SmartClient[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

SmartClient.zip
Size

14.9MB
MD5

d5d4a884cea57f126bf49a20414005fa
SHA1

1990a9bda008632bb83c912c85ba911c56a96dfc
SHA256

25512356b45d1f25c9f5e1ebfd53005773f95a6354c12aa9e8801f764daf215f
SHA512

f78c6ed13cd29d20a192e5bd30c0216311415f2f310cbe568a53392c569ae81093259c4ead2a1aea04d57975e1104a8c3a3d263d5af81de4c8e3772b2705f6de
SSDEEP

393216:qMlG/dXOeKQo/QralUaSoMoFL2Ry/dt1o7m7pqsq76qq:qMQ/pjYSkFbb1xMszqq

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/SmartClient/AVApis.dll
unpack001/SmartClient/BCNetSDK.dll
unpack001/SmartClient/BCP2P_API.dll
unpack001/SmartClient/DevMiddleware.dll
unpack001/SmartClient/EnCodeQr.dll
unpack001/SmartClient/IOTCAPIs.dll
unpack001/SmartClient/Language.dll
unpack001/SmartClient/Live555.dll
unpack001/SmartClient/OnvifPC.dll
unpack001/SmartClient/RDTApis.dll
unpack001/SmartClient/RemoteConfig.dll
unpack001/SmartClient/SmartClient.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$SYSDIR/pthreadVC.dll
unpack001/SmartClient/hi_VoiceEngine.dll
unpack001/SmartClient/playctrl.dll
unpack001/SmartClient/sqlite3.dll
unpack001/SmartClient/unins000.exe

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/SmartClient/WinPcap.exe	nsis_installer_1
static1/unpack001/SmartClient/WinPcap.exe	nsis_installer_2

Files

SmartClient.zip
.zip
SmartClient/AVApis.dll
.dll windows:4 windows x86 arch:x86

a17f3419f7613498fa4dc8de924e8104

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
DeleteCriticalSection
GetSystemTimeAsFileTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetLastError
HeapFree
WideCharToMultiByte
GetTimeZoneInformation
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedDecrement
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RtlUnwind
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle
CreateFileA

iotcapis

IOTC_Session_Channel_ON
IOTC_Session_Set_Channel_RcvCb
IOTC_Session_Check
RT
IOTC_Session_Write
IOTC_Session_Channel_OFF

Exports

Exports

avCheckAudioBuf
avClientCleanAudioBuf
avClientCleanBuf
avClientCleanVideoBuf
avClientExit
avClientSetMaxBufSize
avClientStart
avClientStart2
avClientStop
avDeInitialize
avGetAVApiVer
avInitialize
avRecvAudioData
avRecvFrameData
avRecvFrameData2
avRecvIOCtrl
avSendAudioData
avSendFrameData
avSendIOCtrl
avSendIOCtrlExit
avServExit
avServSetDelayInterval
avServSetMaxBufSize
avServSetResendSize
avServStart
avServStart2
avServStart3
avServStop

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/BCNetSDK.dll
.dll windows:5 windows x86 arch:x86

5a31ef96b5d2ccf4e4e69dd07be303b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

ioctlsocket
select
WSACleanup
setsockopt
socket
WSAStartup
inet_addr
gethostbyname
gethostname
send
closesocket
getsockopt
__WSAFDIsSet
connect
inet_ntoa
WSAGetLastError
recv
htons

kernel32

SetStdHandle
LoadLibraryA
Sleep
GetTimeZoneInformation
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
CreateMutexA
CreateEventA
ReleaseMutex
WaitForSingleObject
SetEvent
OutputDebugStringA
GlobalAlloc
MoveFileA
FindNextFileA
FindFirstFileA
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FlushFileBuffers
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapSize
GetCurrentDirectoryA
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA
GetLocaleInfoA
SetEndOfFile
GetProcessHeap
CompareStringA
TlsSetValue
TlsAlloc
TlsGetValue
SetFilePointer
ReadFile
MultiByteToWideChar
GetStdHandle
WriteFile
ExitProcess
CompareStringW
FreeEnvironmentStringsW
GetFullPathNameA
InterlockedDecrement
SetLastError
InterlockedIncrement
GetProcAddress
GetModuleHandleW
GetSystemTimeAsFileTime
HeapAlloc
RtlUnwind
GetLastError
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetFileAttributesA
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitThread
ResumeThread
CreateThread
DeleteFileA
GetCurrentThreadId
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
TlsFree

playctrl

PlayM4_GetPort
PlayM4_SetVolume
PlayM4_OpenStream
_PlayM4_SetToolbarHeight@8
PlayM4_Play
PlayM4_Stop
PlayM4_CloseStream
PlayM4_FreePort
PlayM4_PlaySound
PlayM4_StopSound
PlayM4_GetPlayPos
PlayM4_SetPlayPos
PlayM4_OneByOne
PlayM4_Slow
PlayM4_Fast
PlayM4_Pause
_PlayM4_ZoomInOut@24
PlayM4_ConvertToBmpFile
PlayM4_CaptureImage
_PlayM4_GetImageSize@12
PlayM4_RigisterDrawFun
_PlayM4_SetDisMode@8
PlayM4_InputData
PlayM4_SetStreamOpenMode

iotcapis

IOTC_Connect_ByUID
IOTC_Session_Close
IOTC_Connect_Stop
IOTC_DeInitialize
IOTC_Set_Max_Session_Number
IOTC_Initialize2

bcp2p_api

BCP2P_Check_Buffer
BCP2P_Write
BCP2P_ConnectByServer
BCP2P_Read
BCP2P_ForceClose
BCP2P_DeInitialize
BCP2P_GetAPIVersion
BCP2P_Initialize
BCP2P_NetworkDetect

rdtapis

RDT_Write
RDT_Create
RDT_Read
RDT_Destroy
RDT_DeInitialize
RDT_Initialize

netapi32

Netbios

iphlpapi

GetAdaptersInfo

wpcap

pcap_freealldevs
pcap_findalldevs_ex

shlwapi

StrStrIA

Exports

Exports

BC_CHECK_RECFILE_Is_Del
BC_CapturePicture
BC_CheckIpLanOrWan
BC_Cleanup
BC_CloseSound
BC_ExportConfigFile
BC_FindDVRLog
BC_FindFile
BC_FindFrame
BC_FindLogClose
BC_FindNextLog
BC_FormatDisk
BC_GetAlarmOut
BC_GetChannelState
BC_GetConfig
BC_GetConfigNoCallBack
BC_GetDownload_Pos
BC_GetFileByTime
BC_GetFile_ByName
BC_GetLastError
BC_GetLogFile
BC_GetLogFilePercent
BC_GetNetThroughOut
BC_GetSDKVersion
BC_GetSubStreamWH
BC_GetUserConfig
BC_Get_ExportFilePercent
BC_Get_RecfileSchedule
BC_H264toAVI
BC_ImportConfigFile
BC_Init
BC_Login
BC_Logout
BC_OpenSound
BC_PTZControl
BC_PTZTrack
BC_PlayBackByName
BC_PlayBackCaptureFile
BC_PlayBackControl
BC_PlayBackSaveData
BC_RealPlay
BC_RegisterFileFind
BC_RegisterGetFile
BC_RegisterGetFileByName
BC_RegisterGetFileByTime
BC_RegisterGetRespone
BC_RegisterLoginRespone
BC_RegisterPlayBack
BC_RegisterPreviewRespone
BC_RegisterRecFileDate
BC_RegisterSeek
BC_RegisterSetRespone
BC_RegisterStarAlarm
BC_RegisterStopAlarm
BC_Register_TestPrinfCallBack
BC_RigisterDrawFun
BC_SaveRealData
BC_SetAlarmOut
BC_SetConfig
BC_SetConnectTime
BC_SetDVRChannelChangeCallBack_V30
BC_SetDigitZoom
BC_SetDisMode
BC_SetExceptionCallBack
BC_SetMessageCallBack
BC_SetPartingSize
BC_SetPlayBack
BC_SetRealDataCallBack
BC_SetToolbarHeight
BC_StartAlarmChannel
BC_StartManualRecord
BC_StartVoiceCom
BC_StopAlarmChannel
BC_StopGetFileByTime
BC_StopManualRecord
BC_StopPlayBack
BC_StopPlayBackSave
BC_StopPlayBack_V20
BC_StopRealPlay
BC_StopRealPlay_V20
BC_StopSaveRealData
BC_StopVoiceCom
BC_Stop_GetFile
BC_UpdateChannelEnc
BC_Upgrade
BC_Volume
Bc_Responedproc
Bc_ResponedprocV20
Bc_SessionCallBack_Connect
Bc_SessionCallBack_Responed
Bc_SessionCallBack_ResponedV20
NET_DVR_CaptureJPEGPicture
NET_DVR_CloseSound
NET_DVR_GetPTZCruise
NET_DVR_GetPTZProtocol
NET_DVR_GetRealPlayerIndex
NET_DVR_H264toAVI
NET_DVR_OpenSound
NET_DVR_PTZControl
NET_DVR_PTZCruise
NET_DVR_PTZPreset
NET_DVR_PTZTrack
NET_DVR_PlayBackByName
NET_DVR_PlayBackCaptureFile
NET_DVR_PlayBackControl
NET_DVR_PlayBackSaveData
NET_DVR_RealPlay_V30
NET_DVR_SaveRealData_V30
NET_DVR_SetPlayDataCallBack
NET_DVR_SetPlayerBufNumber
NET_DVR_SetRealDataCallBack
NET_DVR_SetVoiceComClientVolume
NET_DVR_StartDVRRecord
NET_DVR_StartVoiceCom_V30
NET_DVR_StopDVRRecord
NET_DVR_StopPlayBack
NET_DVR_StopPlayBackSave
NET_DVR_StopRealPlay
NET_DVR_StopSaveRealData
NET_DVR_StopVoiceCom
NET_DVR_Volume
TalkDataCallBack
_BC_ExportConfigFileContinueV10
_BC_ExportConfigFileContinueV20
_BC_FindFileContinueV10
_BC_FindFileContinueV20
_BC_GetAdminAbility
_BC_GetConfigContinueV10
_BC_GetConfigContinueV20
_BC_GetFileByNameContinueV10
_BC_GetFileByNameContinueV20
_BC_GetFileByTimeContinueV10
_BC_GetFileByTimeContinueV20
_BC_GetLogContinueV10
_BC_GetLogContinueV20
_BC_GetManAlarmOutContinueV10
_BC_GetManAlarmOutContinueV20
_BC_GetRecFileDateContinueV10
_BC_GetRecFileDateV20
_BC_GetUserAbility
_BC_GetUserAbilityContinueV20
_BC_GetUserCfgContinueV20
_BC_ImportContinueV10
_BC_ImportContinueV20
_BC_LoginContinueV10
_BC_LogoutContinueV10
_BC_LogoutContinueV20
_BC_PlayBackContinueV10
_BC_PlayBackContinueV20
_BC_PreviewContinueV10
_BC_PreviewContinueV20
_BC_PtzTrackContinueV10
_BC_SeekContinueV10
_BC_SeekContinueV20
_BC_SetConfigContinueV10
_BC_SetConfigContinueV20
_BC_SetConfigMultiContinueV10
_BC_SetManAlarmOutContinueV10
_BC_SetManAlarmOutContinueV20
_BC_SetNetExtContinueV10
_BC_SetNetExtContinueV20
_BC_SetUserAbilityContinueV20
_BC_StarAlarmContinueV10
_BC_StarAlarmContinueV20
_BC_StopAlarmContinueV10
_BC_StopAlarmContinueV20
_BC_StopGetFileByNameContinueV10
_BC_StopGetFileByNameContinueV20
_BC_StopGetFileByTimeContinueV10
_BC_StopGetFileByTimeContinueV20
_BC_StopPlayBackContinueV10
_BC_StopPlayBackContinueV20
_BC_UpgradeContinueV10
_BC_UpgradeContinueV20
net_callback_main

Sections

.text
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/BCP2P_API.dll
.dll windows:4 windows x86 arch:x86

a96b27ea10160797cb46e84f42c4c120

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

setsockopt
gethostbyname
htonl
recvfrom
inet_addr
select
sendto
__WSAFDIsSet
ntohl
connect
getsockname
closesocket
inet_ntoa
WSACleanup
htons
bind
WSAStartup
ntohs
socket

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

kernel32

TerminateProcess
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
CreateFileA
CreateThread
CreateMutexW
Sleep
WaitForSingleObject
ReleaseMutex
CloseHandle
GetTickCount
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTimeAsFileTime
GetLastError
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
InitializeCriticalSection
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
ReadFile

Exports

Exports

?PPPP_Connect_Do@@YAHPADH0DG0@Z
?PPPP_Listen_Do@@YAHPADH0IGDPBD@Z
BCP2P_Check
BCP2P_Check_Buffer
BCP2P_Close
BCP2P_Connect
BCP2P_ConnectByServer
BCP2P_Connect_Break
BCP2P_DeInitialize
BCP2P_ForceClose
BCP2P_GetAPIVersion
BCP2P_Initialize
BCP2P_Listen
BCP2P_Listen_Break
BCP2P_LoginStatus_Check
BCP2P_NetworkDetect
BCP2P_NetworkDetectByServer
BCP2P_QueryDID
BCP2P_Read
BCP2P_Share_Bandwidth
BCP2P_Write
PPPP_Check
PPPP_Check_Buffer
PPPP_Close
PPPP_Connect
PPPP_ConnectByServer
PPPP_Connect_Break
PPPP_DeInitialize
PPPP_ForceClose
PPPP_GetAPIVersion
PPPP_Initialize
PPPP_Listen
PPPP_Listen_Break
PPPP_LoginStatus_Check
PPPP_NetworkDetect
PPPP_NetworkDetectByServer
PPPP_QueryDID
PPPP_Read
PPPP_Share_Bandwidth
PPPP_Write

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/DevMiddleware.dll
.dll windows:5 windows x86 arch:x86

eaa0e193c7618359ed83d939e8b257c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\release version\NvrBranch_V2.0-20150617\RemoteCofig DevMiddleware\bin\DevMiddleware.pdb

Imports

playctrl

PlayM4_CloseStream
PlayM4_InputData
PlayM4_OpenStream
PlayM4_PlaySound
PlayM4_StopSound
PlayM4_SetVolume
PlayM4_GetPlayPos
PlayM4_SetPlayPos
PlayM4_ConvertToBmpFile
PlayM4_CaptureImage
PlayM4_OneByOneBack
PlayM4_OneByOne
PlayM4_Slow
PlayM4_Fast
PlayM4_Pause
PlayM4_Stop
PlayM4_Play
PlayM4_SetStreamOpenMode
PlayM4_CloseFile
PlayM4_OpenFile
PlayM4_GetPort
PlayM4_FreePort

bcnetsdk

BC_GetChannelState
BC_UpdateChannelEnc
BC_SetMessageCallBack
BC_RegisterSeek
BC_RegisterPlayBack
BC_RegisterRecFileDate
BC_RegisterGetFileByName
BC_RegisterGetFileByTime
BC_RegisterFileFind
BC_RegisterSetRespone
BC_RegisterGetRespone
BC_RegisterPreviewRespone
BC_RegisterLoginRespone
BC_SetDVRChannelChangeCallBack_V30
BC_SetExceptionCallBack
BC_CHECK_RECFILE_Is_Del
BC_SetPartingSize
BC_Cleanup
BC_Init
BC_StopVoiceCom
BC_FindNextLog
BC_FindLogClose
BC_FindDVRLog
BC_StartAlarmChannel
BC_StopAlarmChannel
BC_SetConfig
BC_GetConfig
BC_GetLastError
BC_GetConfigNoCallBack
BC_GetSubStreamWH
BC_Upgrade
BC_ExportConfigFile
BC_ImportConfigFile
BC_GetLogFile
BC_GetLogFilePercent
BC_Get_ExportFilePercent
BC_GetNetThroughOut
BC_PTZControl
BC_PTZTrack
BC_RealPlay
BC_StopRealPlay
BC_CapturePicture
BC_RigisterDrawFun
BC_SetDisMode
BC_StartVoiceCom
BC_OpenSound
BC_CloseSound
BC_Volume
BC_SaveRealData
BC_StopSaveRealData
BC_SetDigitZoom
BC_FindFile
BC_PlayBackByName
BC_PlayBackControl
BC_StopPlayBack
BC_SetPlayBack
BC_Get_RecfileSchedule
BC_PlayBackCaptureFile
BC_H264toAVI
BC_GetDownload_Pos
BC_GetFile_ByName
BC_Stop_GetFile
BC_GetFileByTime
BC_StopGetFileByTime
BC_Login
BC_Logout
BC_StartManualRecord
BC_StopManualRecord

kernel32

GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers
GetModuleHandleA
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
HeapAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount

Exports

Exports

??0CDevRemoteFileDownloader@@QAE@ABV0@@Z
??0CDevRemoteFileDownloader@@QAE@PAVIDevUserLogin@@@Z
??0CDevRemoteFileDownloader@@QAE@PAVIDevUserLogin@@JPAUTIME@@1PAD@Z
??0CDevRemoteFileDownloader@@QAE@PAVIDevUserLogin@@PAD1@Z
??0CDevRemoteFileFinder@@QAE@ABV0@@Z
??0CDevRemoteFileFinder@@QAE@PAVIDevUserLogin@@PAUtagSearchEventCondition@@@Z
??0CDevRemoteFileFinder@@QAE@PAVIDevUserLogin@@PAUtagSearchFileCondition@@@Z
??0CDevRemotePlayback@@QAE@ABV0@@Z
??0CDevRemotePlayback@@QAE@PAVIDevUserLogin@@PAUHWND__@@@Z
??0CDevRemotePlayback@@QAE@PAVIDevUserLogin@@PAUHWND__@@JPAUTIME@@2@Z
??0CRLGlobal@@QAE@XZ
??1CDevRemoteFileDownloader@@UAE@XZ
??1CDevRemoteFileFinder@@UAE@XZ
??1CDevRemotePlayback@@UAE@XZ
??1CRLGlobal@@QAE@XZ
??4CDevAlarmFactory@@QAEAAV0@ABV0@@Z
??4CDevConfigFactory@@QAEAAV0@ABV0@@Z
??4CDevCtlPtzFactory@@QAEAAV0@ABV0@@Z
??4CDevLocalPlaybackFactory@@QAEAAV0@ABV0@@Z
??4CDevOnvifFactory@@QAEAAV0@ABV0@@Z
??4CDevPreviewFactory@@QAEAAV0@ABV0@@Z
??4CDevRemoteFileDownloader@@QAEAAV0@ABV0@@Z
??4CDevRemoteFileDownloaderFactory@@QAEAAV0@ABV0@@Z
??4CDevRemoteFileFinder@@QAEAAV0@ABV0@@Z
??4CDevRemoteFileFinderFactory@@QAEAAV0@ABV0@@Z
??4CDevRemotePlayback@@QAEAAV0@ABV0@@Z
??4CDevRemotePlaybackFactory@@QAEAAV0@ABV0@@Z
??4CDevUserLoginFactory@@QAEAAV0@ABV0@@Z
??4CRLGlobal@@QAEAAV0@ABV0@@Z
??_7CDevRemoteFileDownloader@@6B@
??_7CDevRemoteFileFinder@@6B@
??_7CDevRemotePlayback@@6B@
?Check_RecFile_Is_Del@CRLGlobal@@SAHPAD@Z
?Cleanup@CRLGlobal@@SAHXZ
?CreateDevAlarm@CDevAlarmFactory@@SAPAVIDevAlarm@@PAVIDevUserLogin@@@Z
?CreateDevConfig@CDevConfigFactory@@SAPAVIDevConfig@@PAVIDevUserLogin@@@Z
?CreateDevCtlPtz@CDevCtlPtzFactory@@SAPAVIDevCtlPtz@@PAVIDevUserLogin@@JPAVIDevPreview@@@Z
?CreateDevCtlPtz@CDevCtlPtzFactory@@SAPAVIDevCtlPtz@@PAVIDevUserLogin@@PAVIDevPreview@@@Z
?CreateDevLocalPlayback@CDevLocalPlaybackFactory@@SAPAVIDevLocalPlayback@@PAVIDevUserLogin@@@Z
?CreateDevOnvif@CDevOnvifFactory@@SAPAVIDevOnvif@@H@Z
?CreateDevPreview@CDevPreviewFactory@@SAPAVIDevPreview@@PAVIDevUserLogin@@J@Z
?CreateDevUserLogin@CDevUserLoginFactory@@SAPAVIDevUserLogin@@PAVCDevInfo@@@Z
?CreateDownloader@CDevRemoteFileDownloaderFactory@@SAPAVCDevRemoteFileDownloader@@PAVIDevUserLogin@@@Z
?CreateDownloader@CDevRemoteFileDownloaderFactory@@SAPAVCDevRemoteFileDownloader@@PAVIDevUserLogin@@JPAUTIME@@1PAD@Z
?CreateDownloader@CDevRemoteFileDownloaderFactory@@SAPAVCDevRemoteFileDownloader@@PAVIDevUserLogin@@PAD1@Z
?CreateFinder@CDevRemoteFileFinderFactory@@SAPAVCDevRemoteFileFinder@@PAVIDevUserLogin@@PAUtagSearchEventCondition@@@Z
?CreateFinder@CDevRemoteFileFinderFactory@@SAPAVCDevRemoteFileFinder@@PAVIDevUserLogin@@PAUtagSearchFileCondition@@@Z
?CreateRemotePlayback@CDevRemotePlaybackFactory@@SAPAVCDevRemotePlayback@@PAVIDevUserLogin@@PAUHWND__@@@Z
?CreateRemotePlayback@CDevRemotePlaybackFactory@@SAPAVCDevRemotePlayback@@PAVIDevUserLogin@@PAUHWND__@@JPAUTIME@@2@Z
?DeleteDevAlarm@CDevAlarmFactory@@SAXPAVIDevAlarm@@PAVIDevUserLogin@@@Z
?DeleteDevConfig@CDevConfigFactory@@SAXPAVIDevConfig@@PAVIDevUserLogin@@@Z
?DeleteDevCtlPtz@CDevCtlPtzFactory@@SAXPAVIDevCtlPtz@@PAVIDevUserLogin@@@Z
?DeleteDevLocalPlayback@CDevLocalPlaybackFactory@@SAXPAVIDevLocalPlayback@@@Z
?DeleteDevOnvif@CDevOnvifFactory@@SAXPAVIDevOnvif@@@Z
?DeleteDevPreview@CDevPreviewFactory@@SAXPAVIDevPreview@@PAVIDevUserLogin@@@Z
?DeleteDevUserLogin@CDevUserLoginFactory@@SAXPAVIDevUserLogin@@@Z
?DeleteDownloader@CDevRemoteFileDownloaderFactory@@SAXPAVCDevRemoteFileDownloader@@@Z
?DeleteFinder@CDevRemoteFileFinderFactory@@SAXPAVCDevRemoteFileFinder@@@Z
?DeleteRemotePlayback@CDevRemotePlaybackFactory@@SAXPAVCDevRemotePlayback@@@Z
?EnableLog2File@CRLGlobal@@SAHHPADH@Z
?FindClose@CDevRemoteFileFinder@@UAEHXZ
?GetBuffer@CRLGlobal@@SAPAUMsgAlarmInfo@@XZ
?GetChannelState@CRLGlobal@@SAHJAAUMsgChannelInfo@@@Z
?GetNetThroughOut@@YAHAAK@Z
?HandleChange@CRLGlobal@@SAXJPAUMsgChannelChangeInfo@@@Z
?HandleException@CRLGlobal@@SAXKJJPAX@Z
?HandleFileFindRespond@CRLGlobal@@SAXJW4BC_RSP_CODE_E@@JJPAUtagBC_FIND_DATA@@@Z
?HandleGetFileByNameRespond@CRLGlobal@@SAXJW4BC_RSP_CODE_E@@J@Z
?HandleGetFileByTimeRespond@CRLGlobal@@SAXJW4BC_RSP_CODE_E@@J@Z
?HandleGetRespond@CRLGlobal@@SAXJJJW4BC_RSP_CODE_E@@W4BC_CMD_E@@PAXKPAK@Z
?HandleLoginRespond@CRLGlobal@@SAXJW4BC_RSP_CODE_E@@PAUtagBC_DEVICE_INFO@@@Z
?HandleMsg@CRLGlobal@@SAXPAUMsgAlarmInfo@@@Z
?HandlePlayBackRespond@CRLGlobal@@SAXJW4BC_RSP_CODE_E@@J@Z
?HandlePreviewRespond@CRLGlobal@@SAXJW4BC_RSP_CODE_E@@J@Z
?HandleRecFileDateRespond@CRLGlobal@@SAXJW4BC_RSP_CODE_E@@PAUtag_BC_RECFILE_SCHEDULE@@@Z
?HandleSeekRespond@CRLGlobal@@SAXJW4BC_RSP_CODE_E@@@Z
?HandleSetRespond@CRLGlobal@@SAXJJJW4BC_RSP_CODE_E@@W4BC_CMD_E@@@Z
?HandleStartAlarmRespond@CRLGlobal@@SAXJW4BC_RSP_CODE_E@@J@Z
?HandleStopAlarmRespond@CRLGlobal@@SAXJW4BC_RSP_CODE_E@@J@Z
?IsDownloading@CDevRemoteFileDownloader@@UAEHXZ
?IsMessageCallbackRegistered@CRLGlobal@@SAHXZ
?RegisterAlarmCallback@CRLGlobal@@SAXPAX0@Z
?RegisterAllocator@CRLGlobal@@SAXPAX@Z
?RegisterConnectChangeCallBack@CRLGlobal@@SAHXZ
?RegisterExceptionCallBack@CRLGlobal@@SAHXZ
?RegisterFileFindRespondCallBack@CRLGlobal@@SAHXZ
?RegisterGetFileByNameRespondCallBack@CRLGlobal@@SAHXZ
?RegisterGetFileByTimeRespondCallBack@CRLGlobal@@SAHXZ
?RegisterGetRespondCallBack@CRLGlobal@@SAHXZ
?RegisterHandleConnectChange@CRLGlobal@@SAXPAX@Z
?RegisterHandleException@CRLGlobal@@SAXPAX@Z
?RegisterHandleFileFindRespond@CRLGlobal@@SAXPAX@Z
?RegisterHandleGetFileByNameRespond@CRLGlobal@@SAXPAX@Z
?RegisterHandleGetFileByTimeRespond@CRLGlobal@@SAXPAX@Z
?RegisterHandleGetRespond@CRLGlobal@@SAXPAX@Z
?RegisterHandleLoginRespond@CRLGlobal@@SAXPAX@Z
?RegisterHandleMessage@CRLGlobal@@SAXPAX@Z
?RegisterHandlePlayBackRespond@CRLGlobal@@SAXPAX@Z
?RegisterHandlePreviewRespond@CRLGlobal@@SAXPAX@Z
?RegisterHandleRecFileDateRespond@CRLGlobal@@SAXPAX@Z
?RegisterHandleSeekRespond@CRLGlobal@@SAXPAX@Z
?RegisterHandleSetRespond@CRLGlobal@@SAXPAX@Z
?RegisterHandleStartAlarmRespond@CRLGlobal@@SAXPAX@Z
?RegisterHandleStopAlarmRespond@CRLGlobal@@SAXPAX@Z
?RegisterLoginRespondCallBack@CRLGlobal@@SAHXZ
?RegisterPlayBackRespondCallBack@CRLGlobal@@SAHXZ
?RegisterPreviewRespondCallBack@CRLGlobal@@SAHXZ
?RegisterRecFileDateRespondCallBack@CRLGlobal@@SAHXZ
?RegisterSeekRespondCallBack@CRLGlobal@@SAHXZ
?RegisterSetRespondCallBack@CRLGlobal@@SAHXZ
?RegisterStartAlarmRespondCallBack@CRLGlobal@@SAHXZ
?RegisterStopAlarmRespondCallBack@CRLGlobal@@SAHXZ
?SetPartingSize@CRLGlobal@@SAHK@Z
?StartListen@CRLGlobal@@SAHPADGPAX@Z
?Startup@CRLGlobal@@SAHHH@Z
?Stop@CDevRemoteFileDownloader@@UAEHXZ
?Stop@CDevRemotePlayback@@UAEHXZ
?StopListen@CRLGlobal@@SAHXZ
?UpdateChannelEnc@CRLGlobal@@SAHJ@Z
?m_GetMsgBuffer@CRLGlobal@@0P6APAXXZA
?m_cbConnectChange@CRLGlobal@@0P6GXJPAUMsgChannelChangeInfo@@@ZA
?m_cbException@CRLGlobal@@0P6GXKJJPAX@ZA
?m_cbFileFindRespond@CRLGlobal@@0P6GXJW4BC_RSP_CODE_E@@JJPAUtagBC_FIND_DATA@@@ZA
?m_cbGetFileByNameRespond@CRLGlobal@@0P6GXJW4BC_RSP_CODE_E@@J@ZA
?m_cbGetFileByTimeRespond@CRLGlobal@@0P6GXJW4BC_RSP_CODE_E@@J@ZA
?m_cbGetRespond@CRLGlobal@@0P6GXJJJW4BC_RSP_CODE_E@@W4BC_CMD_E@@PAXKPAK@ZA
?m_cbHandleMsg@CRLGlobal@@0P6GXPAUMsgAlarmInfo@@@ZA
?m_cbLoginRespond@CRLGlobal@@0P6GXJW4BC_RSP_CODE_E@@PAUtagBC_DEVICE_INFO@@@ZA
?m_cbPlayBackRespond@CRLGlobal@@0P6GXJW4BC_RSP_CODE_E@@J@ZA
?m_cbPreviewRespond@CRLGlobal@@0P6GXJW4BC_RSP_CODE_E@@J@ZA
?m_cbRecFileDateRespond@CRLGlobal@@0P6GXJW4BC_RSP_CODE_E@@PAUtag_BC_RECFILE_SCHEDULE@@@ZA
?m_cbSeekRespond@CRLGlobal@@0P6GXJW4BC_RSP_CODE_E@@@ZA
?m_cbSetRespond@CRLGlobal@@0P6GXJJJW4BC_RSP_CODE_E@@W4BC_CMD_E@@@ZA
?m_cbStartAlarmRespond@CRLGlobal@@0P6GXJW4BC_RSP_CODE_E@@J@ZA
?m_cbStopAlarmRespond@CRLGlobal@@0P6GXJW4BC_RSP_CODE_E@@J@ZA
?m_lListenHandle@CRLGlobal@@0JA

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/EnCodeQr.dll
.dll windows:4 windows x86 arch:x86

2e85ba219d4135ddf89e48511d38fd09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
ResumeThread
CloseHandle
TerminateThread
WaitForSingleObject
GetPrivateProfileStringA
PurgeComm
ReadFile
SetCommTimeouts
SetCommState
Sleep
SetupComm
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
GetVersionExA
GetFileAttributesExA
MultiByteToWideChar
WideCharToMultiByte
GetDiskFreeSpaceExA
GetModuleFileNameA
GetFileAttributesA
CreateDirectoryA
lstrlenA
GetPrivateProfileIntA
GetCommState
lstrcpyA
IsValidLocale
LCMapStringW
LCMapStringA
SetConsoleCtrlHandler
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
SetStdHandle
GetEnvironmentStringsW
RtlUnwind
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetLastError
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
GetCommandLineA
GetVersion
HeapFree
EnterCriticalSection
LeaveCriticalSection
WriteFile
InitializeCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetLocaleInfoW

user32

GetDC
MessageBoxA
SendMessageA
LoadImageA
wsprintfA
DrawStateA

gdi32

CreateEnhMetaFileA
CloseEnhMetaFile
CreateMetaFileA
CloseMetaFile
GetDeviceCaps

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

shell32

ShellExecuteA

oleaut32

SysAllocStringByteLen

wsock32

inet_addr
WSACleanup
gethostbyname
gethostname
closesocket
setsockopt
socket
send
inet_ntoa
connect
htons
recv
WSAStartup

netapi32

Netbios

Exports

Exports

CloseRead
EnCodeQr
EnQrText
InitRead
MakeQrCode
SetQrConFile

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/IOTCAPIs.dll
.dll windows:4 windows x86 arch:x86

29adc4c54b36be60461c4ca4c3c5ba99

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
Sleep
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
CreateThread
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSection
ReadFile
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
MultiByteToWideChar
HeapSize
SetFilePointer
CreateFileA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetOEMCP
GetSystemTimeAsFileTime
GetLastError
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
LoadLibraryA
GetCPInfo
GetACP

ws2_32

closesocket
shutdown
getsockname
connect
gethostbyname
recv
getpeername
recvfrom
ioctlsocket
socket
setsockopt
getsockopt
htonl
bind
WSAStartup
WSACleanup
htons
inet_addr
select
__WSAFDIsSet
sendto
ntohs
inet_ntoa

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

Exports

Exports

AT
IOTC_Connect_ByUID
IOTC_Connect_ByUID2
IOTC_Connect_ByUID_Parallel
IOTC_Connect_Stop
IOTC_Connect_Stop_BySID
IOTC_DeInitialize
IOTC_Device_Login
IOTC_Get_Login_Info
IOTC_Get_Login_Info_ByCallBackFn
IOTC_Get_Nat_Type
IOTC_Get_SessionID
IOTC_Get_Version
IOTC_Initialize
IOTC_Initialize2
IOTC_Lan_Search
IOTC_Listen
IOTC_Listen2
IOTC_Listen_Exit
IOTC_Session_Channel_OFF
IOTC_Session_Channel_ON
IOTC_Session_Check
IOTC_Session_Check_ByCallBackFn
IOTC_Session_Close
IOTC_Session_Get_Free_Channel
IOTC_Session_Read
IOTC_Session_Read_Check_Lost
IOTC_Session_Set_Channel_RcvCb
IOTC_Session_Write
IOTC_Set_Anvance_Mode
IOTC_Set_Log_Path
IOTC_Set_Max_Session_Number
IOTC_Set_Partial_Encryption
RT
SA
XD

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/Install.ini
SmartClient/LangFiles/LangBgr.ini
SmartClient/LangFiles/LangChs.ini
SmartClient/LangFiles/LangCht.ini
SmartClient/LangFiles/LangCzh.ini
SmartClient/LangFiles/LangEng.ini
SmartClient/LangFiles/LangEsn.ini
SmartClient/LangFiles/LangFra.ini
SmartClient/LangFiles/LangGerman.ini
SmartClient/LangFiles/LangHun.ini
SmartClient/LangFiles/LangIta.ini
SmartClient/LangFiles/LangKra.ini
SmartClient/LangFiles/LangPersian.ini
SmartClient/LangFiles/LangPol.ini
SmartClient/LangFiles/LangPtg.ini
SmartClient/LangFiles/LangRom.ini
SmartClient/LangFiles/LangRus.ini
SmartClient/LangFiles/LangRus_st.ini
SmartClient/LangFiles/LangThai.ini
SmartClient/Language.cfg
SmartClient/Language.dll
.dll windows:5 windows x86 arch:x86

783870f90e494430a205054f73fb8772

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\release version\NvrBranch_V2.0-20150617\Language\bin\Language.pdb

Imports

kernel32

HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
HeapReAlloc
RaiseException
SetStdHandle
GetFileType
Sleep
ExitProcess
HeapSize
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GlobalFlags
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetModuleHandleA
GlobalFindAtomW
LoadLibraryA
GetVersionExA
CompareStringW
InterlockedIncrement
lstrlenA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
CloseHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryW
GetCurrentProcessId
GetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
WideCharToMultiByte
FreeLibrary
InterlockedDecrement
SetLastError
GetProcAddress
GetSystemDefaultLangID
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileSectionW
MultiByteToWideChar
GetFileAttributesW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
SetHandleCount
GetModuleHandleW

user32

DestroyMenu
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
SetWindowTextW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
UnhookWindowsHookEx
GetSubMenu
GetMenuItemCount
GetWindow
RegisterWindowMessageW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowTextW
UnregisterClassW
SetCursor
SetWindowsHookExW
GetTopWindow
GetMenuItemID
GetMenuState
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
SendMessageW
GetWindowThreadProcessId
IsWindow
GetFocus
GetSystemMetrics
CharUpperW
PostQuitMessage
PostMessageW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetDlgItem

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
RectVisible
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
GetDeviceCaps
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
TextOutW

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

?DLL_GetCurrentShow@@YA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?DLL_GetResFromKey@@YA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABV12@@Z
?DLL_GetValueMapLans@@YAPAV?$map@HV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@U?$less@H@std@@V?$allocator@U?$pair@$$CBHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@std@@@4@@std@@ABV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?DLL_LoadLangView@@YAXABV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V12@@Z

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/Live555.dll
.dll windows:5 windows x86 arch:x86

0e4431f374fc61abfaa5069d71ad92bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

connect
send
htons
gethostbyname
WSAStartup
inet_addr
WSACleanup
ioctlsocket
gethostname
recvfrom
ntohl
htonl
ntohs
getsockname
setsockopt
sendto
bind
closesocket
getsockopt
select
WSAGetLastError
socket
__WSAFDIsSet

kernel32

WideCharToMultiByte
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
CreateFileA
GetLocaleInfoA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
Sleep
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetLastError
HeapFree
SetFilePointer
HeapAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
SetStdHandle
GetFileType
WriteFile
GetModuleHandleA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
MultiByteToWideChar
ReadFile
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
FlushFileBuffers
CloseHandle
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW

Exports

Exports

live_BeginRtspLoop
live_OpenURL
live_StopRtspLoop
live_TeardownSection

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/LocalSetting.ini
SmartClient/MakeBarCode.cfg
SmartClient/MicrosoftAt.ttf
SmartClient/OnvifPC.dll
.dll windows:5 windows x86 arch:x86

0d8268e8c16bce3d30318c5ada4ee740

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\02_LocalSVN\pc_ti\NvrBranch_12-16\onvif\OnvifPC\bin\OnvifPC.pdb

Imports

kernel32

Sleep
GetLastError
SetLastError
FormatMessageA
CompareStringW
CompareStringA
HeapSize
CreateFileA
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
ExitThread
CloseHandle
ResumeThread
CreateThread
HeapFree
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
ReadFile
InterlockedDecrement
GetCPInfo
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetTimeZoneInformation
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetStdHandle
RtlUnwind
LCMapStringA
LCMapStringW
SetEnvironmentVariableA

ws2_32

shutdown
accept
connect
getsockopt
inet_addr
gethostbyname
recvfrom
sendto
send
closesocket
ioctlsocket
ntohl
select
__WSAFDIsSet
recv
WSAStartup
socket
WSAGetLastError
setsockopt
htonl
htons
bind
listen

Exports

Exports

ONVIF_ClientExit
ONVIF_ClientInit
ONVIF_ClientMainEntry
OnvifGetClientId
OnvifGetClientInfo
OnvifReleaseClientId
OnvifSetClientInfo
Onvif_ClientFree
Onvif_client_get_token
Onvif_client_get_token_number
Onvif_client_init_token
Onvif_client_save_token
Onvif_server_get_token

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 503KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/RDTApis.dll
.dll windows:4 windows x86 arch:x86

dbe18bcf03769c483183f85ed6a1a8ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexA
ReleaseMutex
WaitForSingleObject
GetSystemTimeAsFileTime
CloseHandle
CreateThread
Sleep
WideCharToMultiByte
GetTimeZoneInformation
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
InitializeCriticalSection
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapSize
SetEndOfFile
ReadFile

iotcapis

IOTC_Session_Channel_ON
RT
IOTC_Session_Check
IOTC_Session_Read
IOTC_Session_Write
IOTC_Session_Channel_OFF

Exports

Exports

RDT_Abort
RDT_Create
RDT_DeInitialize
RDT_Destroy
RDT_GetRDTApiVer
RDT_Initialize
RDT_Read
RDT_Set_Log_Path
RDT_Set_Max_Channel_Number
RDT_Status_Check
RDT_Write
RDT_Write_UrgentData

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/RemoteConfig.dll
.dll windows:5 windows x86 arch:x86

63f61fc28ccc4930f9e75a7b08e5c433

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\release version\NvrBranch_V2.0-20150617\RemoteCofig DevMiddleware\Bin\RemoteConfig.pdb

Imports

language

?DLL_GetResFromKey@@YA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABV12@@Z

kernel32

TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
RaiseException
HeapReAlloc
Sleep
ExitProcess
HeapSize
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
GetSystemTimeAsFileTime
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
HeapFree
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringW
InterlockedIncrement
GlobalFlags
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
CloseHandle
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
lstrcmpA
GetCurrentProcessId
GetModuleHandleA
InterlockedDecrement
FormatMessageW
LocalFree
MulDiv
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
SetLastError
lstrcmpW
GetVersionExA
GetLastError
IsDBCSLeadByte
GetTimeZoneInformation
GetLocalTime
GetProcAddress
LoadLibraryW
FreeLibrary
WideCharToMultiByte
lstrlenA
GetFileAttributesW
GetModuleFileNameW
GetModuleHandleW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
lstrlenW
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
FreeEnvironmentStringsA

user32

DestroyMenu
UnregisterClassW
GetMessageW
TranslateMessage
ValidateRect
DrawFocusRect
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
ScrollWindowEx
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
EndPaint
BeginPaint
ClientToScreen
GetMenuState
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
SetMenu
SetScrollRange
SetScrollPos
SetForegroundWindow
IsWindowVisible
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
RegisterClassW
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
CallWindowProcW
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GrayStringW
DrawTextExW
TabbedTextOutW
DrawTextW
IsWindow
ReleaseDC
GetDC
IsRectEmpty
WindowFromPoint
RegisterClassExW
LoadIconW
GetClassInfoExW
PostQuitMessage
SetClassLongW
GetFocus
DrawEdge
FillRect
LoadBitmapW
ScreenToClient
LoadImageW
ShowScrollBar
UpdateWindow
IntersectRect
SetWindowLongW
GetWindowLongW
SetTimer
KillTimer
OffsetRect
ReleaseCapture
SetCapture
GetCapture
SetCursor
InflateRect
CopyRect
GetSysColor
InvalidateRect
GetWindowDC
SendMessageW
EnableWindow
PostMessageW
GetClientRect
GetKeyState
PtInRect
GetCursorPos
GetParent
GetWindowRect
RedrawWindow
GetSysColorBrush
LoadCursorW
DefWindowProcW
GetClassInfoW

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
CreateFontIndirectW
GetTextMetricsW
CreateBitmap
RestoreDC
SaveDC
IntersectClipRect
ExcludeClipRect
SetMapMode
DeleteDC
DeleteObject
GetDeviceCaps
SetBkColor
SetTextColor
GetClipBox
Escape
ExtTextOutW
RectVisible
PtVisible
CreateRectRgn
GetBkColor
DPtoLP
GetViewportExtEx
GetWindowExtEx
GetMapMode
LPtoDP
TextOutW
GetStockObject
Rectangle
SetBkMode
Ellipse
RoundRect
CreatePen
CreateSolidBrush
CreateFontW
BitBlt
CreateCompatibleBitmap
GetTextExtentPoint32W
GetDIBColorTable
StretchBlt
CreateDIBSection
GetObjectW
CreateCompatibleDC
SetDIBColorTable
SelectObject

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegCloseKey
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW

ole32

CoInitializeEx
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit

gdiplus

GdipDeleteGraphics
GdipCreateBitmapFromStream
GdiplusStartup
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdiplusShutdown
GdipDrawImageI

Exports

Exports

GetRemoteCfgHwnd
SetAlarmInportNum
SetAlarmOutportNum
SetAllPreview
SetChannelNum
SetCustomFont
SetDevConfig
SetDvrIP
SetDvrMachineType
SetDvrPort
SetDvrType
SetDvrTypeInfo
SetETAbaility
SetFDAbaility
SetHDChannels
SetIDAbaility
SetLanguageID
SetNotransFrame
SetPTZ
SetParam
SetPreview
SetPreviewHwnd
SetSDCard
SetStartChannelNum
SetUserID
SetUserName
SetVTAbaility
SetVideoStandard
SetWifiUser
ShowRemoteConfig

Sections

.text
Size: 680KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 856KB - Virtual size: 855KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/SmartClient.exe
.exe windows:5 windows x86 arch:x86

7c849865f498738d44d3dfebe9daa93e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\release version\NvrBranch_V2.0-20150617\SmartClient\bin\SmartClient.pdb

Imports

gdiplus

GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipFree
GdipGetImageGraphicsContext
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipAlloc
GdipDisposeImage
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipDeleteGraphics

sqlite3

sqlite3_busy_timeout
sqlite3_mprintf
sqlite3_free
sqlite3_vmprintf
sqlite3_errmsg
sqlite3_get_table
sqlite3_free_table
sqlite3_changes
sqlite3_open
sqlite3_close
sqlite3_exec

wpcap

pcap_open
pcap_compile
pcap_setfilter
pcap_findalldevs_ex
pcap_freealldevs
pcap_next_ex
pcap_sendpacket

devmiddleware

?GetNetThroughOut@@YAHAAK@Z
?Cleanup@CRLGlobal@@SAHXZ
?StopListen@CRLGlobal@@SAHXZ
?RegisterSeekRespondCallBack@CRLGlobal@@SAHXZ
?RegisterHandleSeekRespond@CRLGlobal@@SAXPAX@Z
?RegisterPlayBackRespondCallBack@CRLGlobal@@SAHXZ
?RegisterHandlePlayBackRespond@CRLGlobal@@SAXPAX@Z
?RegisterRecFileDateRespondCallBack@CRLGlobal@@SAHXZ
?RegisterHandleRecFileDateRespond@CRLGlobal@@SAXPAX@Z
?RegisterGetFileByNameRespondCallBack@CRLGlobal@@SAHXZ
?RegisterHandleGetFileByNameRespond@CRLGlobal@@SAXPAX@Z
?RegisterGetFileByTimeRespondCallBack@CRLGlobal@@SAHXZ
?RegisterHandleGetFileByTimeRespond@CRLGlobal@@SAXPAX@Z
?RegisterFileFindRespondCallBack@CRLGlobal@@SAHXZ
?RegisterHandleFileFindRespond@CRLGlobal@@SAXPAX@Z
?RegisterSetRespondCallBack@CRLGlobal@@SAHXZ
?RegisterHandleSetRespond@CRLGlobal@@SAXPAX@Z
?RegisterGetRespondCallBack@CRLGlobal@@SAHXZ
?RegisterHandleGetRespond@CRLGlobal@@SAXPAX@Z
?RegisterPreviewRespondCallBack@CRLGlobal@@SAHXZ
?RegisterHandlePreviewRespond@CRLGlobal@@SAXPAX@Z
?RegisterLoginRespondCallBack@CRLGlobal@@SAHXZ
?RegisterHandleLoginRespond@CRLGlobal@@SAXPAX@Z
?RegisterConnectChangeCallBack@CRLGlobal@@SAHXZ
?RegisterHandleConnectChange@CRLGlobal@@SAXPAX@Z
?RegisterExceptionCallBack@CRLGlobal@@SAHXZ
?RegisterHandleException@CRLGlobal@@SAXPAX@Z
?RegisterAlarmCallback@CRLGlobal@@SAXPAX0@Z
?RegisterAllocator@CRLGlobal@@SAXPAX@Z
?RegisterHandleMessage@CRLGlobal@@SAXPAX@Z
?Startup@CRLGlobal@@SAHHH@Z
?CreateDevOnvif@CDevOnvifFactory@@SAPAVIDevOnvif@@H@Z
?Check_RecFile_Is_Del@CRLGlobal@@SAHPAD@Z
?GetChannelState@CRLGlobal@@SAHJAAUMsgChannelInfo@@@Z
?CreateRemotePlayback@CDevRemotePlaybackFactory@@SAPAVCDevRemotePlayback@@PAVIDevUserLogin@@PAUHWND__@@@Z
?CreateDownloader@CDevRemoteFileDownloaderFactory@@SAPAVCDevRemoteFileDownloader@@PAVIDevUserLogin@@@Z
?DeleteFinder@CDevRemoteFileFinderFactory@@SAXPAVCDevRemoteFileFinder@@@Z
?CreateFinder@CDevRemoteFileFinderFactory@@SAPAVCDevRemoteFileFinder@@PAVIDevUserLogin@@PAUtagSearchFileCondition@@@Z
?DeleteRemotePlayback@CDevRemotePlaybackFactory@@SAXPAVCDevRemotePlayback@@@Z
?SetPartingSize@CRLGlobal@@SAHK@Z
?DeleteDownloader@CDevRemoteFileDownloaderFactory@@SAXPAVCDevRemoteFileDownloader@@@Z
?CreateDownloader@CDevRemoteFileDownloaderFactory@@SAPAVCDevRemoteFileDownloader@@PAVIDevUserLogin@@PAD1@Z
?UpdateChannelEnc@CRLGlobal@@SAHJ@Z
?DeleteDevConfig@CDevConfigFactory@@SAXPAVIDevConfig@@PAVIDevUserLogin@@@Z
?CreateDevConfig@CDevConfigFactory@@SAPAVIDevConfig@@PAVIDevUserLogin@@@Z
?CreateDevPreview@CDevPreviewFactory@@SAPAVIDevPreview@@PAVIDevUserLogin@@J@Z
?CreateDevCtlPtz@CDevCtlPtzFactory@@SAPAVIDevCtlPtz@@PAVIDevUserLogin@@JPAVIDevPreview@@@Z
?DeleteDevCtlPtz@CDevCtlPtzFactory@@SAXPAVIDevCtlPtz@@PAVIDevUserLogin@@@Z
?DeleteDevPreview@CDevPreviewFactory@@SAXPAVIDevPreview@@PAVIDevUserLogin@@@Z
?CreateDevUserLogin@CDevUserLoginFactory@@SAPAVIDevUserLogin@@PAVCDevInfo@@@Z
?DeleteDevUserLogin@CDevUserLoginFactory@@SAXPAVIDevUserLogin@@@Z
?CreateDevAlarm@CDevAlarmFactory@@SAPAVIDevAlarm@@PAVIDevUserLogin@@@Z
?DeleteDevAlarm@CDevAlarmFactory@@SAXPAVIDevAlarm@@PAVIDevUserLogin@@@Z

language

?DLL_GetCurrentShow@@YA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?DLL_GetValueMapLans@@YAPAV?$map@HV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@U?$less@H@std@@V?$allocator@U?$pair@$$CBHV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@std@@@4@@std@@ABV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?DLL_LoadLangView@@YAXABV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V12@@Z
?DLL_GetResFromKey@@YA?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABV12@@Z

remoteconfig

SetCustomFont
SetUserID
ShowRemoteConfig
SetLanguageID
SetVideoStandard
SetPreviewHwnd
SetUserName
SetDvrTypeInfo
SetWifiUser
SetChannelNum
SetDvrMachineType
SetDvrPort
SetDvrIP
SetNotransFrame
SetETAbaility
SetDevConfig
GetRemoteCfgHwnd
SetDvrType
SetSDCard
SetPTZ
SetStartChannelNum
SetAllPreview
SetHDChannels
SetAlarmInportNum
SetAlarmOutportNum
SetFDAbaility
SetVTAbaility
SetIDAbaility

kernel32

CreateEventW
ResumeThread
GetModuleFileNameW
WideCharToMultiByte
lstrlenA
WaitForSingleObject
TerminateThread
InterlockedIncrement
GetFileAttributesW
GetModuleHandleW
GetProcAddress
GetLastError
LoadLibraryW
SetLastError
GetExitCodeThread
GetTickCount
Sleep
GetDiskFreeSpaceExW
DeleteFileW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
CreateThread
GetLocalTime
CreateFileW
ReleaseMutex
WritePrivateProfileStringW
GetPrivateProfileStringW
GetSystemDefaultLangID
InitializeCriticalSectionAndSpinCount
MulDiv
OpenProcess
GetCurrentProcessId
CreateMutexW
TerminateProcess
GetCurrentThreadId
GetCurrentDirectoryW
GlobalMemoryStatus
GetSystemTime
GetSystemInfo
GetLogicalDriveStringsW
GetDriveTypeW
FreeLibrary
LocalFree
FormatMessageW
GetVersionExA
lstrcmpW
LoadLibraryA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetModuleHandleA
lstrcmpA
SetThreadPriority
SuspendThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
CompareStringA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetFileSizeEx
GetFileTime
SetErrorMode
GetStartupInfoW
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
ExitThread
RtlUnwind
RaiseException
ExitProcess
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetCurrentDirectoryA
GetDriveTypeA
GetProcessHeap
SetEnvironmentVariableA
SetEvent
CloseHandle
GetVersionExW
InterlockedDecrement
GetLocaleInfoW
lstrcpynW
DeleteCriticalSection
InitializeCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
LockResource
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
lstrlenW
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
ResetEvent

user32

RegisterWindowMessageW
BeginPaint
EndPaint
SetDlgItemTextW
IsDialogMessageW
SetWindowTextW
MoveWindow
IsWindowEnabled
GetWindowThreadProcessId
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
WaitMessage
ValidateRect
GetActiveWindow
TranslateMessage
GetMessageW
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
DestroyMenu
CharUpperW
CharNextW
MapDialogRect
SetWindowContextHelpId
UnregisterClassW
CopyAcceleratorTableW
RemovePropW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
DrawTextW
TabbedTextOutW
SetCapture
LoadBitmapW
ReleaseCapture
InvalidateRect
DrawFocusRect
SendMessageW
EnableWindow
PostMessageW
GetKeyState
PtInRect
GetCursorPos
FillRect
GetClientRect
GetWindowDC
GetParent
GetWindowRect
RedrawWindow
GetSysColorBrush
LoadCursorW
DefWindowProcW
SendDlgItemMessageW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
SetMenu
CreateWindowExW
RegisterClassW
AdjustWindowRectEx
SetWindowPlacement
GetDlgCtrlID
GetMenu
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
GetClassNameW
SetPropW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
UnhookWindowsHookEx
SystemParametersInfoW
IntersectRect
SetWindowsHookExW
PostQuitMessage
DrawIcon
AppendMenuW
GetSystemMenu
CallNextHookEx
SetClassLongW
EnableMenuItem
RegisterClassExW
GetClassInfoExW
EqualRect
MessageBoxW
GetLastActivePopup
ShowWindow
FindWindowW
UpdateWindow
DestroyIcon
LoadIconW
DrawEdge
FindWindowExW
CheckMenuItem
SetForegroundWindow
ClientToScreen
ScreenToClient
GetDesktopWindow
WindowFromPoint
GetClassInfoW
GetPropW
GetSubMenu
ModifyMenuW
LoadMenuW
OffsetRect
DrawFrameControl
SetWindowLongW
CallWindowProcW
GetWindowLongW
CallWindowProcA
SetTimer
KillTimer
GetCapture
SetCursor
CopyRect
GetSysColor
ReleaseDC
GetDC
SetParent
GetSystemMetrics
InflateRect
IsIconic
IsWindowVisible
IsWindow
SetRect
GrayStringW
IsRectEmpty
DrawTextExW

gdi32

SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
GetRgnBox
RestoreDC
SaveDC
GetClipBox
CreateRectRgn
SetPixel
CreateFontIndirectW
Polygon
GetDeviceCaps
SetBkMode
GetStockObject
Rectangle
CreatePatternBrush
SetTextColor
SetBkColor
GetTextMetricsW
GetTextColor
Ellipse
GetTextExtentPoint32W
RoundRect
CreatePen
CreateSolidBrush
CreateFontW
Escape
ExtTextOutW
CreateCompatibleDC
CreateDIBSection
DeleteObject
StretchBlt
GetDIBColorTable
SelectObject
SetDIBColorTable
GetObjectW
CreateCompatibleBitmap
BitBlt
LPtoDP
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
GetBkColor
GetCurrentObject
CreateBitmap
GetPixel
PtVisible
RectVisible
TextOutW
DeleteDC

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathIsRootW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize
OleUninitialize

oleaut32

SysAllocString
VarDateFromStr
SysFreeString
SystemTimeToVariantTime
SysAllocStringByteLen
VariantClear
VariantInit
VariantCopy
SysAllocStringLen
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SafeArrayDestroy
OleCreateFontIndirect

ws2_32

WSAAsyncSelect
htons
socket
bind
WSACleanup
recvfrom
setsockopt
gethostbyname
ntohs
htonl
accept
select
WSASetLastError
connect
WSAStartup
send
recv
inet_addr
closesocket
sendto
WSAGetLastError
WSASocketW
gethostname
inet_ntoa

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

netapi32

Netbios

Sections

.text
Size: 538KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/TempQr.bmp
SmartClient/UserInfo.db
SmartClient/WinPcap.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:02:ae:ef:0d:31:be:74:3e:73:f6:a7:a9:60:c4:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26-09-2012 00:00

Not After

27-10-2015 23:59

Subject

CN=Riverbed Technology\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Marketing,O=Riverbed Technology\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:72:38:f0:32:8c:16:3b:2e:d9:97:ba:f7:42:66:0c:3b:6b:63:df
Signer

Actual PE Digest

be:72:38:f0:32:8c:16:3b:2e:d9:97:ba:f7:42:66:0c:3b:6b:63:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/bootOptions.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/Packet.dll
.dll windows:4 windows x86 arch:x86

19fa7010cacd16ef346ea8bbc2e8b999

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:02:ae:ef:0d:31:be:74:3e:73:f6:a7:a9:60:c4:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26-09-2012 00:00

Not After

27-10-2015 23:59

Subject

CN=Riverbed Technology\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Marketing,O=Riverbed Technology\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:ca:55:b7:f9:4a:c7:29:69:93:49:93:a7:2a:43:b4:e9:30:f5:a5
Signer

Actual PE Digest

86:ca:55:b7:f9:4a:c7:29:69:93:49:93:a7:2a:43:b4:e9:30:f5:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\releases\winpcap_4_1_3\winpcap\packetNtx\Dll\Project\Release\x86\Packet.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

npptools

SetBoolInBlob
DestroyBlob
CreateBlob
CreateNPPInterface
GetNPPBlobTable

ws2_32

inet_addr

iphlpapi

GetAdaptersInfo

kernel32

GlobalFree
GlobalAlloc
GlobalHandle
ReleaseMutex
GlobalLock
WaitForSingleObject
GlobalUnlock
QueryPerformanceCounter
CreateEventW
SetEvent
DeviceIoControl
GetModuleHandleW
WriteFile
QueryPerformanceFrequency
GetSystemDirectoryW
WideCharToMultiByte
CloseHandle
GetVersion
GetStringTypeW
ReadFile
GetFullPathNameW
GetModuleFileNameW
MultiByteToWideChar
CreateFileA
GetLastError
SetLastError
CreateMutexW
GetProcAddress
InitializeCriticalSection
Sleep
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
ResetEvent
DeleteCriticalSection
OutputDebugStringA
GetSystemTimeAsFileTime
GetLocaleInfoA
HeapSize
FlushFileBuffers
LoadLibraryW
GetCurrentThreadId
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetTickCount
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

advapi32

QueryServiceStatus
StartServiceW
OpenServiceA
RegOpenKeyExA
CreateServiceA
ControlService
OpenSCManagerW
RegEnumKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
CloseServiceHandle

ole32

CoUninitialize
CoInitializeEx
CoInitialize

Exports

Exports

PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetAirPcapHandle
PacketGetDriverVersion
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpLimits
PacketSetDumpName
PacketSetHwFilter
PacketSetLoopbackBehavior
PacketSetMinToCopy
PacketSetMode
PacketSetNumWrites
PacketSetReadTimeout
PacketSetSnapLen
PacketStopDriver

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/pthreadVC.dll
.dll windows:4 windows x86 arch:x86

90ee61357770484e2d085958b94141a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
exit
longjmp
_setjmp3
_ftime
_endthreadex
_beginthreadex
_errno
malloc
free

wsock32

WSAGetLastError
WSASetLastError

kernel32

GetThreadPriority
Sleep
EnterCriticalSection
TlsFree
TlsAlloc
GetExitCodeThread
ReleaseSemaphore
CreateSemaphoreA
GetCurrentProcessId
OpenProcess
GetLastError
SetThreadPriority
GetProcessAffinityMask
CloseHandle
TlsSetValue
TlsGetValue
SetLastError
InterlockedDecrement
ResetEvent
WaitForSingleObject
SetEvent
ResumeThread
SetThreadContext
GetThreadContext
SuspendThread
LeaveCriticalSection
LoadLibraryA
GetCurrentThreadId
CreateEventA
InterlockedIncrement
DuplicateHandle
GetCurrentThread
GetCurrentProcess
FreeLibrary
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/wpcap.dll
.dll windows:4 windows x86 arch:x86

10dce091d63eed72dc0010ebc8838f6a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:02:ae:ef:0d:31:be:74:3e:73:f6:a7:a9:60:c4:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26-09-2012 00:00

Not After

27-10-2015 23:59

Subject

CN=Riverbed Technology\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Marketing,O=Riverbed Technology\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cf:62:51:f0:27:45:ec:8f:43:5a:c8:f8:39:3a:ab:b8:9f:42:52:b7
Signer

Actual PE Digest

cf:62:51:f0:27:45:ec:8f:43:5a:c8:f8:39:3a:ab:b8:9f:42:52:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\releases\winpcap_4_1_3\winpcap\wpcap\PRJ\Release\x86\wpcap.pdb

Imports

ws2_32

WSACleanup
ntohl
gethostbyname
htons
gethostbyaddr
WSAGetLastError
htonl
getservbyname
inet_addr
getservbyport
inet_ntoa
WSASetLastError
getprotobyname
accept
closesocket
getpeername
getsockopt
setsockopt
getsockname
select
WSAStartup
shutdown
connect
listen
send
socket
bind
ntohs
recv

packet

PacketGetNetInfoEx
PacketGetAdapterNames
PacketSetMinToCopy
PacketSetLoopbackBehavior
PacketSetHwFilter
PacketGetStats
PacketSendPacket
PacketSetReadTimeout
PacketReceivePacket
PacketSetMode
PacketOpenAdapter
PacketSetBpf
PacketAllocatePacket
PacketInitPacket
PacketCloseAdapter
PacketFreePacket
PacketGetNetType
PacketSetBuff
PacketGetVersion
PacketSetDumpName
PacketSendPackets
PacketIsDumpEnded
PacketGetReadEvent
PacketSetDumpLimits
PacketGetAirPcapHandle
PacketGetStatsEx

kernel32

SetUnhandledExceptionFilter
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
MultiByteToWideChar
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapSize
SetFilePointer
CloseHandle
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetModuleFileNameA
WriteFile
DeleteCriticalSection
GetLastError
GetSystemDirectoryA
FreeLibrary
GetProcAddress
EnterCriticalSection
LoadLibraryA
LeaveCriticalSection
GetVersion
FindNextFileA
FormatMessageA
FindFirstFileA
FindClose
InterlockedExchange
SetLastError
InterlockedCompareExchange
Sleep
InitializeCriticalSection
UnhandledExceptionFilter
HeapFree
HeapAlloc
RtlUnwind
SetStdHandle
GetFileType
HeapReAlloc
GetModuleHandleA
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetStartupInfoA

Exports

Exports

bpf_dump
bpf_filter
bpf_image
bpf_validate
endservent
eproto_db
getservent
install_bpf_program
pcap_activate
pcap_breakloop
pcap_close
pcap_compile
pcap_compile_nopcap
pcap_create
pcap_createsrcstr
pcap_datalink
pcap_datalink_name_to_val
pcap_datalink_val_to_description
pcap_datalink_val_to_name
pcap_dispatch
pcap_dump
pcap_dump_close
pcap_dump_file
pcap_dump_flush
pcap_dump_ftell
pcap_dump_open
pcap_file
pcap_fileno
pcap_findalldevs
pcap_findalldevs_ex
pcap_free_datalinks
pcap_freealldevs
pcap_freecode
pcap_get_airpcap_handle
pcap_geterr
pcap_getevent
pcap_getnonblock
pcap_hopen_offline
pcap_is_swapped
pcap_lib_version
pcap_list_datalinks
pcap_live_dump
pcap_live_dump_ended
pcap_lookupdev
pcap_lookupnet
pcap_loop
pcap_major_version
pcap_minor_version
pcap_next
pcap_next_etherent
pcap_next_ex
pcap_offline_filter
pcap_offline_read
pcap_open
pcap_open_dead
pcap_open_live
pcap_open_offline
pcap_parsesrcstr
pcap_perror
pcap_read
pcap_remoteact_accept
pcap_remoteact_cleanup
pcap_remoteact_close
pcap_remoteact_list
pcap_sendpacket
pcap_sendqueue_alloc
pcap_sendqueue_destroy
pcap_sendqueue_queue
pcap_sendqueue_transmit
pcap_set_buffer_size
pcap_set_datalink
pcap_set_promisc
pcap_set_snaplen
pcap_set_timeout
pcap_setbuff
pcap_setdirection
pcap_setfilter
pcap_setmintocopy
pcap_setmode
pcap_setnonblock
pcap_setsampling
pcap_setuserbuffer
pcap_snapshot
pcap_stats
pcap_stats_ex
pcap_strerror
wsockinit

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinPcapInstall.dll
.dll windows:4 windows x86 arch:x86

ad1fff2efc5a1aa2884d5c780a51aa99

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:02:ae:ef:0d:31:be:74:3e:73:f6:a7:a9:60:c4:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26-09-2012 00:00

Not After

27-10-2015 23:59

Subject

CN=Riverbed Technology\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Marketing,O=Riverbed Technology\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:4b:32:ba:02:ff:cd:d6:6e:bf:35:a6:b9:a2:17:e5:f8:50:5e:5e
Signer

Actual PE Digest

26:4b:32:ba:02:ff:cd:d6:6e:bf:35:a6:b9:a2:17:e5:f8:50:5e:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\releases\winpcap_4_1_3\winpcap\install\WinPcap Installer Helper\Release\x86\WinPcapInstall.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
GetCurrentProcess
LoadLibraryExA
GetLastError
Sleep
FormatMessageA
FreeLibrary
GetModuleHandleA
LocalFree
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetEndOfFile
ReadFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

advapi32

OpenSCManagerA
ChangeServiceConfigA
StartServiceA
CreateServiceA
DeleteService
CloseServiceHandle
OpenServiceA
ControlService

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

Exports

Exports

manage_netmon
manage_npf_driver
manage_rpcapd_service

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rpcapd.exe
.exe windows:4 windows x86 arch:x86

2b9e73ff502840fe6b381682c42d43cf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:02:ae:ef:0d:31:be:74:3e:73:f6:a7:a9:60:c4:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26-09-2012 00:00

Not After

27-10-2015 23:59

Subject

CN=Riverbed Technology\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Marketing,O=Riverbed Technology\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:6f:43:de:5d:fa:a5:33:da:d2:7b:2b:a1:91:56:48:59:00:98:7b
Signer

Actual PE Digest

61:6f:43:de:5d:fa:a5:33:da:d2:7b:2b:a1:91:56:48:59:00:98:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\releases\winpcap_4_1_3\winpcap\wpcap\libpcap\rpcapd\Release\x86\rpcapd.pdb

Imports

wpcap

install_bpf_program
pcap_compile
pcap_open_offline
pcap_create
pcap_open_live
bpf_validate
pcap_findalldevs
pcap_strerror
pcap_freealldevs
pcap_geterr
pcap_close
pcap_setfilter
pcap_stats
pcap_next_ex

ws2_32

gethostbyaddr
closesocket
WSASetLastError
getsockname
htonl
inet_addr
getservbyname
ntohl
inet_ntoa
ntohs
accept
htons
connect
WSAStartup
shutdown
WSACleanup
recv
bind
socket
send
listen
getservbyport
select
gethostbyname
getpeername
WSAGetLastError

pthreadvc

pthread_attr_init
pthread_attr_setdetachstate
pthread_exit
pthread_cancel
pthread_attr_destroy
pthread_setcancelstate
pthread_setcanceltype
pthread_create

packet

PacketSetMinToCopy
PacketSetLoopbackBehavior

kernel32

GetConsoleOutputCP
WriteConsoleA
HeapSize
FlushFileBuffers
SetStdHandle
CreateFileA
ReadFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSection
WriteConsoleW
RtlUnwind
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
WriteFile
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
GetCurrentThreadId
SetLastError
TlsFree
GetSystemDirectoryA
FormatMessageA
GetLastError
FreeLibrary
GetProcAddress
CloseHandle
Sleep
LoadLibraryA
TlsSetValue
TlsAlloc
SetEndOfFile
SetConsoleCtrlHandler
HeapFree
HeapAlloc
GetModuleHandleA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue

user32

MessageBoxA

advapi32

StartServiceCtrlDispatcherA
SetServiceStatus
LogonUserA
ImpersonateLoggedOnUser
RegisterServiceCtrlHandlerA

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SmartClient/hi_VoiceEngine.dll
.dll windows:4 windows x86 arch:x86

9704c6413403804e79b3afc92396146e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

HI_VOICE_DecReset
HI_VOICE_DecodeFrame
HI_VOICE_EncReset
HI_VOICE_EncodeFrame
HI_VOICE_GetVersion
HI_VOICE_TransCodeFrame
HI_VOICE_TransCodeReset

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/playctrl.dll
.dll windows:4 windows x86 arch:x86

6b8f2672aa7868aa263c0ced31422ee6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ddraw

DirectDrawCreateEx

user32

GetClientRect
PostThreadMessageA
PeekMessageA
ReleaseDC
DrawFocusRect
SetRect
ClientToScreen
SendMessageA
GetDC
GetDesktopWindow

gdi32

DeleteObject
CreateBitmap
SelectObject
SetStretchBltMode
StretchBlt
CreateCompatibleDC

winmm

waveInClose
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutUnprepareHeader
waveInReset
mixerOpen
waveInStop
waveOutClose
waveOutOpen
waveOutPrepareHeader
waveOutWrite
timeKillEvent
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeSetEvent
timeGetTime
waveInUnprepareHeader
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetControlDetailsA
mixerSetControlDetails
mixerClose
waveOutReset

kernel32

CreateFileW
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetLastError
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
CreateDirectoryA
InterlockedExchange
IsDBCSLeadByteEx
GetSystemTimeAsFileTime
GetProcessAffinityMask
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetEndOfFile
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
CloseHandle
CreateThread
CreateEventA
Sleep
GetLocalTime
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
SetEvent
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
GetModuleHandleA
ReleaseMutex
OutputDebugStringA
CreateMutexA
TerminateThread
ResetEvent
LoadLibraryA
FreeLibrary
GetProcAddress
WaitForMultipleObjects
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLastError
DeleteFileA
GetFileAttributesA
RaiseException
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
GetCurrentThreadId
SetConsoleCtrlHandler
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetCurrentThread
FlushFileBuffers
WriteFile
ExitProcess
FatalAppExitA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ReadFile
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
UnhandledExceptionFilter
SetStdHandle
InterlockedDecrement
InterlockedIncrement
CreateFileA
GetCPInfo
GetACP
GetOEMCP

ole32

CoTaskMemFree

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptGenRandom

Exports

Exports

PlayM4_CaptureImage
PlayM4_CloseFile
PlayM4_CloseStream
PlayM4_CloseTalk
PlayM4_ConvertToBmpFile
PlayM4_Fast
PlayM4_FreePort
PlayM4_GetPlayPos
PlayM4_GetPort
PlayM4_GetSdkVersion
PlayM4_InputData
PlayM4_InputTalkData
PlayM4_OneByOne
PlayM4_OneByOneBack
PlayM4_OpenFile
PlayM4_OpenStream
PlayM4_OpenTalk
PlayM4_Pause
PlayM4_Play
PlayM4_PlaySound
PlayM4_RigisterDrawFun
PlayM4_SDKInit
PlayM4_SetPlayPos
PlayM4_SetStreamOpenMode
PlayM4_SetVolume
PlayM4_Slow
PlayM4_Stop
PlayM4_StopSound
_PlayM4_GetFileOver@4
_PlayM4_GetImageSize@12
_PlayM4_GetPlayLapse@8
_PlayM4_SetDisMode@8
_PlayM4_SetToolbarHeight@8
_PlayM4_ZoomInOut@24

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_a
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_i
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_l
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_f
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_l
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_p
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_a
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug_r
Size: 4KB - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/sqlite3.dll
.dll windows:4 windows x86 arch:x86

fe62f9dce6776626b1ed9d7894e7710d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile

msvcrt

atoi
free
localtime
malloc
memcpy
memmove
memset
qsort
realloc
strcmp
strncmp

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 784B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartClient/unins000.dat
SmartClient/unins000.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a17f3419f7613498fa4dc8de924e8104

Headers

File Characteristics

Imports

kernel32

iotcapis

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 4KB

5a31ef96b5d2ccf4e4e69dd07be303b5

Headers

File Characteristics

Imports

wsock32

kernel32

playctrl

iotcapis

bcp2p_api

rdtapis

netapi32

iphlpapi

wpcap

shlwapi

Exports

Exports

Sections

.text Size: 383KB - Virtual size: 382KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 59KB - Virtual size: 4.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 32KB

a96b27ea10160797cb46e84f42c4c120

Headers

File Characteristics

Imports

ws2_32

iphlpapi

kernel32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 4.6MB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 20KB - Virtual size: 18KB

eaa0e193c7618359ed83d939e8b257c2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

playctrl

bcnetsdk

kernel32

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

2e85ba219d4135ddf89e48511d38fd09

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 383KB - Virtual size: 382KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 59KB - Virtual size: 4.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 32KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 4.6MB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 50KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 19KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 29KB - Virtual size: 28KB

.text
Size: 155KB - Virtual size: 155KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 7KB - Virtual size: 65KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 18KB