2f:0c:08:7e:a3:3b:4e:3b:dc:eeDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
p:\p\agents\hpac4.eem\recipes\662730680\base\googleclient\picasa39-stable\build\Picasa3.pdb
Imports
kernel32
GetConsoleMode
lstrcpyA
GetConsoleOutputCP
WriteConsoleA
GetFullPathNameA
GetConsoleCP
SetStdHandle
ExitThread
VirtualProtect
FileTimeToLocalFileTime
IsProcessorFeaturePresent
WriteConsoleW
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
GetThreadLocale
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
CloseHandle
SetEvent
CreateEventA
SetProcessAffinityMask
InterlockedCompareExchange
OpenMutexA
WaitForSingleObject
CreateMutexA
ResetEvent
FindResourceA
LoadResource
LockResource
SizeofResource
SetThreadAffinityMask
GetVolumeInformationA
GetDriveTypeA
GetCommandLineW
TryEnterCriticalSection
FindCloseChangeNotification
GetLongPathNameW
GetLongPathNameA
CompareFileTime
GetCurrentDirectoryA
SetCurrentDirectoryA
GetLogicalDriveStringsA
OpenEventA
PulseEvent
OpenProcess
ReadProcessMemory
GlobalLock
WriteProcessMemory
GlobalUnlock
WaitForMultipleObjects
GlobalFree
OutputDebugStringA
GlobalSize
FindClose
GetWindowsDirectoryA
SystemTimeToFileTime
GetLogicalDrives
GetExitCodeProcess
GetOverlappedResult
FindNextChangeNotification
DeleteFileW
GetFileAttributesExW
GetSystemTime
GetShortPathNameA
GetProfileStringA
FormatMessageA
LocalFree
GetShortPathNameW
GlobalAlloc
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
LoadLibraryExA
FlushInstructionCache
IsDBCSLeadByte
lstrlenW
RaiseException
lstrlenA
lstrcmpA
DisableThreadLibraryCalls
MulDiv
lstrcmpiA
GetComputerNameA
GetFileSize
CreateFileA
FindFirstFileA
ReadFile
SetThreadPriority
GetThreadPriority
TerminateThread
VirtualQuery
SetErrorMode
GetModuleFileNameW
GetSystemDirectoryA
SearchPathA
GetDiskFreeSpaceExA
GetVersion
GetNumberFormatA
LocalFileTimeToFileTime
GetTempPathA
CreateThread
FlushFileBuffers
GetTempPathW
SetFileTime
CreateFileW
LockFileEx
UnlockFileEx
SetFilePointer
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileTime
QueryPerformanceFrequency
CreateProcessW
MoveFileExW
FindFirstChangeNotificationW
CopyFileA
FindFirstChangeNotificationA
MoveFileA
RemoveDirectoryA
MoveFileExA
CopyFileExW
MoveFileWithProgressW
CreateProcessA
CopyFileExA
GetModuleHandleW
MoveFileWithProgressA
LoadLibraryW
LoadLibraryExW
CreateDirectoryW
SetFileAttributesA
CreateDirectoryA
CreateDirectoryExW
GetFileAttributesExA
CreateDirectoryExA
GetFileAttributesW
GetFileAttributesA
DeleteFileA
FindFirstFileW
SetFileAttributesW
FindFirstFileExW
FindFirstFileExA
GetDateFormatW
GetTimeFormatW
FindNextFileW
RemoveDirectoryW
FindNextFileA
CopyFileW
MoveFileW
GetSystemInfo
lstrcmpW
DebugBreak
GetSystemDefaultLCID
CreateToolhelp32Snapshot
Module32First
Module32Next
GetProcessTimes
ReleaseSemaphore
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
comctl32
InitCommonControlsEx
PropertySheetA
CreatePropertySheetPageA
PropertySheetW
CreatePropertySheetPageW
ord14
ord6
ddraw
DirectDrawCreate
imm32
ImmGetContext
ImmSetOpenStatus
ImmReleaseContext
ImmGetDefaultIMEWnd
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmGetOpenStatus
iphlpapi
GetAdaptersInfo
mpr
WNetGetConnectionA
mscms
GetColorDirectoryA
shlwapi
SHDeleteKeyA
AssocQueryStringW
StrTrimA
UrlUnescapeA
SHDeleteValueA
urlmon
URLDownloadToFileA
URLDownloadToFileW
URLDownloadToCacheFileA
FindMimeFromData
CoInternetGetSession
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
msvfw32
ICClose
ICCompressorFree
ICCompressorChoose
ICSendMessage
avifil32
AVIStreamWrite
AVIStreamSetFormat
AVIMakeCompressedStream
AVIFileCreateStreamA
AVIFileInit
AVIFileExit
AVIFileRelease
AVIStreamRelease
AVIFileOpenA
AVIFileOpenW
wininet
HttpOpenRequestA
InternetSetStatusCallback
InternetGetCookieExA
InternetGetConnectedStateEx
InternetOpenA
InternetGoOnline
InternetCrackUrlA
InternetTimeFromSystemTime
HttpEndRequestA
DeleteUrlCacheEntry
InternetFindNextFileA
FtpFindFirstFileA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpDeleteFileA
InternetGetLastResponseInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetConnectA
HttpSendRequestExA
InternetSetOptionA
InternetReadFile
InternetWriteFile
InternetErrorDlg
HttpQueryInfoA
HttpAddRequestHeadersA
InternetCombineUrlA
InternetGetConnectedState
InternetCloseHandle
InternetQueryOptionA
HttpSendRequestA
winmm
mmioDescend
mmioRead
mmioAscend
mmioClose
mmioOpenA
mciSendStringA
mciGetErrorStringA
timeEndPeriod
timeKillEvent
timeBeginPeriod
timeGetTime
timeSetEvent
timeGetDevCaps
wintrust
WinVerifyTrust
ws2_32
htons
ntohl
ntohs
gethostbyname
recv
closesocket
getsockname
send
htonl
sendto
socket
setsockopt
ioctlsocket
bind
recvfrom
WSAStartup
WSACleanup
select
listen
accept
user32
GetForegroundWindow
WindowFromPoint
GetFocus
GetKeyState
CallWindowProcA
SetParent
EnumChildWindows
ScrollWindowEx
GetWindowTextLengthA
DestroyIcon
ReleaseCapture
CheckDlgButton
IsDlgButtonChecked
GetPropA
SetPropA
SetCursor
OpenClipboard
GetClipboardData
CloseClipboard
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindow
GetScrollBarInfo
IsWindowEnabled
CreateDialogIndirectParamA
DialogBoxIndirectParamW
KillTimer
DrawTextW
DialogBoxIndirectParamA
CharNextA
IsChild
DestroyAcceleratorTable
RegisterClassExA
SetCapture
GetWindowTextA
CreateAcceleratorTableA
RemovePropA
InvalidateRgn
GetClassInfoExA
GetWindow
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
EnumThreadWindows
GetQueueStatus
IsDialogMessageA
TranslateAcceleratorA
MsgWaitForMultipleObjects
SetActiveWindow
GetAsyncKeyState
GetCursor
ShowCursor
PostQuitMessage
SetMenu
GetWindowTextLengthW
GetWindowTextW
GetIconInfo
DrawIconEx
GetClassLongA
SetClassLongW
SetWindowTextW
CreateDialogParamA
DialogBoxParamW
SendMessageW
SetDlgItemTextW
DefWindowProcW
CreateDialogParamW
LoadStringA
SetMenuItemInfoW
GetDCEx
GetMenuItemInfoW
SetMenuItemInfoA
InsertMenuItemW
AppendMenuW
InsertMenuItemA
MessageBoxW
AppendMenuA
UnregisterClassA
SetWindowLongW
GetWindowLongW
CallWindowProcW
DialogBoxParamA
RegisterClassW
UnregisterClassW
SetDlgItemTextA
GetClassInfoA
AdjustWindowRect
FindWindowExA
GetTopWindow
GetMenuInfo
SetMenuInfo
TrackPopupMenu
TrackPopupMenuEx
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
GetScrollPos
ShowScrollBar
LoadBitmapA
PostThreadMessageA
wsprintfA
CreateWindowExA
ScreenToClient
DrawMenuBar
MessageBoxA
RegisterClipboardFormatA
ClientToScreen
DestroyMenu
GetClassNameA
GetParent
EnableWindow
PostMessageA
CheckMenuItem
MoveWindow
EnableMenuItem
GetClientRect
MapWindowPoints
GetWindowRect
LoadImageA
SetWindowPos
SetTimer
EndDialog
GetDlgItem
PeekMessageA
GetSystemMetrics
UpdateWindow
InvalidateRect
DefWindowProcA
GetDlgCtrlID
LoadCursorA
SetClassLongA
ReleaseDC
GetDC
GetDesktopWindow
GetSysColor
FindWindowA
EnumWindows
SetWindowLongA
LoadIconA
SendMessageA
SetForegroundWindow
IsIconic
ShowWindow
IsWindowVisible
SystemParametersInfoA
FlashWindowEx
RegisterWindowMessageA
RemoveMenu
GetMenuItemInfoA
SetWindowTextA
SetMenuDefaultItem
IsZoomed
GetMenuItemCount
GetSubMenu
BringWindowToTop
SystemParametersInfoW
SetWindowPlacement
GetMenu
AdjustWindowRectEx
GetWindowPlacement
MessageBeep
GetCursorPos
SetFocus
GetCapture
RedrawWindow
CreateMenu
CreatePopupMenu
RegisterClassA
wsprintfW
EndPaint
FillRect
BeginPaint
CreateWindowExW
DestroyWindow
GetWindowLongA
gdi32
SetBkMode
CreatePatternBrush
GetOutlineTextMetricsA
EnumFontFamiliesExW
GetTextExtentExPointA
CreateDCA
GetDeviceCaps
SetMapMode
StartDocA
AbortDoc
EndDoc
StartPage
EndPage
GetTextAlign
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
SelectObject
GetRegionData
CreatePen
Rectangle
GetKerningPairsA
GetGlyphOutlineA
CreateFontIndirectA
GetTextFaceA
GetTextMetricsA
SetTextColor
DeleteObject
GetGlyphOutlineW
GetICMProfileA
ExtTextOutW
ExtTextOutA
TextOutW
TextOutA
StretchBlt
SetStretchBltMode
CreateDIBSection
GetStockObject
CreateBrushIndirect
SetDIBits
DeleteDC
CreateCompatibleDC
PatBlt
CreateRectRgn
GetObjectA
SetTextAlign
BitBlt
SetBkColor
CreateSolidBrush
winspool.drv
EnumPrintersA
GetPrinterA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
comdlg32
GetSaveFileNameW
GetOpenFileNameW
GetSaveFileNameA
GetOpenFileNameA
advapi32
RegOpenKeyExA
RegSetValueExA
RegCloseKey
CryptReleaseContext
RegEnumValueA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
GetUserNameA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueExA
CryptGenRandom
RegCreateKeyExA
shell32
DragAcceptFiles
ShellExecuteA
DragQueryPoint
DragFinish
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
Shell_NotifyIconA
ShellExecuteExA
SHBrowseForFolderW
DragQueryFileA
DragQueryFileW
SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHFileOperationA
SHGetFileInfoA
ShellExecuteExW
SHGetSpecialFolderPathA
Shell_NotifyIconW
ShellExecuteW
ole32
CoFreeUnusedLibraries
GetRunningObjectTable
CoInitialize
DoDragDrop
CoUninitialize
OleUninitialize
CreateStreamOnHGlobal
RegisterDragDrop
CoTaskMemRealloc
CoResumeClassObjects
CLSIDFromString
OleLockRunning
CoGetClassObject
CLSIDFromProgID
StringFromGUID2
FreePropVariantArray
PropVariantCopy
PropVariantClear
ReleaseStgMedium
CoRegisterClassObject
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CreateItemMoniker
OleInitialize
CoCreateGuid
oleaut32
LoadTypeLi
SafeArrayCreateVector
OleCreateFontIndirect
SafeArrayUnaccessData
SysAllocStringByteLen
VarBstrCmp
VariantClear
VariantTimeToSystemTime
LoadRegTypeLi
SysAllocStringLen
SysStringByteLen
SysStringLen
VarUI4FromStr
SysAllocString
SafeArrayAccessData
SystemTimeToVariantTime
VarDateFromStr
VarBstrFromDate
VariantInit
VarBstrCat
SysFreeString
Exports
Exports
JSON_parser_char
JSON_parser_done
JSON_parser_is_legal_white_space_string
delete_JSON_parser
init_JSON_config
new_JSON_parser
Sections
.text Size: 8.2MB - Virtual size: 8.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 912KB - Virtual size: 910KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 152KB - Virtual size: 501KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 404KB - Virtual size: 401KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Picasa3i18n.dll.dll windows:4 windows x86 arch:x86
22b98c5c8c68a5c45b232e3b1c1c06e3
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before29/01/2014, 00:00Not After29/01/2016, 23:59SubjectCN=Google Inc,OU=Digital ID Class 3 - Java Object Signing+OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
8d:f7:b5:52:72:54:54:e0:4f:12:d1:64:9e:db:5e:85:1d:a0:c0:88Signer
Actual PE Digest8d:f7:b5:52:72:54:54:e0:4f:12:d1:64:9e:db:5e:85:1d:a0:c0:88Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
p:\p\agents\hpac4.eem\recipes\662730680\base\googleclient\picasa39-stable\build\Picasa3i18n.pdb
Imports
kernel32
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
Exports
Exports
GETINSTANCE
Sections
.text Size: 28KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 25.6MB - Virtual size: 25.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PicasaPhotoViewer.exe.exe windows:4 windows x86 arch:x86
af00864ad7b14ce815e2cf768627b923
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before29/01/2014, 00:00Not After29/01/2016, 23:59SubjectCN=Google Inc,OU=Digital ID Class 3 - Java Object Signing+OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
3e:b3:80:bc:f5:e4:e7:f7:32:b4:48:20:e1:13:9b:22:90:5b:f0:ecSigner
Actual PE Digest3e:b3:80:bc:f5:e4:e7:f7:32:b4:48:20:e1:13:9b:22:90:5b:f0:ecDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
p:\p\agents\hpac4.eem\recipes\662730680\base\googleclient\picasa39-stable\build\PicasaPhotoViewer.pdb
Imports
shlwapi
StrRetToBufW
SHDeleteKeyA
SHDeleteValueA
AssocQueryStringW
wininet
InternetGetConnectedStateEx
InternetCloseHandle
InternetQueryOptionA
InternetSetOptionA
InternetGoOnline
InternetGetCookieExA
InternetConnectA
InternetSetStatusCallback
InternetOpenA
HttpEndRequestA
InternetReadFile
InternetWriteFile
InternetErrorDlg
HttpQueryInfoA
HttpAddRequestHeadersA
HttpSendRequestA
HttpSendRequestExA
DeleteUrlCacheEntry
InternetCrackUrlA
InternetGetConnectedState
HttpOpenRequestA
kernel32
CopyFileExA
SetErrorMode
GetSystemDirectoryA
SearchPathA
GetTempPathW
GetTempPathA
GetDriveTypeA
SetFileTime
LockResource
FindFirstChangeNotificationA
MoveFileWithProgressW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
GetVersion
CopyFileExW
DebugBreak
GetThreadLocale
IsProcessorFeaturePresent
VirtualProtect
FormatMessageA
GlobalMemoryStatusEx
GetCommandLineW
QueryPerformanceCounter
ExitProcess
GetLastError
GetLongPathNameA
GetLongPathNameW
CreateMutexA
FindClose
ResetEvent
WaitForSingleObject
Sleep
OpenMutexA
GetExitCodeProcess
TerminateProcess
OpenProcess
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
CreateEventA
SetEvent
CloseHandle
GetShortPathNameA
EnterCriticalSection
InterlockedCompareExchange
GetCurrentThreadId
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
ExitThread
LockFileEx
UnlockFileEx
FindFirstChangeNotificationW
Module32Next
Module32First
CreateToolhelp32Snapshot
GetProcessTimes
GetSystemInfo
GetSystemDefaultLCID
CreateThread
lstrcmpW
QueryPerformanceFrequency
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
HeapAlloc
HeapFree
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapSize
RtlUnwind
SetHandleCount
GetFileType
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
SetFilePointer
MultiByteToWideChar
ReadFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoA
CreateFileA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
SetEndOfFile
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalFree
LoadLibraryExA
lstrlenW
IsDBCSLeadByte
MulDiv
DisableThreadLibraryCalls
lstrlenA
GlobalLock
GlobalUnlock
LoadResource
GlobalAlloc
SizeofResource
lstrcmpiA
FindResourceA
lstrcmpA
FlushInstructionCache
LocalFree
OutputDebugStringA
GetFileSize
WaitForMultipleObjects
TerminateThread
SetThreadPriority
GetThreadPriority
VirtualQuery
GetWindowsDirectoryA
MoveFileWithProgressA
GetModuleFileNameW
GetModuleHandleW
GetFileAttributesW
GetFileAttributesA
LoadLibraryW
DeleteFileW
DeleteFileA
CreateDirectoryW
LoadLibraryExW
FindFirstFileW
CreateDirectoryExW
FindFirstFileA
SetFileAttributesA
FindFirstFileExW
GetFileAttributesExA
FindFirstFileExA
FindNextFileW
GetShortPathNameW
RemoveDirectoryA
FindNextFileA
CreateFileW
CopyFileW
SetFileAttributesW
MoveFileW
GetFileAttributesExW
MoveFileExW
CreateProcessA
CopyFileA
GetDateFormatW
GetTimeFormatW
CreateDirectoryA
MoveFileA
RemoveDirectoryW
CreateDirectoryExA
MoveFileExA
CreateProcessW
user32
RegisterWindowMessageA
FillRect
RegisterClassExA
BeginPaint
EndPaint
CharNextA
InvalidateRect
CreateAcceleratorTableA
GetSysColor
InvalidateRgn
ReleaseCapture
GetWindowRect
IsWindowVisible
DialogBoxIndirectParamA
SetTimer
KillTimer
GetPropA
GetWindowTextLengthW
GetWindowTextW
SetDlgItemTextW
DialogBoxParamA
AppendMenuA
DefWindowProcW
LoadStringA
CreateDialogParamW
MessageBoxA
SetDlgItemTextA
CreateWindowExW
CreateDialogParamA
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
AppendMenuW
MessageBoxW
SetWindowLongW
GetWindowLongW
RegisterClassA
CallWindowProcW
GetMenuItemInfoA
RegisterClassW
UnregisterClassA
UnregisterClassW
GetClassInfoA
SetMenuItemInfoA
SetClassLongW
SetClassLongA
SetWindowTextW
DialogBoxParamW
InsertMenuItemA
SendMessageW
PeekMessageA
GetCursorPos
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
SetActiveWindow
GetAsyncKeyState
SetCursor
GetCursor
DestroyAcceleratorTable
ShowCursor
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
EnumThreadWindows
SystemParametersInfoA
GetActiveWindow
PostQuitMessage
SetMenu
GetMenu
FindWindowExA
GetTopWindow
CreatePopupMenu
SetMenuInfo
TrackPopupMenu
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
DialogBoxIndirectParamW
GetClassLongA
GetDlgItem
LoadImageA
LoadCursorA
SetCapture
GetClassInfoExA
GetWindowTextA
DefWindowProcA
IsChild
SetWindowTextA
RedrawWindow
GetWindow
IsWindow
RemovePropA
CreateWindowExA
ScreenToClient
SetPropA
EndDialog
LoadIconA
GetSystemMetrics
ClientToScreen
GetDesktopWindow
GetDC
GetForegroundWindow
ReleaseDC
GetWindowPlacement
AdjustWindowRect
EnableMenuItem
CheckMenuItem
SetWindowLongA
DrawIcon
DestroyIcon
DestroyWindow
EnableWindow
GetFocus
SetFocus
SendMessageA
GetWindowTextLengthA
MessageBeep
GetParent
GetClientRect
IsIconic
CreateDialogIndirectParamA
GetClassNameA
GetWindowLongA
FindWindowA
EnumWindows
SetWindowPos
DrawTextW
GetScrollBarInfo
IsWindowEnabled
ShowWindow
SetForegroundWindow
FlashWindowEx
AdjustWindowRectEx
UpdateWindow
PostMessageA
GetKeyState
CallWindowProcA
MoveWindow
EnumChildWindows
SetParent
DestroyMenu
gdi32
GetGlyphOutlineW
GetGlyphOutlineA
GetKerningPairsA
GetOutlineTextMetricsA
GetICMProfileA
SetBkMode
Rectangle
CreatePen
DeleteDC
SelectObject
CreateCompatibleDC
SetStretchBltMode
CreateDIBSection
CreateFontIndirectA
GetTextExtentPoint32A
ExtTextOutA
TextOutA
GetTextExtentPoint32W
ExtTextOutW
TextOutW
GetObjectA
GetStockObject
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
GetTextMetricsA
CreateSolidBrush
DeleteObject
shell32
ExtractIconExA
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
DragAcceptFiles
SHChangeNotify
Shell_NotifyIconA
SHGetSpecialFolderPathW
ShellExecuteA
SHBrowseForFolderW
SHFileOperationA
DragQueryFileW
SHGetFileInfoA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHGetPathFromIDListA
SHFileOperationW
DragQueryFileA
ShellExecuteExA
SHGetFileInfoW
SHGetMalloc
ole32
CoCreateInstance
CoRegisterClassObject
CoTaskMemFree
CreateStreamOnHGlobal
StringFromGUID2
OleInitialize
OleUninitialize
CLSIDFromProgID
CoGetClassObject
OleLockRunning
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoResumeClassObjects
CLSIDFromString
CoTaskMemAlloc
oleaut32
SysFreeString
SysAllocStringLen
SysAllocString
SysStringByteLen
VariantInit
VariantClear
VarUI4FromStr
SysStringLen
LoadRegTypeLi
LoadTypeLi
OleCreateFontIndirect
VarBstrCat
VariantTimeToSystemTime
SystemTimeToVariantTime
comctl32
CreatePropertySheetPageW
PropertySheetA
CreatePropertySheetPageA
InitCommonControlsEx
ord6
PropertySheetW
mscms
GetColorDirectoryA
urlmon
URLDownloadToFileA
FindMimeFromData
CoInternetGetSession
URLDownloadToFileW
version
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
wintrust
WinVerifyTrust
ws2_32
ntohl
htonl
gethostbyname
htons
ntohs
comdlg32
GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW
GetSaveFileNameW
advapi32
RegEnumKeyExW
CryptReleaseContext
CryptDecrypt
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
RegQueryValueExA
RegEnumValueA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
CryptEncrypt
Exports
Exports
JSON_parser_char
JSON_parser_done
JSON_parser_is_legal_white_space_string
delete_JSON_parser
init_JSON_config
new_JSON_parser
Sections
.text Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 508KB - Virtual size: 507KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 92KB - Virtual size: 433KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
PicasaUpdater.exe.exe windows:4 windows x86 arch:x86
e1cd755edacea545367b461cd34d38dc
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before29/01/2014, 00:00Not After29/01/2016, 23:59SubjectCN=Google Inc,OU=Digital ID Class 3 - Java Object Signing+OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
78:4e:cc:5f:55:6a:d1:42:41:8d:9b:62:66:00:98:53:f1:5f:a1:dcSigner
Actual PE Digest78:4e:cc:5f:55:6a:d1:42:41:8d:9b:62:66:00:98:53:f1:5f:a1:dcDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
p:\p\agents\hpac4.eem\recipes\662730680\base\googleclient\picasa39-stable\build\PicasaUpdater.pdb
Imports
wintrust
WinVerifyTrust
kernel32
CreateMutexA
SetEvent
CreateEventA
WaitForSingleObject
InterlockedCompareExchange
Sleep
OpenMutexA
CloseHandle
GetExitCodeProcess
TerminateProcess
OpenProcess
GetCurrentProcessId
GetModuleHandleA
FreeLibrary
lstrcmpW
GetLastError
GetProcAddress
QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
ExitThread
RemoveDirectoryA
FindClose
GetSystemDefaultLCID
GetSystemInfo
QueryPerformanceFrequency
CreateDirectoryW
DeleteFileA
LoadLibraryExW
DeleteFileW
HeapFree
HeapAlloc
ExitProcess
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
MultiByteToWideChar
ReadFile
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
HeapSize
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetTimeZoneInformation
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalFree
LoadLibraryExA
OutputDebugStringA
FormatMessageA
LocalFree
WaitForMultipleObjects
ResetEvent
TerminateThread
SetThreadPriority
GetFileSize
UnmapViewOfFile
GetDriveTypeA
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindResourceA
SizeofResource
SetErrorMode
LoadResource
LockResource
GetShortPathNameW
GetLongPathNameW
CreateFileW
GetLongPathNameA
GetModuleFileNameW
SearchPathA
GetVersion
FindFirstFileW
CreateDirectoryExW
SetFileAttributesA
FindFirstFileA
GetFileAttributesExA
CreateThread
FindFirstFileExW
GetShortPathNameA
FindFirstFileExA
FindNextFileW
CreateProcessA
FindNextFileA
SetFileAttributesW
GetFileAttributesExW
CopyFileW
MoveFileW
GetDateFormatW
MoveFileExW
GetTimeFormatW
CreateDirectoryA
CopyFileA
RemoveDirectoryW
CreateDirectoryExA
MoveFileA
MoveFileExA
CreateProcessW
CopyFileExW
FindFirstChangeNotificationW
MoveFileWithProgressW
FindFirstChangeNotificationA
CopyFileExA
MoveFileWithProgressA
GetModuleHandleW
GetFileAttributesW
GetFileAttributesA
LoadLibraryW
user32
GetWindow
GetCursor
SetForegroundWindow
FlashWindowEx
GetWindowRect
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
EnumThreadWindows
IsWindowVisible
IsIconic
SystemParametersInfoA
GetSystemMetrics
PeekMessageA
IsWindow
IsDialogMessageA
TranslateAcceleratorA
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
AppendMenuW
MessageBoxW
SetWindowLongA
SetWindowLongW
CallWindowProcA
CreateWindowExA
GetWindowLongW
CallWindowProcW
RegisterClassA
GetMenuItemInfoA
RegisterClassW
UnregisterClassW
UnregisterClassA
GetClassInfoA
SetMenuItemInfoA
SetClassLongW
GetAsyncKeyState
SetClassLongA
InsertMenuItemA
DialogBoxParamW
SetWindowTextA
SendMessageW
AppendMenuA
SetDlgItemTextW
DefWindowProcW
DialogBoxParamA
MessageBoxA
ShowWindow
CreateDialogParamW
SetDlgItemTextA
CreateWindowExW
DefWindowProcA
CreateDialogParamA
SetFocus
AdjustWindowRect
MoveWindow
ReleaseCapture
DestroyWindow
FindWindowA
GetClientRect
GetActiveWindow
MessageBeep
PostQuitMessage
BeginPaint
EndPaint
GetDC
ReleaseDC
EnumWindows
SendMessageA
GetClassNameA
GetWindowLongA
LoadIconA
SetWindowPos
LoadImageA
GetDlgItem
EndDialog
SetActiveWindow
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
GetParent
GetWindowTextA
GetWindowTextW
SetCursor
LoadStringA
LoadCursorA
GetDesktopWindow
PostMessageA
SetWindowTextW
advapi32
RegEnumKeyExW
CryptEncrypt
CryptReleaseContext
CryptDecrypt
RegCloseKey
RegQueryValueExA
RegSetValueExA
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegEnumKeyExA
RegEnumValueA
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CryptDeriveKey
RegEnumValueW
RegCreateKeyExA
RegOpenKeyExA
shell32
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
SHFileOperationW
DragQueryFileW
SHGetSpecialFolderPathA
SHGetFileInfoA
SHFileOperationA
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteExW
DragQueryFileA
Shell_NotifyIconA
SHGetFileInfoW
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderPathW
oleaut32
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
comctl32
InitCommonControlsEx
PropertySheetA
CreatePropertySheetPageW
PropertySheetW
CreatePropertySheetPageA
urlmon
URLDownloadToFileW
URLDownloadToFileA
version
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW
wininet
InternetOpenA
InternetCloseHandle
InternetGetConnectedStateEx
InternetGetConnectedState
InternetQueryOptionA
InternetSetOptionA
InternetConnectA
InternetSetStatusCallback
HttpOpenRequestA
HttpEndRequestA
InternetReadFile
InternetWriteFile
InternetErrorDlg
HttpAddRequestHeadersA
HttpSendRequestA
HttpSendRequestExA
DeleteUrlCacheEntry
InternetCrackUrlA
HttpQueryInfoA
ws2_32
gethostbyname
gdi32
GetStockObject
GetTextExtentPoint32W
ExtTextOutW
TextOutW
ExtTextOutA
TextOutA
CreateFontIndirectA
DeleteDC
SelectObject
DeleteObject
CreatePen
Rectangle
BitBlt
GetTextExtentPoint32A
CreateCompatibleDC
SetBkMode
GetKerningPairsA
GetGlyphOutlineA
GetGlyphOutlineW
SetStretchBltMode
CreateDIBSection
comdlg32
GetOpenFileNameA
GetSaveFileNameW
GetOpenFileNameW
GetSaveFileNameA
Sections
.text Size: 660KB - Virtual size: 658KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 60KB - Virtual size: 141KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 300KB - Virtual size: 297KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
npPicasa3.dll.dll windows:4 windows x86 arch:x86
22b98c5c8c68a5c45b232e3b1c1c06e3
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before29/01/2014, 00:00Not After29/01/2016, 23:59SubjectCN=Google Inc,OU=Digital ID Class 3 - Java Object Signing+OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
cd:ec:f0:19:c3:83:b7:0f:10:49:c2:4f:f9:3c:d4:fb:ed:db:6f:d0Signer
Actual PE Digestcd:ec:f0:19:c3:83:b7:0f:10:49:c2:4f:f9:3c:d4:fb:ed:db:6f:d0Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
p:\p\agents\hpac4.eem\recipes\662730680\base\googleclient\picasa39-stable\build\npPicasa3.pdb
Imports
kernel32
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
Exports
Exports
NP_GetEntryPoints
NP_Initialize
NP_Shutdown
Sections
.text Size: 28KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
qtsupport.dll.dll windows:4 windows x86 arch:x86
d2d29e7a7bb2f127f0be43968900bd6d
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8dCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before29/01/2014, 00:00Not After29/01/2016, 23:59SubjectCN=Google Inc,OU=Digital ID Class 3 - Java Object Signing+OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
e9:84:93:29:08:49:16:3b:1e:ac:72:07:a6:8d:08:8a:d7:4e:fa:85Signer
Actual PE Digeste9:84:93:29:08:49:16:3b:1e:ac:72:07:a6:8d:08:8a:d7:4e:fa:85Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
p:\p\agents\hpac4.eem\recipes\662730680\base\googleclient\picasa39-stable\build\qtsupport.pdb
Imports
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
kernel32
GlobalFree
GlobalAlloc
FreeLibrary
GetModuleFileNameA
GetProcAddress
CloseHandle
ReleaseMutex
GetLastError
WaitForSingleObject
CreateMutexA
GetCurrentProcessId
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetFileAttributesA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
ExitProcess
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
user32
wsprintfA
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
Exports
Exports
QTENTRY
Sections
.text Size: 48KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 928B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
runtime/slingshot/respack.yt