27afd8876ff116298e774e1972a80510_JaffaCakes118

resource
27afd8876ff116298e774e1972a80510_JaffaCakes118
unpack001/$PLUGINSDIR/AnimGif.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/bin/MpaDecFilter.ax

resource	yara_rule
sample	nsis_installer_1

.exe windows:4 windows x86 arch:x86

237a51742fed62d237b6f1b75452402f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime

SearchPathA

GetShortPathNameA

GetFullPathNameA

MoveFileA

SetCurrentDirectoryA

GetFileAttributesA

GetLastError

CreateDirectoryA

SetFileAttributesA

Sleep

CreateFileA

GetFileSize

GetModuleFileNameA

GetTickCount

GetCurrentProcess

SetFileTime

ExitProcess

GetCommandLineA

GetWindowsDirectoryA

GetTempPathA

lstrcpynA

GetDiskFreeSpaceA

GlobalUnlock

GlobalLock

CreateThread

CreateProcessA

RemoveDirectoryA

GetTempFileNameA

lstrlenA

lstrcatA

GetSystemDirectoryA

CloseHandle

lstrcmpiA

lstrcmpA

GetEnvironmentVariableA

ExpandEnvironmentStringsA

GlobalFree

GlobalAlloc

WaitForSingleObject

GetExitCodeProcess

SetErrorMode

GetModuleHandleA

LoadLibraryA

GetProcAddress

FreeLibrary

MultiByteToWideChar

WritePrivateProfileStringA

GetPrivateProfileStringA

WriteFile

ReadFile

SetFilePointer

FindClose

MulDiv

FindNextFileA

FindFirstFileA

DeleteFileA

CopyFileA

user32

ExitWindowsEx

CharNextA

DialogBoxParamA

GetClassInfoA

SystemParametersInfoA

RegisterClassA

EndDialog

SetClassLongA

IsWindowEnabled

SetWindowPos

GetSysColor

CheckDlgButton

GetAsyncKeyState

IsDlgButtonChecked

GetMessagePos

LoadBitmapA

IsWindowVisible

CloseClipboard

SetClipboardData

EmptyClipboard

OpenClipboard

CreateDialogParamA

AppendMenuA

CreatePopupMenu

GetSystemMetrics

SetDlgItemTextA

GetDlgItemTextA

MessageBoxA

CharPrevA

wvsprintfA

DispatchMessageA

PeekMessageA

SendMessageTimeoutA

FindWindowExA

IsWindow

GetDlgItem

LoadImageA

GetDC

EnableWindow

InvalidateRect

CreateWindowExA

GetWindowLongA

DrawFocusRect

DestroyWindow

SetTimer

SetWindowTextA

PostQuitMessage

SetForegroundWindow

ShowWindow

TrackPopupMenu

wsprintfA

SendMessageA

CallWindowProcA

MapWindowPoints

GetWindowRect

ScreenToClient

PtInRect

LoadCursorA

SetCursor

DefWindowProcA

BeginPaint

GetClientRect

FillRect

DrawTextA

EndPaint

SetWindowLongA

gdi32

SetBkColor

GetDeviceCaps

GetCurrentObject

GetObjectA

DeleteObject

CreateBrushIndirect

CreateFontIndirectA

SetBkMode

SetTextColor

SelectObject

shell32

SHGetMalloc

SHGetPathFromIDListA

SHBrowseForFolderA

SHGetFileInfoA

ShellExecuteA

SHFileOperationA

SHGetSpecialFolderLocation

advapi32

RegEnumKeyA

RegEnumValueA

RegSetValueExA

RegCreateKeyExA

RegOpenKeyExA

RegDeleteKeyA

RegDeleteValueA

RegCloseKey

RegQueryValueExA

comctl32

ImageList_AddMasked

ImageList_Destroy

ord17

ImageList_Create

ole32

OleInitialize

OleUninitialize

CoCreateInstance

version

GetFileVersionInfoSizeA

GetFileVersionInfoA

VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PLUGINSDIR/AnimGif.dll

.dll windows:4 windows x86 arch:x86

b4b71331b921e2f441a2b05306cd7dae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

CreateFileA

ReadFile

lstrcmpiA

SetFilePointer

CloseHandle

TerminateThread

CreateThread

Sleep

lstrcpyA

GlobalFree

user32

ValidateRect

FillRect

InvalidateRgn

GetDC

ReleaseDC

CallWindowProcA

GetSysColor

FindWindowExA

IsWindowVisible

GetClientRect

IsWindow

GetWindowLongA

SetWindowLongA

RedrawWindow

SetRect

gdi32

FillRgn

CreateDIBitmap

CreateCompatibleDC

CreateSolidBrush

GetPixel

DeleteDC

StretchBlt

CreateRectRgn

SetDIBitsToDevice

DeleteObject

SetRectRgn

CombineRgn

SelectObject

msvcrt

strtoul

strchr

??2@YAPAXI@Z

__dllonexit

_onexit

??3@YAXPAX@Z

Exports

play

stop

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 382B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/InstallOptions.dll

.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA

GetCurrentDirectoryA

GetPrivateProfileIntA

GetModuleHandleA

lstrcmpiA

GetPrivateProfileStringA

lstrcatA

lstrcpynA

WritePrivateProfileStringA

lstrlenA

lstrcpyA

GlobalFree

MultiByteToWideChar

GlobalAlloc

user32

GetDlgCtrlID

GetClientRect

SetWindowRgn

MapWindowPoints

LoadImageA

SetWindowLongA

CreateWindowExA

MapDialogRect

SetWindowPos

GetWindowRect

CreateDialogParamA

ShowWindow

EnableWindow

GetDlgItem

DestroyIcon

DestroyWindow

DispatchMessageA

TranslateMessage

GetMessageA

IsDialogMessageA

PtInRect

LoadCursorA

SetCursor

DrawTextA

GetWindowLongA

DrawFocusRect

CallWindowProcA

PostMessageA

MessageBoxA

CharNextA

wsprintfA

GetWindowTextA

SetWindowTextA

SendMessageA

LoadIconA

gdi32

SetTextColor

GetObjectA

SelectObject

GetDIBits

CreateRectRgn

CombineRgn

DeleteObject

CreateCompatibleDC

shell32

SHGetPathFromIDListA

SHBrowseForFolderA

SHGetDesktopFolder

SHGetMalloc

ShellExecuteA

comdlg32

GetOpenFileNameA

GetSaveFileNameA

CommDlgExtendedError

Exports

dialog

initDialog

show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/KillProcDLL.dll

.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess

CloseHandle

OpenProcess

FreeLibrary

LoadLibraryA

GetProcAddress

GetVersionExA

GlobalFree

lstrcpyA

InterlockedDecrement

InterlockedIncrement

GetCommandLineA

GetVersion

HeapFree

HeapAlloc

WideCharToMultiByte

MultiByteToWideChar

LCMapStringA

LCMapStringW

InitializeCriticalSection

DeleteCriticalSection

EnterCriticalSection

LeaveCriticalSection

ExitProcess

GetCurrentProcess

HeapReAlloc

HeapSize

GetCurrentThreadId

TlsSetValue

TlsAlloc

TlsFree

TlsGetValue

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

GetModuleFileNameA

FreeEnvironmentStringsA

FreeEnvironmentStringsW

GetEnvironmentStrings

GetEnvironmentStringsW

HeapDestroy

HeapCreate

VirtualFree

WriteFile

VirtualAlloc

RtlUnwind

GetCPInfo

GetStringTypeA

GetStringTypeW

GetACP

GetOEMCP

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/KuWoNsis_new.dll

.dll windows:4 windows x86 arch:x86

188422af675275317874dcc96bd6779b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

82:a9:0e:fd:70:19:36:42:1e:aa:52:c6:0a:24:de:35:61:c4:fb:b1
Signer

Actual PE Digest

82:a9:0e:fd:70:19:36:42:1e:aa:52:c6:0a:24:de:35:61:c4:fb:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

d:\KwProjects\NsisPlugin\KuWoNsis\Release\KuWoNsis.pdb

Imports

kernel32

GetLogicalDriveStringsA

GetDiskFreeSpaceExA

GlobalFree

lstrcpyA

lstrcpynA

GlobalAlloc

FindClose

FindFirstFileA

MoveFileExA

GetLogicalDrives

FindNextFileA

GetVersionExA

CreateDirectoryA

MoveFileA

SetFileTime

LocalFileTimeToFileTime

SystemTimeToFileTime

GetLocalTime

GetDriveTypeA

CreateFileA

CloseHandle

DeleteFileA

DeviceIoControl

RtlUnwind

RaiseException

GetSystemTimeAsFileTime

GetCommandLineA

HeapAlloc

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetLastError

HeapFree

OutputDebugStringA

GetProcAddress

GetModuleHandleA

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

InterlockedDecrement

GetCurrentThreadId

ExitProcess

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

HeapDestroy

HeapCreate

VirtualFree

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

LeaveCriticalSection

EnterCriticalSection

VirtualAlloc

HeapReAlloc

WriteFile

HeapSize

SetFilePointer

GetConsoleCP

GetConsoleMode

GetCPInfo

GetACP

GetOEMCP

Sleep

LoadLibraryA

InitializeCriticalSection

GetModuleHandleW

SetStdHandle

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

MultiByteToWideChar

LCMapStringA

LCMapStringW

GetStringTypeA

GetStringTypeW

GetLocaleInfoA

FlushFileBuffers

VirtualProtect

GetSystemInfo

VirtualQuery

advapi32

BuildExplicitAccessWithNameA

SetEntriesInAclA

SetNamedSecurityInfoA

GetNamedSecurityInfoA

Exports

AddDirAccessRights

AddRegAccessRights

CreateCachePath

GetInstallDate

ModifyCacheFileAsNow

RenameDeletePathAllFiles

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/System.dll

.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc

GlobalFree

GlobalSize

lstrcpyA

lstrcpynA

FreeLibrary

lstrcatA

GetProcAddress

LoadLibraryA

GetModuleHandleA

MultiByteToWideChar

lstrlenA

WideCharToMultiByte

GetLastError

VirtualAlloc

VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2

CLSIDFromString

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

360Inst-kuwo.exe

.exe windows:4 windows x86 arch:x86

6ddbd50b0947319d109c43d495431eee

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW

lstrcpyW

FlushInstructionCache

GetCurrentProcess

DebugBreak

OutputDebugStringW

lstrlenA

GetLastError

CreateMutexW

InitializeCriticalSection

HeapDestroy

DeleteCriticalSection

GetProcAddress

GetModuleHandleW

GetVersionExW

GlobalFree

GlobalUnlock

GlobalLock

GlobalAlloc

ReadFile

GetFileSizeEx

GetPrivateProfileIntW

GetPrivateProfileStringW

GetExitCodeProcess

GetFileSize

TerminateProcess

GetSystemDirectoryW

CopyFileW

Process32NextW

Process32FirstW

CreateToolhelp32Snapshot

GetTickCount

OpenProcess

LoadLibraryW

FreeLibrary

WideCharToMultiByte

GetVersion

MulDiv

WritePrivateProfileStringW

MultiByteToWideChar

GetModuleFileNameW

GetLongPathNameW

GetSystemTimeAsFileTime

GetExitCodeThread

GetCurrentThreadId

EnterCriticalSection

LeaveCriticalSection

CloseHandle

InterlockedIncrement

lstrlenW

TryEnterCriticalSection

CreateEventA

GetSystemDirectoryA

LocalAlloc

QueryPerformanceCounter

SetEnvironmentVariableA

GetOEMCP

GetACP

GetLocaleInfoW

SetEndOfFile

FindClose

LoadLibraryA

SetStdHandle

IsBadCodePtr

GetStringTypeW

GetStringTypeA

GetTempPathW

EnumSystemLocalesA

GetLocaleInfoA

IsValidCodePage

IsValidLocale

SetUnhandledExceptionFilter

GetStartupInfoA

GetStdHandle

SetHandleCount

GetCommandLineA

GetEnvironmentStrings

GetEnvironmentStringsW

FreeEnvironmentStringsW

FreeEnvironmentStringsA

IsBadWritePtr

VirtualAlloc

VirtualFree

HeapCreate

GetVersionExA

GetEnvironmentVariableA

GetModuleFileNameA

UnhandledExceptionFilter

HeapSize

CompareStringW

CompareStringA

GetCPInfo

LCMapStringW

LCMapStringA

RaiseException

ExitProcess

GetStartupInfoW

GetModuleHandleA

IsBadReadPtr

HeapReAlloc

RtlUnwind

GetTimeZoneInformation

ExitThread

OpenThread

GetEnvironmentVariableW

SetEnvironmentVariableW

TlsFree

FormatMessageW

GetSystemTime

GetFileType

InterlockedExchange

LocalFree

DuplicateHandle

GetProcessHeap

HeapAlloc

HeapFree

CreateThread

TerminateThread

FindFirstFileW

GetFullPathNameW

SetLastError

FindNextFileW

FindResourceW

SizeofResource

LoadResource

CreateFileW

LockResource

WriteFile

ResumeThread

Sleep

GetCurrentProcessId

GetTempFileNameW

RemoveDirectoryW

DeleteFileW

GetFileTime

FlushFileBuffers

TlsAlloc

TlsGetValue

TlsSetValue

GetLocalTime

CreateDirectoryW

ResetEvent

GetFileAttributesExW

MoveFileW

CreateFileA

MoveFileExW

CreateEventW

SetEvent

ReleaseMutex

GetFileAttributesW

SetFilePointer

WaitForSingleObject

SetProcessWorkingSetSize

GetUserDefaultLCID

InterlockedDecrement

user32

GetActiveWindow

DialogBoxParamW

LoadStringW

SetForegroundWindow

UpdateWindow

PostMessageW

SetWindowLongW

wvsprintfW

CharNextW

DestroyWindow

DefWindowProcW

MessageBoxW

SendMessageW

PeekMessageW

GetMessageW

DispatchMessageW

ShowWindow

TranslateMessage

BeginPaint

EndPaint

SetCursor

GetSysColor

GetDC

ReleaseDC

GetWindowTextW

InflateRect

GetScrollInfo

MoveWindow

GetScrollRange

GetScrollPos

SetScrollPos

SetFocus

SetScrollInfo

ShowScrollBar

GetCursorPos

ScreenToClient

DrawTextW

GetSystemMenu

EnableMenuItem

DestroyMenu

GetWindowPlacement

SetWindowPlacement

BringWindowToTop

LoadIconW

PostQuitMessage

IsDialogMessageW

KillTimer

SetTimer

CreateWindowExW

CallWindowProcW

InvalidateRect

RedrawWindow

GetClassInfoExW

LoadCursorW

wsprintfW

RegisterClassExW

IsWindow

IsWindowVisible

IsIconic

ExitWindowsEx

EnableWindow

OffsetRect

GetDlgItem

PtInRect

CopyRect

CharLowerW

SetDlgItemTextW

CharUpperW

GetSystemMetrics

LoadImageW

SetWindowTextW

GetParent

GetWindowLongW

GetWindow

GetWindowRect

SystemParametersInfoW

GetClientRect

MapWindowPoints

SetWindowPos

EndDialog

gdi32

BitBlt

GetDeviceCaps

SetBkColor

ExtTextOutW

CreateCompatibleDC

DeleteDC

SetBkMode

SelectObject

SetTextColor

CreateFontIndirectW

DeleteObject

CreateCompatibleBitmap

advapi32

RegCloseKey

OpenProcessToken

LookupPrivilegeValueW

AdjustTokenPrivileges

RegOpenKeyExW

RegCreateKeyExW

RegSetValueExW

RegQueryValueExW

RegCreateKeyW

RegOpenKeyW

shell32

Shell_NotifyIconW

ShellExecuteExW

ShellExecuteW

SHBrowseForFolderW

ord165

SHGetSpecialFolderPathW

SHGetPathFromIDListW

SHGetSpecialFolderLocation

SHCreateDirectoryExW

ole32

CLSIDFromProgID

CoTaskMemFree

CreateStreamOnHGlobal

CoInitialize

CLSIDFromString

CoUninitialize

CoCreateInstance

oleaut32

OleLoadPicture

SysFreeString

VariantClear

SysAllocString

shlwapi

PathIsDirectoryW

PathRemoveFileSpecW

PathCombineW

SHGetValueW

PathFindFileNameW

PathIsRootW

PathFileExistsW

version

VerQueryValueW

GetFileVersionInfoA

VerQueryValueA

GetFileVersionInfoW

GetFileVersionInfoSizeW

GetFileVersionInfoSizeA

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

ws2_32

inet_ntoa

gethostname

gethostbyname

closesocket

select

recvfrom

inet_addr

sendto

WSAGetLastError

ioctlsocket

setsockopt

htonl

accept

htons

bind

listen

WSAStartup

WSACloseEvent

WSAEnumNetworkEvents

WSAWaitForMultipleEvents

WSACreateEvent

__WSAFDIsSet

socket

ntohl

ntohs

send

connect

recv

WSAEventSelect

WSACleanup

setupapi

SetupIterateCabinetW

psapi

GetModuleFileNameExW

EnumProcessModules

Sections

.text
Size: 488KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

EncodeBnd.exe

.exe windows:4 windows x86 arch:x86

78f160eb7866ebc0f1481a827449de0a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d1:06:8e:5f:61:29:ec:3e:62:b3:93:ef:f4:e6:91:01:8d:8a:3b:0d
Signer

Actual PE Digest

d1:06:8e:5f:61:29:ec:3e:62:b3:93:ef:f4:e6:91:01:8d:8a:3b:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\project\working\2804\CommonLib\prj\Encode\Release\Encode.pdb

Imports

kernel32

GetTickCount

TerminateThread

WaitForSingleObject

GetExitCodeThread

lstrcpynA

CloseHandle

CreateThread

ResetEvent

SetEvent

GetSystemInfo

VirtualProtect

ReadFile

SetEndOfFile

LoadLibraryA

GetStringTypeW

GetStringTypeA

GetLocaleInfoA

LCMapStringW

MultiByteToWideChar

LCMapStringA

CreateFileA

InitializeCriticalSection

SetFilePointer

VirtualQuery

RtlUnwind

RaiseException

GetModuleHandleA

GetCommandLineA

GetVersionExA

ExitProcess

HeapAlloc

HeapFree

HeapReAlloc

TlsAlloc

SetLastError

GetCurrentThreadId

GetLastError

TlsFree

TlsSetValue

TlsGetValue

GetProcAddress

SetUnhandledExceptionFilter

EnterCriticalSection

LeaveCriticalSection

WriteFile

FlushFileBuffers

DeleteCriticalSection

TerminateProcess

GetCurrentProcess

GetStdHandle

GetModuleFileNameA

UnhandledExceptionFilter

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

SetHandleCount

GetFileType

GetStartupInfoA

HeapDestroy

HeapCreate

VirtualFree

QueryPerformanceCounter

GetCurrentProcessId

GetSystemTimeAsFileTime

VirtualAlloc

IsBadWritePtr

HeapSize

IsBadReadPtr

IsBadCodePtr

GetACP

GetOEMCP

GetCPInfo

SetStdHandle

InterlockedExchange

ws2_32

inet_addr

gethostbyname

WSACloseEvent

shutdown

closesocket

WSASend

WSARecv

WSAWaitForMultipleEvents

WSAGetOverlappedResult

WSAResetEvent

select

bind

listen

WSASocketA

setsockopt

WSAGetLastError

ioctlsocket

WSAStartup

WSACleanup

htons

htonl

WSACreateEvent

connect

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

Install360AV.exe

.exe windows:4 windows x86 arch:x86

5314869c22211c933a19852a20d08453

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fb:50:4f:36:8b:91:8f:f5:c7:3c:cf:49:b4:b6:88:6b:07:08:26:a5
Signer

Actual PE Digest

fb:50:4f:36:8b:91:8f:f5:c7:3c:cf:49:b4:b6:88:6b:07:08:26:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\KwProjects\Install360AV\Release\Install360AV.pdb

Imports

kernel32

CreateProcessA

Sleep

ExitProcess

GetModuleHandleA

GetStartupInfoA

GetCommandLineA

GetVersionExA

QueryPerformanceCounter

GetTickCount

GetCurrentThreadId

GetCurrentProcessId

GetSystemTimeAsFileTime

GetModuleFileNameA

GetProcAddress

TerminateProcess

GetCurrentProcess

WriteFile

GetStdHandle

UnhandledExceptionFilter

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

WideCharToMultiByte

GetLastError

GetEnvironmentStringsW

SetHandleCount

GetFileType

HeapDestroy

HeapCreate

VirtualFree

HeapFree

SetFilePointer

HeapAlloc

LoadLibraryA

RtlUnwind

InterlockedExchange

VirtualQuery

GetACP

GetOEMCP

GetCPInfo

VirtualAlloc

HeapReAlloc

SetStdHandle

HeapSize

LCMapStringA

MultiByteToWideChar

LCMapStringW

GetStringTypeA

GetStringTypeW

FlushFileBuffers

GetLocaleInfoA

VirtualProtect

GetSystemInfo

CloseHandle

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

Microsoft.VC90.CRT.manifest

Microsoft.VC90.MFC.manifest

bin/CKuwoPlayer.dll

.dll windows:5 windows x86 arch:x86

cc3290c3217d058fcd1a545829056489

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

66:a1:73:4c:49:62:ad:58:4a:b0:89:fb:47:39:2b:96:7d:dd:c9:88
Signer

Actual PE Digest

66:a1:73:4c:49:62:ad:58:4a:b0:89:fb:47:39:2b:96:7d:dd:c9:88

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

g:\MusicBoxV3\Main\KwResource\bin\release\pdb\CKuwoPlayer.pdb

Imports

winmm

timeEndPeriod

timeGetDevCaps

timeBeginPeriod

mfc90

ord266

ord1062

ord798

ord1144

ord265

ord1607

ord310

ord601

ord800

ord5997

ord605

ord1278

ord321

ord1243

ord1241

ord1268

ord1180

ord1233

ord2084

ord391

ord1152

ord1277

ord1275

ord1145

ord1075

ord1137

ord322

ord801

ord1087

msvcr90

__clean_type_info_names_internal

_except_handler4_common

_purecall

__CxxFrameHandler3

??0exception@std@@QAE@ABQBD@Z

?what@exception@std@@UBEPBDXZ

??1exception@std@@UAE@XZ

??0exception@std@@QAE@XZ

_invalid_parameter_noinfo

_CxxThrowException

??0exception@std@@QAE@ABV01@@Z

atoi

atof

strncpy

iswspace

sprintf

_crt_debugger_hook

memset

_msize

?_type_info_dtor_internal_method@type_info@@QAEXXZ

?terminate@@YAXXZ

_CIcos

_CIsin

__CppXcptFilter

_adjust_fdiv

_amsg_exit

_initterm_e

_initterm

_encoded_null

free

_malloc_crt

_decode_pointer

_onexit

_lock

_encode_pointer

__dllonexit

_unlock

_vscprintf

vsprintf

tolower

strncmp

fprintf

fopen

fread

fclose

strrchr

_stat64

strstr

_mbsrchr

toupper

memcpy

_snprintf

memmove_s

_CIsqrt

_CIlog10

_stricmp

kernel32

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

InterlockedExchange

LocalAlloc

LocalFree

GetFileAttributesA

CreateProcessA

WaitForSingleObject

FindNextFileA

FindClose

GetModuleFileNameA

QueryPerformanceCounter

CreateThread

TerminateThread

CloseHandle

EnterCriticalSection

LeaveCriticalSection

InitializeCriticalSection

Sleep

GetLastError

GetCurrentThreadId

GetWindowsDirectoryA

LoadLibraryA

GetProcAddress

FreeLibrary

DeleteCriticalSection

GetSystemTimeAsFileTime

GetTickCount

FindFirstFileA

GetCurrentProcessId

user32

CreateWindowExA

GetMessageA

PostMessageA

RegisterClassA

IsChild

TranslateMessage

DispatchMessageA

PostQuitMessage

DefWindowProcA

MessageBoxA

CopyRect

DestroyWindow

GetParent

gdi32

GetStockObject

shlwapi

PathFileExistsA

ole32

CoUninitialize

msvcp90

?uncaught_exception@std@@YA_NXZ

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

?good@ios_base@std@@QBE_NXZ

?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z

??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ

?width@ios_base@std@@QAEHH@Z

??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z

?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z

?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ

?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z

??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ

??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z

?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z

?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z

?eof@?$char_traits@D@std@@SAHXZ

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

?flags@ios_base@std@@QBEHXZ

?width@ios_base@std@@QBEHXZ

??7ios_base@std@@QBE_NXZ

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ

kwlog

?YL_Log@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0PBDZZ

kwdatadef

??0SONG_INFO@@QAE@XZ

?Init@SONG_INFO@@QAEXXZ

??1SONG_INFO@@QAE@XZ

kwmodconfig

AfxGetConfigManager

Exports

CreateKuwoPlayer

GetKuwoPlayerMediaPluginConfig

GetMeidaPluginManagerFactory

ReleaseKuwoPlayer

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/CWmpPlayer.dll

.dll windows:5 windows x86 arch:x86

ffa030b08ed1f9b091f130d76d941a26

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4b:63:d3:72:1b:92:23:8e:ed:d3:15:11:70:ec:9c:10:5e:cd:69:98
Signer

Actual PE Digest

4b:63:d3:72:1b:92:23:8e:ed:d3:15:11:70:ec:9c:10:5e:cd:69:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

g:\MusicBoxV3\Main\KwResource\bin\release\pdb\CWmpPlayer.pdb

Imports

mfc90

ord3346

ord796

ord1728

ord2069

ord744

ord3732

ord524

ord4513

ord4529

ord4030

ord2795

ord5139

ord4688

ord1729

ord6446

ord5668

ord5666

ord958

ord963

ord967

ord965

ord969

ord2610

ord2630

ord2614

ord2620

ord2618

ord2616

ord2633

ord2628

ord2612

ord2635

ord2623

ord2605

ord2607

ord6391

ord2375

ord2368

ord1644

ord6784

ord4160

ord6782

ord3671

ord5389

ord6356

ord3218

ord1446

ord5608

ord2139

ord1792

ord1791

ord5633

ord2766

ord2978

ord3107

ord4714

ord2961

ord3135

ord2769

ord2888

ord2759

ord3277

ord4066

ord4067

ord4057

ord2886

ord4334

ord4895

ord4667

ord595

ord3940

ord4281

ord1755

ord1752

ord4331

ord1497

ord4650

ord5585

ord2074

ord5497

ord4589

ord6780

ord2625

ord5647

ord1746

ord3949

ord2592

ord798

ord2470

ord800

msvcr90

_stricmp

__clean_type_info_names_internal

_except_handler4_common

_crt_debugger_hook

?_type_info_dtor_internal_method@type_info@@QAEXXZ

?terminate@@YAXXZ

__CppXcptFilter

_adjust_fdiv

_amsg_exit

_initterm_e

_initterm

_encoded_null

free

_malloc_crt

_decode_pointer

_onexit

_lock

_encode_pointer

__dllonexit

_unlock

strrchr

memset

_mbsicmp

_mbsstr

_mbsnbcpy

memmove_s

??0exception@std@@QAE@ABV01@@Z

_CxxThrowException

_invalid_parameter_noinfo

_purecall

__CxxFrameHandler3

??0exception@std@@QAE@XZ

??1exception@std@@UAE@XZ

?what@exception@std@@UBEPBDXZ

??0exception@std@@QAE@ABQBD@Z

_strnicmp

kernel32

GetCurrentProcess

GetLastError

lstrlenW

MultiByteToWideChar

WaitForSingleObject

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

DisableThreadLibraryCalls

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

WideCharToMultiByte

TerminateProcess

InterlockedCompareExchange

Sleep

InterlockedExchange

GetWindowsDirectoryA

CreateFileA

CloseHandle

lstrcpyA

lstrcatA

CreateProcessA

user32

ShowWindow

IsWindow

EnableWindow

GetParent

KillTimer

SetTimer

GetClientRect

GetWindowRect

CopyRect

oleaut32

SysFreeString

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

?CreateMediaAudioPlayer@@YAPAVIMediaAudioPlayer@@XZ

?CreateMediaVideoPlayer@@YAPAVIMediaVideoPlayer@@XZ

?ReleaseMediaAudioPlayer@@YAXPAVIMediaAudioPlayer@@@Z

?ReleaseMediaVideoPlayer@@YAXPAVIMediaVideoPlayer@@@Z

CreateWmpPlayer

ReleaseWmpPlayer

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/CoreAVC0.ax

.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

92:c8:5c:3a:53:e1:48:67:69:9a:2c:04:95:b0:a0:31:37:1d:57:a4
Signer

Actual PE Digest

92:c8:5c:3a:53:e1:48:67:69:9a:2c:04:95:b0:a0:31:37:1d:57:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

Configure

DllCanUnloadNow

DllGetClassObject

DllRegisterServer

DllUnregisterServer

Sections

.
Size: - Virtual size: 788KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

bin/DshowPlayer.dll

.dll windows:5 windows x86 arch:x86

51011157c8eff9ae62263977212e0b44

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:3d:8b:28:0c:7a:b5:8d:d9:99:47:8e:97:35:95:e2:41:8c:dd:ed
Signer

Actual PE Digest

30:3d:8b:28:0c:7a:b5:8d:d9:99:47:8e:97:35:95:e2:41:8c:dd:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

g:\MusicBoxV3\Main\KwResource\bin\release\pdb\DshowPlayer.pdb

Imports

mfc90

ord4199

ord2087

ord3209

ord5657

ord5659

ord2447

ord800

ord4333

ord4981

ord5663

ord5646

ord6001

ord2766

ord2978

ord3107

ord4714

ord2961

ord3110

ord5813

ord944

ord2759

ord4477

ord4067

ord4057

ord2886

ord4334

ord4890

ord4667

ord3659

ord589

ord4029

ord310

ord2480

ord820

ord5963

ord4392

ord817

ord945

ord6721

ord5533

ord1046

ord4165

ord6018

ord2206

ord2251

ord4733

ord6781

ord4159

ord6783

ord4409

ord4434

ord2769

ord3213

ord305

ord2888

ord316

ord1087

ord801

ord5997

ord1603

ord4197

ord4066

ord6613

ord3178

ord910

ord1611

ord601

ord798

ord793

ord605

ord1278

ord321

ord1243

ord1241

ord1268

ord1180

ord1233

ord2084

ord391

ord1152

ord1277

ord1275

ord1145

ord1075

ord1137

ord322

msvcr90

__clean_type_info_names_internal

_crt_debugger_hook

?_type_info_dtor_internal_method@type_info@@QAEXXZ

__CppXcptFilter

_adjust_fdiv

_amsg_exit

_initterm_e

_initterm

_encoded_null

free

_malloc_crt

_except_handler4_common

_decode_pointer

_onexit

_lock

_encode_pointer

__dllonexit

_unlock

_CIlog10

strstr

memset

__CxxFrameHandler3

_purecall

?terminate@@YAXXZ

kernel32

FreeLibrary

MultiByteToWideChar

CloseHandle

WaitForSingleObject

LoadLibraryA

GetProcAddress

GetCurrentProcess

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetVersionExA

TerminateProcess

InterlockedCompareExchange

Sleep

InterlockedExchange

LocalAlloc

LocalFree

GetLastError

GetModuleFileNameA

GetWindowsDirectoryA

CreateProcessA

user32

CreateWindowExA

GetMessageA

TranslateMessage

DispatchMessageA

PostQuitMessage

DefWindowProcA

GetParent

SendMessageA

CallWindowProcA

SetWindowLongA

GetClientRect

GetDC

ReleaseDC

RegisterClassA

gdi32

GetStockObject

shlwapi

PathFileExistsA

ole32

CoUninitialize

CoInitialize

CoCreateInstance

oleaut32

VariantInit

VariantClear

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

kwlog

?YL_Log@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0PBDZZ

kwmodconfig

AfxGetConfigManager

Exports

GetDshowPlayer

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/Encode.exe

.exe windows:5 windows x86 arch:x86

da51d131c2d14a263ced57385b829735

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a7:9f:1c:81:96:85:4d:6e:17:22:b4:d3:79:a5:91:52:37:e5:18:29
Signer

Actual PE Digest

a7:9f:1c:81:96:85:4d:6e:17:22:b4:d3:79:a5:91:52:37:e5:18:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\MusicBoxV5\Main\KwResource\bin\release\pdb\Encode.pdb

Imports

kernel32

FreeLibrary

GetProcAddress

LoadLibraryA

FlushFileBuffers

CloseHandle

CreateFileA

WriteConsoleW

GetConsoleOutputCP

RaiseException

RtlUnwind

GetCommandLineA

HeapAlloc

GetLastError

HeapFree

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

GetModuleHandleW

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

GetCurrentThreadId

InterlockedDecrement

Sleep

HeapSize

ExitProcess

WriteFile

GetStdHandle

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

SetHandleCount

GetFileType

GetStartupInfoA

DeleteCriticalSection

HeapCreate

VirtualFree

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

LeaveCriticalSection

EnterCriticalSection

VirtualAlloc

HeapReAlloc

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

SetFilePointer

GetConsoleCP

GetConsoleMode

InitializeCriticalSectionAndSpinCount

GetLocaleInfoA

GetStringTypeA

MultiByteToWideChar

GetStringTypeW

LCMapStringA

LCMapStringW

SetStdHandle

WriteConsoleA

kwlog

?YL_Log@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0PBDZZ

kwlib

?GetKwPath@Dir@KwLib@@YAHW4Path_Type@12@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?GetUserID@UserId@KwLib@@YA_NQADH@Z

?GetInstallSRC@UserId@KwLib@@YA_NQADH@Z

?Base64Encode@Base64@KwLib@@YAHPADPBDH1@Z

kwmodconfig

AfxGetConfigManager

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

bin/KwAni.dll

.dll windows:5 windows x86 arch:x86

42f0a66ccc29a28cd542a63f4ad4eb08

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

db:c7:a1:f1:44:7b:db:da:4b:18:a9:c4:1e:c0:5a:43:fc:21:00:06
Signer

Actual PE Digest

db:c7:a1:f1:44:7b:db:da:4b:18:a9:c4:1e:c0:5a:43:fc:21:00:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

g:\MusicBoxV3\Main\KwResource\bin\release\pdb\KwAni.pdb

Imports

kernel32

GetCurrentProcessId

CreateToolhelp32Snapshot

Thread32First

Thread32Next

lstrcpyA

WideCharToMultiByte

FindResourceA

LoadResource

SizeofResource

SetLastError

GetLastError

lstrlenA

MultiByteToWideChar

LocalFree

FormatMessageA

GetModuleFileNameA

LocalAlloc

LeaveCriticalSection

TlsGetValue

EnterCriticalSection

GlobalReAlloc

GlobalHandle

InitializeCriticalSection

FreeResource

TlsSetValue

LocalReAlloc

DeleteCriticalSection

TlsFree

InterlockedDecrement

FreeLibrary

CompareStringA

GetModuleHandleW

InterlockedIncrement

GlobalGetAtomNameA

lstrcmpA

CloseHandle

GetCurrentThreadId

LoadLibraryA

ReadFile

WriteFile

SetFilePointer

FlushFileBuffers

SetEndOfFile

GetCurrentProcess

CreateFileA

GlobalAddAtomA

GlobalFlags

GetVersionExA

lstrcmpW

GlobalDeleteAtom

GlobalFindAtomA

GetLocaleInfoA

GetCPInfo

GetOEMCP

TerminateProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

RaiseException

RtlUnwind

GetCommandLineA

HeapAlloc

HeapFree

VirtualAlloc

VirtualQuery

HeapReAlloc

HeapSize

Sleep

ExitProcess

GetStdHandle

GetACP

IsValidCodePage

LCMapStringA

LCMapStringW

SetHandleCount

GetFileType

GetStartupInfoA

GetStringTypeA

GetStringTypeW

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

HeapCreate

HeapDestroy

VirtualFree

QueryPerformanceCounter

GetTickCount

GetSystemTimeAsFileTime

InitializeCriticalSectionAndSpinCount

GetConsoleCP

GetConsoleMode

SetStdHandle

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

GetProcessHeap

CompareStringW

SetEnvironmentVariableA

WriteProcessMemory

VirtualProtectEx

VirtualQueryEx

ReadProcessMemory

lstrcmpiW

LockResource

IsBadCodePtr

GetModuleHandleA

GetProcAddress

IsBadReadPtr

GlobalLock

GlobalUnlock

GlobalFree

TlsAlloc

GlobalAlloc

user32

MapWindowPoints

GetMessagePos

GetMessageTime

GetTopWindow

GetForegroundWindow

GetCapture

WinHelpA

LoadIconA

RegisterWindowMessageA

PostQuitMessage

TabbedTextOutA

DrawTextA

DrawTextExA

GrayStringA

DestroyMenu

GetMenu

SystemParametersInfoA

IsIconic

GetWindowPlacement

GetMenuCheckMarkDimensions

LoadBitmapA

ModifyMenuA

EnableMenuItem

CheckMenuItem

GetClassInfoExA

GetDlgItem

GetFocus

GetWindow

GetDlgCtrlID

GetClassNameA

SetWindowTextA

SetWindowsHookExA

CallNextHookEx

DispatchMessageA

GetKeyState

PeekMessageA

GetWindowTextA

GetSystemMetrics

GetSysColor

GetSysColorBrush

UnhookWindowsHookEx

GetWindowThreadProcessId

GetLastActivePopup

IsWindowEnabled

EnableWindow

MessageBoxA

GetMenuState

GetMenuItemID

GetMenuItemCount

SetRect

GetLayeredWindowAttributes

GetWindowLongA

DefWindowProcA

GetCursorPos

SetMenu

SetForegroundWindow

SetMenuItemBitmaps

EqualRect

SetCapture

ReleaseCapture

CopyRect

GetUpdateRect

GetClientRect

GetClassInfoA

RegisterClassA

AdjustWindowRectEx

ValidateRect

MoveWindow

WindowFromPoint

SetLayeredWindowAttributes

GetWindowRect

GetActiveWindow

ShowWindow

UpdateLayeredWindow

BeginPaint

EndPaint

SetPropA

IsWindow

CallWindowProcA

SendMessageA

SetClassLongA

LoadCursorA

InvalidateRect

TrackMouseEvent

PostMessageA

SetWindowLongA

RegisterClassExA

SetTimer

CreateWindowExA

GetClassLongA

PtInRect

ClientToScreen

IsWindowVisible

ReleaseDC

GetDC

GetDesktopWindow

GetPropA

GetParent

RemovePropA

SetWindowPos

DestroyWindow

ScreenToClient

WindowFromDC

IntersectRect

OffsetRect

GetSubMenu

gdi32

CreateBitmap

GetClipBox

SaveDC

RestoreDC

SetStretchBltMode

SetMapMode

PtVisible

RectVisible

Escape

OffsetViewportOrgEx

SetViewportExtEx

ExtSelectClipRgn

CreateRectRgnIndirect

GetStockObject

DeleteDC

DeleteObject

SelectObject

CreateDIBSection

CreateCompatibleDC

BitBlt

ExtTextOutA

SetBkColor

CombineRgn

CreateRectRgn

SetDIBitsToDevice

GetObjectA

GetCurrentObject

StretchBlt

CreateFontIndirectA

LineTo

MoveToEx

CreatePen

TextOutA

SetTextColor

SetBkMode

GetBkMode

GetTextExtentPoint32A

GetTextExtentExPointA

ScaleViewportExtEx

RealizePalette

GetDIBits

SetWindowExtEx

ScaleWindowExtEx

SetViewportOrgEx

GetDeviceCaps

shell32

SHCreateDirectoryExA

ShellExecuteA

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

VariantClear

VariantChangeType

VariantInit

msimg32

TransparentBlt

AlphaBlend

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA

winmm

timeKillEvent

timeSetEvent

oleacc

CreateStdAccessibleObject

LresultFromObject

dbghelp

ImageDirectoryEntryToData

winspool.drv

ClosePrinter

DocumentPropertiesA

OpenPrinterA

Exports

KwAni

Sections

.text
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/KwCommonUI.dll

.dll windows:5 windows x86 arch:x86

6fb54d142812ad6f7bb8a3538b5ee76e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:f5:e1:97:0b:fc:dc:7e:56:fd:8c:dc:04:cc:b4:58:81:73:4f:9a
Signer

Actual PE Digest

0e:f5:e1:97:0b:fc:dc:7e:56:fd:8c:dc:04:cc:b4:58:81:73:4f:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

g:\MusicBoxV3\Main\KwResource\bin\release\pdb\KwCommonUI.pdb

Imports

mfc90

ord6464

ord1222

ord6473

ord3676

ord6057

ord6474

ord6675

ord3965

ord2449

ord321

ord2452

ord2451

ord1303

ord1258

ord6682

ord6676

ord2505

ord6494

ord6153

ord6788

ord580

ord1265

ord320

ord4617

ord3796

ord3506

ord491

ord3126

ord5965

ord4807

ord4792

ord729

ord3049

ord3076

ord2154

ord1368

ord1259

ord4281

ord2692

ord5482

ord2356

ord5152

ord1220

ord4502

ord6646

ord3940

ord799

ord1098

ord1746

ord2795

ord3996

ord721

ord1867

ord1866

ord1751

ord5745

ord1401

ord1391

ord2342

ord6290

ord6289

ord2359

ord4383

ord6583

ord6556

ord4528

ord6252

ord2895

ord4114

ord6558

ord4515

ord4512

ord2965

ord3728

ord6006

ord6430

ord3418

ord4279

ord6433

ord4282

ord2246

ord2125

ord1744

ord1745

ord3227

ord4890

ord3485

ord474

ord801

ord4296

ord1764

ord1763

ord6597

ord5574

ord5593

ord1879

ord1739

ord4865

ord2638

ord2639

ord2642

ord2641

ord2640

ord5639

ord683

ord4536

ord2194

ord1380

ord4535

ord5382

ord4918

ord5367

ord5064

ord5386

ord5476

ord5224

ord4771

ord5127

ord5215

ord5385

ord4784

ord4783

ord4693

ord5213

ord5369

ord4604

ord4927

ord5393

ord4889

ord4940

ord5392

ord5264

ord4912

ord4775

ord4846

ord5472

ord4972

ord5341

ord4931

ord4930

ord5334

ord4095

ord4851

ord4850

ord5209

ord4608

ord5199

ord4796

ord5403

ord4575

ord4582

ord5001

ord5194

ord4793

ord4808

ord4806

ord4788

ord4791

ord4786

ord5281

ord5278

ord4364

ord3345

ord6390

ord5584

ord3670

ord1444

ord5599

ord2964

ord4679

ord430

ord3819

ord3757

ord1868

ord1869

ord1536

ord3213

ord305

ord6613

ord1611

ord2691

ord1152

ord391

ord1241

ord3987

ord4993

ord1490

ord4507

ord5997

ord5615

ord5309

ord2208

ord1810

ord1809

ord1678

ord3344

ord6388

ord1496

ord5636

ord4668

ord374

ord639

ord2364

ord3783

ord2896

ord6670

ord2360

ord1720

ord3643

ord4384

ord2283

ord4646

ord777

ord3920

ord2274

ord1668

ord4638

ord3480

ord611

ord404

ord5520

ord3179

ord5753

ord1555

ord5835

ord663

ord2523

ord452

ord3657

ord5926

ord2954

ord2948

ord3636

ord400

ord2084

ord1069

ord5771

ord3856

ord306

ord6802

ord5761

ord3143

ord301

ord6148

ord4477

ord2481

ord945

ord942

ord941

ord2327

ord5963

ord4506

ord2480

ord4392

ord5876

ord4337

ord6791

ord5750

ord1247

ord3579

ord3223

ord2263

ord6077

ord585

ord1724

ord1588

ord2700

ord787

ord6554

ord4437

ord2591

ord1361

ord2130

ord4498

ord2282

ord3568

ord1144

ord6152

ord6493

ord4236

ord1329

ord1108

ord1178

ord3845

ord757

ord3620

ord553

ord4026

ord4386

ord3153

ord4157

ord3151

ord3159

ord6329

ord2590

ord790

ord4757

ord3931

ord586

ord789

ord820

ord1045

ord6760

ord2097

ord4513

ord5063

ord3997

ord333

ord525

ord6078

ord4396

ord5179

ord3678

ord3730

ord4248

ord6291

ord6333

ord3157

ord3148

ord3731

ord1699

ord3056

ord1681

ord5808

ord2753

ord6046

ord6552

ord6043

ord6546

ord4565

ord6549

ord6352

ord6166

ord6084

ord5957

ord6023

ord5846

ord5833

ord6398

ord6157

ord3504

ord693

ord2280

ord4644

ord3244

ord3554

ord654

ord3519

ord4527

ord3612

ord1603

ord3831

ord6079

ord6527

ord6616

ord677

ord2278

ord1771

ord1685

ord4642

ord3277

ord265

ord3815

ord1254

ord300

ord4030

ord3665

ord367

ord2141

ord2469

ord6507

ord636

ord6559

ord2100

ord1691

ord595

ord310

ord436

ord266

ord6557

ord337

ord613

ord6584

ord1116

ord4529

ord2143

ord4116

ord4311

ord6170

ord6048

ord2431

ord2470

ord6071

ord3346

ord6391

ord1755

ord1752

ord4331

ord1497

ord4650

ord2074

ord5497

ord6780

ord4589

ord5647

ord3732

ord5139

ord4688

ord1729

ord6446

ord5668

ord5666

ord958

ord963

ord967

ord965

ord969

ord2610

ord2630

ord2614

ord2620

ord2618

ord2616

ord2633

ord2628

ord2612

ord2635

ord2623

ord2605

ord2607

ord2625

ord2375

ord2368

ord1644

ord6784

ord4160

ord6782

ord3671

ord5389

ord6356

ord3218

ord1446

ord5608

ord2139

ord1792

ord1791

ord1728

ord5633

ord2766

ord2978

ord3107

ord4714

ord2961

ord3135

ord2769

ord2888

ord2759

ord4066

ord4067

ord4057

ord2886

ord4334

ord4895

ord4667

ord3663

ord686

ord796

ord2592

ord3178

ord6074

ord1357

ord3627

ord3477

ord2588

ord3528

ord1358

ord3479

ord2106

ord316

ord2539

ord910

ord1183

ord601

ord3534

ord1137

ord1061

ord1252

ord1087

ord3726

ord798

ord5585

ord4760

ord2587

ord2069

ord590

ord794

ord524

ord744

ord817

ord781

msvcr90

memset

__clean_type_info_names_internal

_crt_debugger_hook

_adjust_fdiv

_amsg_exit

_initterm_e

_initterm

_encoded_null

_malloc_crt

_decode_pointer

_onexit

_lock

_encode_pointer

__dllonexit

_unlock

?terminate@@YAXXZ

_except_handler4_common

sprintf_s

_stricmp

_time64

_vswprintf_c_l

_beginthreadex

_CIsin

fopen

fseek

ftell

fclose

fread

_snprintf

atoi

_mbsstr

strcat_s

ldiv

__RTDynamicCast

malloc

free

_CIcos

memcpy

memmove_s

strcpy_s

?what@exception@std@@UBEPBDXZ

??0exception@std@@QAE@ABQBD@Z

memcpy_s

_invalid_parameter_noinfo

??0exception@std@@QAE@ABV01@@Z

_CxxThrowException

??0exception@std@@QAE@XZ

??1exception@std@@UAE@XZ

__CxxFrameHandler3

_purecall

strncpy_s

__CppXcptFilter

?_type_info_dtor_internal_method@type_info@@QAEXXZ

kernel32

lstrlenA

MultiByteToWideChar

WideCharToMultiByte

GetCPInfo

GlobalFree

GlobalUnlock

GlobalLock

GlobalAlloc

MapViewOfFile

CreateFileMappingA

CreateFileA

GetTickCount

FreeLibrary

GetWindowsDirectoryA

lstrcpyA

WinExec

lstrcatA

Sleep

OutputDebugStringA

HeapFree

GetProcessHeap

HeapAlloc

MulDiv

GlobalReAlloc

GetCurrentDirectoryA

LocalFree

FormatMessageA

GetModuleFileNameA

CloseHandle

FlushFileBuffers

WriteFile

SizeofResource

WaitForSingleObject

ResetEvent

SetEvent

ResumeThread

CreateEventA

VirtualProtect

InterlockedExchange

InterlockedCompareExchange

TerminateProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

FindResourceA

LoadResource

LockResource

FreeResource

GetVersion

GetCurrentThreadId

QueryPerformanceCounter

GetCurrentProcessId

GetSystemTimeAsFileTime

lstrcmpiA

GetVersionExA

GetProcAddress

GetModuleHandleA

FlushInstructionCache

GetCurrentProcess

LoadLibraryA

SetLastError

GetLastError

user32

GrayStringA

DrawTextExA

DrawTextA

TabbedTextOutA

GetParent

GetFocus

GetUpdateRect

ScreenToClient

FillRect

DestroyIcon

GetDC

ReleaseDC

DrawIconEx

GetIconInfo

GetSysColor

GetCursorPos

CallNextHookEx

InflateRect

EqualRect

SetWindowsHookExA

ReleaseCapture

LoadCursorA

GetSysColorBrush

RegisterClassExA

EnableWindow

SetCapture

GetCapture

KillTimer

SetTimer

RedrawWindow

InvalidateRect

GetClientRect

SetWindowRgn

PostMessageA

SendMessageA

DrawFrameControl

CopyRect

SetRectEmpty

PtInRect

IsRectEmpty

UnhookWindowsHookEx

ClientToScreen

OffsetRect

IntersectRect

SystemParametersInfoA

IsIconic

GetWindowPlacement

GetWindowRect

GetSystemMetrics

IsWindow

InsertMenuA

ModifyMenuA

RemoveMenu

GetDesktopWindow

GetMenuItemInfoA

LoadImageA

MessageBoxA

WindowFromPoint

GetNextDlgGroupItem

DrawFocusRect

IsWindowVisible

SetLayeredWindowAttributes

CopyIcon

GetMessagePos

MessageBeep

CopyImage

GetDlgCtrlID

GetWindow

MoveWindow

AdjustWindowRectEx

EndPaint

BeginPaint

CheckMenuItem

EnableMenuItem

DefWindowProcA

GetWindowDC

EnableScrollBar

GetScrollInfo

GetScrollPos

GetScrollRange

SetScrollInfo

SetScrollPos

SetScrollRange

ShowScrollBar

GetPropA

SetWindowPos

RemovePropA

CreateWindowExA

SetPropA

FrameRect

WindowFromDC

MapWindowPoints

CallWindowProcA

GetKeyState

ChildWindowFromPoint

DestroyWindow

ShowWindow

RegisterClassA

SetCursor

GetAsyncKeyState

UpdateWindow

SetWindowLongA

SetRect

GetWindowLongA

LoadBitmapA

DrawEdge

CreateMenu

CreatePopupMenu

DeleteMenu

AppendMenuA

GetMenuItemCount

GetMenuItemID

GetSubMenu

GetMenuState

gdi32

SaveDC

SetStretchBltMode

RestoreDC

Polygon

IntersectClipRect

SetWindowOrgEx

PlayEnhMetaFile

CreatePatternBrush

SetBrushOrgEx

CreateBitmap

UnrealizeObject

CreateFontW

GetTextMetricsA

SetBkColor

GetCurrentObject

RoundRect

GetTextColor

GetTextExtentPointA

CreateICA

ExtCreateRegion

GetDIBits

CreateDIBitmap

CreateHalftonePalette

StretchDIBits

SelectPalette

RealizePalette

CreatePalette

GetTextExtentPoint32W

SetPixel

PatBlt

Rectangle

Ellipse

GetBkMode

GetDeviceCaps

CreateHatchBrush

CreatePen

SetBkMode

SetTextColor

SelectClipRgn

DeleteDC

GetDCOrgEx

GetClipBox

GetStockObject

CreateSolidBrush

CreateFontIndirectA

GetObjectA

CreateCompatibleBitmap

CreateRectRgn

CreatePolygonRgn

CombineRgn

EqualRgn

OffsetRgn

CreateCompatibleDC

FrameRgn

StretchBlt

DeleteObject

CreateFontA

BitBlt

CreateDIBSection

GetTextExtentPoint32A

PtVisible

RectVisible

TextOutA

Escape

SelectObject

GetPixel

ExtTextOutA

msimg32

TransparentBlt

advapi32

RegQueryValueExA

RegOpenKeyExA

RegQueryValueA

RegCloseKey

shell32

SHBrowseForFolderA

SHGetPathFromIDListA

SHGetMalloc

ShellExecuteA

DragQueryFileA

comctl32

_TrackMouseEvent

InitCommonControlsEx

ImageList_GetIconSize

ole32

CreateStreamOnHGlobal

CoCreateInstance

oleaut32

SysStringByteLen

SysAllocStringByteLen

SysAllocStringLen

VariantCopy

VariantClear

SysFreeString

VariantInit

OleLoadPicture

kwlib

?EndWith@StringUtility@KwLib@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z

?GetKwPath@Dir@KwLib@@YAHW4Path_Type@12@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??1_MUSICINFO@KwLib@@QAE@XZ

?GetFileSize@Dir@KwLib@@YAHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAN@Z

?GetFileExtension@Dir@KwLib@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z

?GetFileNameWithoutExtension@Dir@KwLib@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z

?QueryMIInfo@MIQuerier@KwLib@@SAKPBDPAU_MUSICINFO@2@@Z

??0_MUSICINFO@KwLib@@QAE@XZ

?Str2Lower@StringUtility@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z

?FindAllFiles@Dir@KwLib@@YAHAAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@1H@Z

?IsDirectory@Dir@KwLib@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?ToFileTime@DateTime@Time@KwLib@@QBE_KXZ

?Format@StringUtility@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDZZ

??0DateTime@Time@KwLib@@QAE@XZ

?Trim@StringUtility@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z

msvcp90

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ