3d1e9fb8c0d03fb2e8a0cb0172a9542e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d1e9fb8c0d03fb2e8a0cb0172a9542e_JaffaCakes118
Size

4.9MB
MD5

3d1e9fb8c0d03fb2e8a0cb0172a9542e
SHA1

536314a324f632c030a468f0cf7fa9e436c0a651
SHA256

e848d2efff9c0385066996cc704f13373f34c1b09051b6676cc971e49c916189
SHA512

bb4b9007546b3634a60735ae83adb8532e2df75f301e44ad5e37870cc973e2e818cbd584b270c6d0b27cb4d7946b66cc5e20fdc3492f5b1f95986289a3902c7d
SSDEEP

98304:9mAYKx3y6zLnhHyLBfK4bZO1wTwxwASI9pcklU3S81J3QQ2vo5nNbvAYj6hv7:9EKx3yEL41MrfSbkwx1tQQ2vSNDAYjyD

Score

7^/10

upx aspackv2

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/dll/ARMP.ocx	acprotect

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/dll/ARMPD.dll	aspack_v212_v242
static1/unpack002/dll/in_psp.dll	aspack_v212_v242
static1/unpack002/dll/out_mmshttp.dll	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/dll/ARMP.ocx	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/ReliCheck.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$WINDIR/System32/pncrt.dll
unpack002/ReliAgent.exe
unpack002/ReliCheck.dll
unpack002/Reli_Lite.exe
unpack003/out.upx
unpack002/dll/TvantsX.ocx
unpack002/dll/p2pmmp/gp2core.dll
unpack002/dll/p2pmmp/mmsserver.dll
unpack002/dll/p2pmmp/p2pmanager.dll
unpack002/extern/RealCodecs/RealMediaSplitter.ax
unpack002/extern/RealCodecs/cook.dll
unpack002/extern/RealCodecs/drvc.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/setupezezhun.exe	nsis_installer_1

Files

3d1e9fb8c0d03fb2e8a0cb0172a9542e_JaffaCakes118
.rar
setupezezhun.exe
.exe windows:4 windows x86 arch:x86

55f3dfd13c0557d3e32bcbc604441dd3

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:5c:4c:d6:99:b2:89:6f:bb:b1:d5:22:69:47:f3:ac
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29/11/2007, 00:00

Not After

28/11/2008, 23:59

Subject

CN=Beijing Hengzhun Technology Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Marketing,O=Beijing Hengzhun Technology Inc.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CloseHandle
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Flash9d.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

3e8f2b182b3d3a5a8713624244dfecbd

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:76:16:97:9c:e3:8e:3c:a3:8d:51:48:24:5c:33:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01/11/2006, 00:00

Not After

10/12/2007, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d9:4e:3c:02:eb:81:94:20:56:5d:78:91:ae:f1:97:30:dc:3e:27:45
Signer

Actual PE Digest

d9:4e:3c:02:eb:81:94:20:56:5d:78:91:ae:f1:97:30:dc:3e:27:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\flashfarm\depot\main\player\branches\FlashPlayer\FlashPlayer9_CS3\platform\win32\ActiveX\ReleaseMinSize\Flash.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

timeSetEvent
waveOutOpen
waveOutClose
timeGetDevCaps
timeKillEvent
waveInGetDevCapsA
waveOutGetNumDevs
waveInGetNumDevs
waveInStart
waveInAddBuffer
timeBeginPeriod
waveOutGetDevCapsA
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
timeEndPeriod
timeGetTime
waveOutReset
waveInOpen
waveInPrepareHeader
waveInReset
waveInUnprepareHeader
waveInClose
waveInStop

wininet

HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

crypt32

CryptVerifyMessageSignature
CryptGetMessageCertificates
CertCreateCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CertCloseStore

rpcrt4

UuidToStringA
RpcStringFreeA

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayLock
SafeArrayUnlock
VarBstrCat
SysAllocStringByteLen
OleCreatePropertyFrame
SysStringLen
LoadRegTypeLi
VarUI4FromStr
VariantChangeType
SysStringByteLen
VariantClear

kernel32

lstrlenW
FlushInstructionCache
GetCurrentProcess
lstrcmpiA
LocalFree
LocalAlloc
SetFileAttributesA
GetFileAttributesA
CreateMutexA
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GlobalUnlock
GlobalLock
MulDiv
InterlockedIncrement
InterlockedDecrement
lstrcpynA
lstrcpyA
lstrcatA
GetCurrentThreadId
OutputDebugStringA
DisableThreadLibraryCalls
LockResource
LoadResource
FindResourceA
SizeofResource
LoadLibraryExA
GetModuleHandleA
SetErrorMode
WideCharToMultiByte
LCMapStringA
LCMapStringW
CreateProcessA
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetTempFileNameW
WaitForSingleObject
GetSystemDefaultLangID
DeleteFileA
CreateFileA
CreateThread
MoveFileA
VirtualQuery
GetSystemInfo
GetUserDefaultLangID
ExitThread
GetFileAttributesW
WriteFile
SetFilePointer
FindResourceExA
FindResourceExW
SetUnhandledExceptionFilter
GetTempPathA
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
CreateDirectoryA
GetCurrentDirectoryA
GetTempFileNameA
GetSystemDirectoryA
ReadFile
GetFileSize
GetFileAttributesExA
SetCurrentDirectoryA
RemoveDirectoryA
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingA
IsDBCSLeadByteEx
GetProcessTimes
CreateEventA
SetEvent
SetThreadPriority
ResetEvent
WaitForMultipleObjects
GetThreadPriority
GetCurrentThread
lstrlenA
GlobalAlloc
GlobalFree
GetLastError
IsDBCSLeadByte
GetCPInfo
MultiByteToWideChar
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualProtect
HeapReAlloc
GetCommandLineA
ExitProcess
RtlUnwind
HeapDestroy
HeapCreate
TerminateProcess
HeapSize
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetOEMCP
GetStringTypeA
GetStringTypeW
GetTickCount

user32

GetForegroundWindow
WaitForInputIdle
RegisterClipboardFormatA
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetClipboardData
EmptyClipboard
PostThreadMessageA
GetQueueStatus
PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
DispatchMessageA
DialogBoxParamW
DialogBoxParamA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
EndDialog
GetWindowRect
GetDesktopWindow
LoadIconA
SendMessageA
SetWindowTextA
GetMenuItemCount
GetMenuItemInfoA
InsertMenuItemA
GetParent
IsChild
PtInRect
SystemParametersInfoA
GetMenuItemID
DeleteMenu
TrackPopupMenu
KillTimer
SetTimer
UpdateWindow
RegisterClassA
MapVirtualKeyA
GetFocus
ReleaseCapture
GetSystemMetrics
EnumDisplaySettingsA
GetCapture
WindowFromPoint
GetCursorPos
ScreenToClient
MessageBoxA
ClientToScreen
GetKeyState
LoadMenuA
GetSubMenu
DestroyMenu
SetCursor
FillRect
EnableMenuItem
CheckMenuItem
LoadStringA
SetCapture
SetFocus
GetWindowInfo
CopyRect
SendInput
GetKeyboardLayout
RegisterClassExA
LoadCursorA
wsprintfA
CreateWindowExA
CreateDialogParamA
SendDlgItemMessageA
SetDlgItemTextW
CheckDlgButton
WinHelpA
GetDialogBaseUnits
GetWindowTextLengthA
IsDlgButtonChecked
GetDlgItem
IsDialogMessageA
MoveWindow
ShowWindow
GetClassInfoExA
InvalidateRect
IsWindow
DestroyWindow
CallWindowProcA
GetWindowLongA
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
SetWindowLongA
CharNextA
ReleaseDC
GetDC
GetDoubleClickTime
EnumWindows
PostMessageA
IsWindowEnabled
GetWindow
GetClassNameA
GetWindowTextW
GetWindowTextA
UnregisterClassA
GetTopWindow

gdi32

GetTextAlign
GetBkMode
GetTextColor
SetBkColor
GetBkColor
SetTextCharacterExtra
CreatePen
DPtoLP
GetTextExtentPoint32W
GetCurrentObject
GetTextExtentPoint32A
CreatePalette
StartDocA
EndDoc
StrokePath
ExtCreatePen
FillPath
CreateRectRgn
GetClipRgn
SetTextColor
ExtTextOutW
ExtTextOutA
SelectClipRgn
IntersectClipRect
SetBkMode
EndPage
BeginPath
EndPath
SetPolyFillMode
MoveToEx
LineTo
PolyBezierTo
SelectClipPath
SaveDC
RestoreDC
GdiFlush
CreateCompatibleDC
DeleteObject
SelectObject
RealizePalette
SelectPalette
DeleteDC
BitBlt
GetObjectA
CreateDIBSection
GetDIBits
CreateCompatibleBitmap
GetDeviceCaps
TextOutA
SetTextAlign
CreateRectRgnIndirect
EnumFontFamiliesA
GetObjectType
GetClipBox
GetSystemPaletteEntries
LPtoDP
SetViewportOrgEx
CreateDCA
CreateFontIndirectA
StretchDIBits
GetStockObject
Rectangle
StartPage
GetTextMetricsA
GetTextExtentPointA
CreateMetaFileA
SetWindowOrgEx
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateSolidBrush

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA
PrintDlgA

advapi32

RegCreateKeyA
RegEnumKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHAppBarMessage
SHBrowseForFolderA

ole32

OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
CreateBindCtx
CoTaskMemAlloc
CoTaskMemFree
CoFreeUnusedLibraries
CoUninitialize
CoInitialize
OleSaveToStream
WriteClassStm
OleLoadFromStream
StringFromGUID2
CoCreateInstance
CreateDataAdviseHolder
CoTaskMemRealloc

shlwapi

PathFindExtensionA
SHDeleteKeyA

urlmon

HlinkSimpleNavigateToMoniker
RegisterBindStatusCallback
CreateURLMoniker

wsock32

sendto
WSAAsyncSelect
recvfrom
ntohs
inet_addr
gethostname
select
inet_ntoa
ntohl
WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAGetLastError
send
recv
htons
ioctlsocket
gethostbyname
htonl
connect
setsockopt
socket
WSAStartup
WSACleanup
closesocket

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 216KB - Virtual size: 1008KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FlashUtil9d.exe
.exe windows:4 windows x86 arch:x86

a9d79d340821ec352051fcf0138d0a55

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:76:16:97:9c:e3:8e:3c:a3:8d:51:48:24:5c:33:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01/11/2006, 00:00

Not After

10/12/2007, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:81:ec:1c:a3:0e:63:22:ed:b5:9e:79:b4:06:5b:62:6a:1b:d0:ee
Signer

Actual PE Digest

7c:81:ec:1c:a3:0e:63:22:ed:b5:9e:79:b4:06:5b:62:6a:1b:d0:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetOpenA
InternetCloseHandle
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetConnectA

crypt32

CertFindCertificateInStore
CertCreateCertificateContext
CryptVerifyMessageSignature
CertCloseStore
CertFreeCertificateContext
CertVerifySubjectCertificateContext
CryptGetMessageCertificates

shlwapi

SHDeleteKeyA

kernel32

GetProcessHeap
HeapAlloc
GetCommandLineA
GetLastError
CreateMutexA
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetTempPathA
WriteFile
FormatMessageA
_lclose
_lread
OpenFile
GetSystemDirectoryA
SetThreadLocale
GetSystemDefaultLangID
LocalFree
LocalAlloc
GetCurrentProcess
CreateThread
GetModuleHandleA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
UnmapViewOfFile
GetTickCount
WaitForSingleObject
ReleaseMutex
WideCharToMultiByte
GetACP
GetFileAttributesA
CreateDirectoryA
DeleteFileA
MultiByteToWideChar
SetFilePointer
SetFileAttributesA
InterlockedIncrement
InterlockedDecrement
MapViewOfFile
CreateFileMappingA
CreateProcessA
FindClose
ExitProcess
HeapFree

user32

SendMessageA
ShowWindow
PostMessageA
SetWindowPos
GetWindowRect
GetDesktopWindow
GetParent
EndDialog
DialogBoxParamA
LoadStringA
GetWindowLongA
LoadBitmapA
MessageBoxA
SetWindowLongA
GetDlgItem
CreateWindowExA
ScreenToClient
DestroyWindow
CreateDialogParamA
DefWindowProcA
RegisterClassExA
LoadCursorA
DestroyIcon
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
LoadImageA
GetForegroundWindow
WaitForInputIdle
CharNextA
DdeUninitialize
DdeClientTransaction
DdeCreateStringHandleA
DdeConnect
DdeFreeStringHandle
DdeInitializeA
PostQuitMessage
SetWindowTextA
DdeDisconnect

gdi32

DeleteObject

advapi32

RegCreateKeyExA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA

shell32

ShellExecuteA

ole32

CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoInitialize

oleaut32

DispGetIDsOfNames
DispInvoke
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysAllocString
LoadRegTypeLi

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ReliCheck.dll
.dll windows:4 windows x86 arch:x86

035afc44296f8c16215520592831dc24

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\hjoost\HZClientMain\builds\hzclientmain\bin\lite_release\ReliCheck.pdb

Imports

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ddraw

DirectDrawCreate

kernel32

IsProcessorFeaturePresent
GetLastError
MultiByteToWideChar
FindFirstFileW
FindClose
GetLongPathNameW
OpenProcess
CloseHandle
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
FindNextFileW
GetCurrentProcessId
Process32FirstW
Process32NextW
TerminateProcess
WaitForSingleObject
GetCurrentProcess
FlushInstructionCache
SetLastError
RaiseException
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemInfo
CreateThread
SetThreadAffinityMask
ResumeThread
WaitForMultipleObjects
GetSystemDirectoryW
GlobalMemoryStatusEx
GetVersionExW
lstrcmpiW
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCommandLineA
GetVersionExA
GetProcessHeap
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
InterlockedCompareExchange
LCMapStringA
WideCharToMultiByte
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSection
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetOEMCP

user32

SystemParametersInfoW
GetWindow
GetDlgItem
SendMessageW
GetWindowLongW
EndDialog
GetActiveWindow
GetWindowRect
SetWindowLongW
EnableWindow
UnregisterClassA
GetClientRect
MapWindowPoints
SetWindowPos
DialogBoxParamW
GetParent

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysStringLen
VariantInit

Exports

Exports

CheckComputer
CheckMoreSetup
CheckOccupy

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/swflash.inf
$WINDIR/System32/pncrt.dll
.dll windows:4 windows x86 arch:x86

828907b7a8ec04c9c4031e40ef2f76ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
HeapReAlloc
HeapValidate
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetEnvironmentVariableW
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
RaiseException
SetStdHandle
Sleep
CompareStringA
CompareStringW
GetLocaleInfoA
GetLocaleInfoW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetLocalTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
GetSystemTime
GetModuleHandleA

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
SetUserHeapAlloc
SetUserHeapCalloc
SetUserHeapFree
SetUserHeapReAlloc
SetUserHeapSize
SetUserHeapValidate
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CrtHeapAlloc
_CrtHeapCalloc
_CrtHeapFree
_CrtHeapReAlloc
_CrtHeapSize
_CrtHeapValidate
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_vsnprintf
_vsnwprintf
_waccess
_wasctime
_wchdir
_wchmod
_wcmdln
_wcreat
_wcsdup
_wcsicmp

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReliAgent.exe
.exe windows:4 windows x86 arch:x86

39cff7de5831f5294c78520ea6189558

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\hjoost\HZClientMain\builds\hzclientmain\bin\lite_release\ReliAgent.pdb

Imports

kernel32

InitializeCriticalSection
GetLastError
GetModuleFileNameW
lstrlenW
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
RaiseException
SetLastError
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WritePrivateProfileStringW
WideCharToMultiByte
HeapFree
HeapAlloc
HeapReAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwind
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
Sleep
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
InterlockedExchange
LoadLibraryA
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
ReadFile
GetThreadLocale
InterlockedCompareExchange
IsProcessorFeaturePresent
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
SetEvent
WaitForSingleObject
CreateThread
CreateEventW
UnmapViewOfFile
CloseHandle
GetCurrentProcess
DuplicateHandle
CreateFileMappingW
OpenProcess
MapViewOfFile
SetHandleCount
GetModuleHandleW

user32

GetParent
GetClassNameW
RedrawWindow
GetDlgItem
GetWindow
SetFocus
GetFocus
IsChild
ReleaseDC
GetDC
EndPaint
FillRect
BeginPaint
GetSysColor
DestroyAcceleratorTable
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
DestroyWindow
CharNextW
GetClassInfoExW
SendMessageW
UnregisterClassA
GetClientRect
GetWindowLongW
SetWindowLongW
DefWindowProcW
IsWindow
PostQuitMessage
DispatchMessageW
TranslateMessage
PostMessageW
GetWindowThreadProcessId
GetMessageW
SetTimer
CreateWindowExW
RegisterClassW
LoadCursorW
LoadImageW
SetWindowPos
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
InvalidateRect
InvalidateRgn
GetDesktopWindow
FindWindowExW
KillTimer
RegisterClassExW
CallWindowProcW

gdi32

BitBlt
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
DeleteDC
DeleteObject
GetDeviceCaps
CreateCompatibleDC
GetObjectW
GetStockObject

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
VariantClear
VariantCopy
VarBstrCat
SysAllocStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
VariantInit
SysStringLen
SysAllocStringByteLen
SysFreeString

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ReliCheck.dll
.dll windows:4 windows x86 arch:x86

035afc44296f8c16215520592831dc24

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\hjoost\HZClientMain\builds\hzclientmain\bin\lite_release\ReliCheck.pdb

Imports

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ddraw

DirectDrawCreate

kernel32

IsProcessorFeaturePresent
GetLastError
MultiByteToWideChar
FindFirstFileW
FindClose
GetLongPathNameW
OpenProcess
CloseHandle
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
FindNextFileW
GetCurrentProcessId
Process32FirstW
Process32NextW
TerminateProcess
WaitForSingleObject
GetCurrentProcess
FlushInstructionCache
SetLastError
RaiseException
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemInfo
CreateThread
SetThreadAffinityMask
ResumeThread
WaitForMultipleObjects
GetSystemDirectoryW
GlobalMemoryStatusEx
GetVersionExW
lstrcmpiW
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCommandLineA
GetVersionExA
GetProcessHeap
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
ExitProcess
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
InterlockedCompareExchange
LCMapStringA
WideCharToMultiByte
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSection
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetOEMCP

user32

SystemParametersInfoW
GetWindow
GetDlgItem
SendMessageW
GetWindowLongW
EndDialog
GetActiveWindow
GetWindowRect
SetWindowLongW
EnableWindow
UnregisterClassA
GetClientRect
MapWindowPoints
SetWindowPos
DialogBoxParamW
GetParent

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysStringLen
VariantInit

Exports

Exports

CheckComputer
CheckMoreSetup
CheckOccupy

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Reli_Lite.exe
.exe windows:4 windows x86 arch:x86

ac6eccc8cfa7cc290cbab05529c60217

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\hjoost\HZClientMain\builds\hzclientmain\bin\lite_release\Reli_Lite.pdb

Imports

gdiplus

GdipGetImagePixelFormat
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipGetImageRawFormat
GdipGetImageWidth
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdipCloneImage

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

kernel32

lstrlenW
GetLastError
RaiseException
CreateEventW
CreateThread
CloseHandle
WaitForSingleObject
InterlockedIncrement
SetEvent
InterlockedDecrement
CreateMutexW
MapViewOfFile
TerminateProcess
UnmapViewOfFile
LocalAlloc
LocalFree
GetLongPathNameW
OpenProcess
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
FindFirstFileW
FindNextFileW
FindClose
GetCurrentProcessId
Process32FirstW
Process32NextW
GetCurrentProcess
FlushInstructionCache
SetLastError
LeaveCriticalSection
EnterCriticalSection
MulDiv
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapReAlloc
IsDebuggerPresent
VirtualProtect
GetModuleHandleA
GetSystemInfo
VirtualQuery
GetStartupInfoW
TlsGetValue
TlsAlloc
LoadLibraryExW
TlsFree
GetCurrentThread
HeapSize
ExitProcess
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
LockResource
GetTempFileNameW
SetThreadExecutionState
SetThreadPriority
QueryPerformanceFrequency
LoadLibraryW
GetSystemDirectoryW
DuplicateHandle
GlobalUnlock
GlobalLock
GlobalAlloc
ResetEvent
WaitForMultipleObjects
ReadFile
SetEndOfFile
CreateFileW
GetCurrentDirectoryW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
lstrcmpiW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
Sleep
GetCurrentThreadId
CreateDirectoryW
SetCurrentDirectoryW
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
DeleteFileW
GlobalFree
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
lstrlenA
ResumeThread
lstrcmpW
lstrcpynW
ReleaseSemaphore
CreateSemaphoreW
GetThreadPriority
DeviceIoControl
CreateProcessW
CreateFileMappingW
GetTempPathW
TryEnterCriticalSection
TlsSetValue

user32

SetWindowPos
DestroyWindow
InvalidateRect
GetParent
GetClientRect
SetWindowLongW
EndDialog
DialogBoxParamW
DefWindowProcW
IsWindow
GetWindowLongW
CallWindowProcW
GetActiveWindow
SendMessageW
GetDlgItem
GetWindow
SystemParametersInfoW
GetWindowRect
MapWindowPoints
PostMessageW
GetKeyState
KillTimer
GetClipboardData
GetCaretBlinkTime
OpenClipboard
EmptyClipboard
UnionRect
CloseClipboard
SetRect
GetWindowThreadProcessId
IntersectRect
OffsetRect
RegisterClassExW
GetDC
EqualRect
PtInRect
BeginPaint
SetFocus
EnumDisplaySettingsW
MessageBoxW
SetParent
MoveWindow
GetDesktopWindow
SetForegroundWindow
SetTimer
UpdateWindow
BringWindowToTop
CopyRect
ShowWindow
CreateWindowExW
RegisterClassW
PostThreadMessageW
CharNextW
DispatchMessageW
WaitForInputIdle
IsRectEmpty
DrawTextW
GetKeyboardState
PeekMessageW
MsgWaitForMultipleObjects
ShowCursor
SetCapture
ReleaseCapture
SetCursor
PostQuitMessage
FillRect
CloseWindow
TranslateMessage
GetMessageW
CharUpperW
GetClassInfoExW
ReleaseDC
UnregisterClassA
EndPaint
SetWindowRgn
GetQueueStatus
RegisterWindowMessageW
IsChild
GetFocus
SetClipboardData
LoadCursorW

gdi32

DeleteObject
CreateFontIndirectW
GetStockObject
SetWindowOrgEx
SetViewportOrgEx
LPtoDP
DeleteDC
GetDeviceCaps
CreateDCW
CreateRectRgnIndirect
GetTextExtentExPointW
SetBkColor
SelectClipRgn
IntersectClipRect
SetTextColor
SetBkMode
CreateCompatibleDC
CreateDIBSection
SelectObject
SetMapMode
RestoreDC
SaveDC

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExA
RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoGetMalloc
CoUninitialize
CoInitialize
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CreateOleAdviseHolder
WriteClassStm
OleRegGetUserType
OleRegEnumVerbs
OleLoadFromStream
OleSaveToStream
CreateItemMoniker
GetRunningObjectTable
CoFreeUnusedLibraries
OleRegGetMiscStatus
CoInitializeEx
CoTaskMemRealloc

oleaut32

GetErrorInfo
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayCreateVector
LoadRegTypeLi
SysStringByteLen
OleCreatePropertyFrame
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantInit
VarUI4FromStr
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysStringLen
RegisterTypeLi
SysFreeString
SafeArrayAccessData

ddraw

DirectDrawCreate

d3d9

Direct3DCreate9

winmm

waveOutOpen
waveOutUnprepareHeader
waveOutReset
PlaySoundW
waveOutSetVolume
waveOutGetVolume
waveOutPrepareHeader
waveOutWrite
timeKillEvent
timeSetEvent
timeBeginPeriod
timeEndPeriod
waveOutClose

msimg32

TransparentBlt

wininet

InternetQueryDataAvailable
InternetQueryOptionW
InternetCloseHandle
InternetGetLastResponseInfoW
InternetOpenUrlW
InternetOpenW
InternetReadFile
HttpQueryInfoW

Exports

Exports

?CheckOccupy@@YAXPAUHWND__@@HPADPAPAU_stack_t@@PAUextra_parameters@@@Z

Sections

.text
Size: 568KB - Virtual size: 566KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninst.exe.nsis
dll/ARMP.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:be:c6:c0:7a:72:06:31:ba:4c:7f:9e:e7:bd:75:60
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

25/05/2007, 00:00

Not After

24/05/2008, 23:59

Subject

CN=UUSee Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Multimedia Dept.,O=UUSee Inc.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e5:a9:5a:8a:a5:d2:a7:b2:3a:81:36:1b:a9:fb:66:a2:0f:16:83:96
Signer

Actual PE Digest

e5:a9:5a:8a:a5:d2:a7:b2:3a:81:36:1b:a9:fb:66:a2:0f:16:83:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DisableHook
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnableHook

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 590KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/ARMPD.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:be:c6:c0:7a:72:06:31:ba:4c:7f:9e:e7:bd:75:60
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

25/05/2007, 00:00

Not After

24/05/2008, 23:59

Subject

CN=UUSee Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Multimedia Dept.,O=UUSee Inc.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ce:ab:fd:4c:e2:89:84:4f:f0:a2:ba:19:ca:e1:81:81:7d:6c:a8:e0
Signer

Actual PE Digest

ce:ab:fd:4c:e2:89:84:4f:f0:a2:ba:19:ca:e1:81:81:7d:6c:a8:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 101KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dll/Language/CA.ini
dll/Language/CHTW.ini
dll/Language/CHU.ini
dll/Language/DE.ini
dll/Language/EN.ini
dll/Language/ES.ini
dll/Live.dll
.dll windows:4 windows x86 arch:x86

8e14386292fada7325ccee50112ec529

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

95:46:f3:31:ed:d5:ec:47:aa:17:8d:69:ad:3c:72:4f:2e:e0:51:ea
Signer

Actual PE Digest

95:46:f3:31:ed:d5:ec:47:aa:17:8d:69:ad:3c:72:4f:2e:e0:51:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1243
ord6467
ord1578
ord269
ord826
ord860
ord825
ord800
ord540
ord3663
ord1871
ord823
ord1176
ord600

msvcrt

islower
memmove
_mbscspn
_mbsspn
_mbsnicmp
free
_strdup
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
toupper
atoi
__CxxFrameHandler
_purecall
_strnicmp

kernel32

FlushViewOfFile
ReleaseMutex
UnmapViewOfFile
OutputDebugStringA
OpenProcess
WaitForMultipleObjects
SetProcessWorkingSetSize
GetCurrentProcess
VirtualQuery
GetModuleFileNameA
LocalFree
LocalAlloc
CreateEventA
TerminateThread
WaitForSingleObject
CloseHandle
GetACP
CreateThread
Sleep
ReadFile
PeekNamedPipe
GetStdHandle
SetEvent
GetProcAddress
LoadLibraryA
GetPrivateProfileIntA

user32

SendMessageA
FindWindowA
IsWindow
CharNextA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA

shlwapi

StrStrIA
PathAppendA
PathRemoveFileSpecA

ws2_32

inet_addr
gethostbyname

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xlen@std@@YAXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

rpcrt4

UuidFromStringA

Exports

Exports

RD_XXXX

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/MMCShell.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9083f667d650d1af21134089b65ffa3d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:e9:ab:b1:47:b6:44:e7:6a:7d:61:da:b7:e3:29:8e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

26/09/2008, 23:59

Subject

CN=Sohu.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sohu.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f3:8e:f6:25:e4:a3:29:8a:2e:a9:2b:3a:37:5b:db:4a:34:4d:be:f9
Signer

Actual PE Digest

f3:8e:f6:25:e4:a3:29:8a:2e:a9:2b:3a:37:5b:db:4a:34:4d:be:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
TlsFree
TlsAlloc
DisableThreadLibraryCalls
HeapAlloc
GetSystemInfo
HeapCreate
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetShortPathNameA
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
Thread32First
GetLocalTime
SetThreadPriority
CreateThread
HeapReAlloc
HeapFree
FindResourceExA
LockResource
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
SetFilePointer
GetTickCount
GetStringTypeA
RtlUnwind
GetCurrentProcessId
Thread32Next
CompareStringA
CreateProcessA
lstrcpyA
MulDiv
lstrcmpA
Sleep
SetUnhandledExceptionFilter
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
ReadFile
ReleaseMutex
GetModuleFileNameA
lstrcatA
GetTempPathA
GetTempFileNameA
FormatMessageA
LocalFree
GetThreadLocale
GetStringTypeExA
DebugBreak
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
lstrcmpiA
TlsSetValue
FlushFileBuffers
TerminateProcess
DeleteFileA
TlsGetValue
CreateFileA
WriteFile
WaitForMultipleObjects
TerminateThread
GetLastError
lstrcpynA
InterlockedIncrement
GetCurrentDirectoryA
SetCurrentDirectoryA
lstrlenA
WaitForSingleObject
GetSystemTime
SystemTimeToFileTime
CreateMutexA
CreateEventA
OutputDebugStringA
SetEvent
EnterCriticalSection
ResetEvent
LeaveCriticalSection
CloseHandle
GetStringTypeW
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection

user32

DrawTextW
FillRect
ReleaseDC
EqualRect
OffsetRect
CharUpperA
GetDesktopWindow
SetParent
MoveWindow
GetDC
IsRectEmpty
IntersectRect
CopyRect
ShowWindow
ScreenToClient
GetCursorPos
GetForegroundWindow
SetForegroundWindow
GetWindow
PostMessageA
LoadStringA
wvsprintfA
CharNextA
GetClassInfoExA
LoadCursorA
RegisterClassExA
DrawTextA
PostThreadMessageA
wsprintfA
SendMessageTimeoutA
FindWindowA
SetRect
GetClientRect
GetMenu
AdjustWindowRectEx
SetWindowPos
CreateWindowExA
GetWindowLongA
SetWindowLongA
KillTimer
ClientToScreen
GetWindowRect
PtInRect
GetParent
SetCapture
SystemParametersInfoA
SetTimer
BeginPaint
DestroyWindow
DefWindowProcA
LoadBitmapA
IsWindow
SendMessageA
MsgWaitForMultipleObjects
SetWindowRgn
IsWindowEnabled
EnableWindow
SetCursor
GetMessageA
UpdateWindow
InvalidateRect
GetWindowRgn
GetCapture
ReleaseCapture
GetDlgCtrlID
CallWindowProcA
PeekMessageA
RedrawWindow
RegisterWindowMessageA
SetFocus
GetFocus
IsChild
UnionRect
GetKeyState
GetClassInfoA
UnregisterClassA
EnumThreadWindows
EnumChildWindows
EndPaint
GetClassNameA

gdi32

SelectObject
CreateFontIndirectA
DPtoLP
SetViewportOrgEx
SetWindowOrgEx
LPtoDP
CreateDCA
BitBlt
StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
GetTextColor
OffsetRgn
FillRgn
CombineRgn
CreateSolidBrush
SetBkMode
Polyline
CreatePen
GetObjectA
ExtCreateRegion
CreateDIBSection
CreateBitmap
GetBkColor
SetBkColor
SetTextColor
GetClipRgn
ExtSelectClipRgn
GetStockObject
DeleteDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
GetMapMode
SetMapMode
GetDeviceCaps
RestoreDC
SaveDC
CreateRectRgn
CreateCompatibleDC
DeleteObject
PtInRegion

advapi32

RegQueryInfoKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegEnumKeyExA
RegDeleteValueA

shell32

SHGetSpecialFolderPathA

ole32

CoLockObjectExternal
CoGetMalloc
CoReleaseMarshalData
CLSIDFromProgID
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
WriteClassStm
OleSaveToStream
OleLoadFromStream
CreateOleAdviseHolder
CoCreateInstance
CoUnmarshalInterface
CLSIDFromString

oleaut32

SysStringLen
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString
LoadRegTypeLi
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
VarUI4FromStr

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Draw
_TrackMouseEvent
ImageList_Destroy
ImageList_GetIconSize

msimg32

TransparentBlt

ws2_32

ntohl
inet_addr
WSACleanup
WSAStartup
closesocket
WSAGetLastError
WSASetLastError
recv
shutdown
send
connect
gethostbyname
htons
socket
__WSAFDIsSet
select
ioctlsocket
setsockopt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

HttpAddRequestHeadersA
HttpSendRequestA
InternetOpenA
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetConnectA
InternetSetOptionA
InternetOpenUrlA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shrdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/MngModule.dll
.dll windows:4 windows x86 arch:x86

a3a833654b8c2bc9b10713f675b50a7d

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b9:be:d0:bb:6c:db:d6:91:ee:49:17:51:52:f0:26:f5:e0:20:db:2b
Signer

Actual PE Digest

b9:be:d0:bb:6c:db:d6:91:ee:49:17:51:52:f0:26:f5:e0:20:db:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord6354
ord2725
ord1168
ord5572
ord2915
ord3584
ord543
ord3831
ord860
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord825
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2614
ord535
ord823
ord537
ord2764
ord4129
ord5710
ord939
ord2818
ord6467
ord540
ord539
ord926
ord924
ord922
ord858
ord800
ord5500
ord803
ord1116

msvcrt

??1type_info@@UAE@XZ
_itoa
__CxxFrameHandler
realloc
malloc
isspace
isalnum
_strdup
_except_handler3
?terminate@@YAXXZ
__dllonexit
_purecall
_mbscmp
free
_onexit
_initterm
_adjust_fdiv

kernel32

GetPrivateProfileIntA
GetSystemTime
SystemTimeToFileTime
GetTickCount
lstrcatA
lstrcpyA
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
LoadLibraryA
GetProcAddress
FreeLibrary
CreateEventA
CreateThread
SetEvent
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetShortPathNameA
lstrlenW
WideCharToMultiByte
WriteFile
WaitForSingleObject
CreatePipe
lstrlenA
MultiByteToWideChar
TerminateProcess
OpenProcess
CreateProcessA
CloseHandle
GetCurrentThreadId
Sleep
LocalFree
LocalAlloc
InterlockedDecrement
GetModuleFileNameA

user32

CharNextA
PostMessageA
IsWindow
DispatchMessageA
FindWindowA
PostThreadMessageA
GetMessageA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

ole32

CoRevokeClassObject
CoCreateInstance
CoInitialize
CoRegisterClassObject
CoUninitialize

oleaut32

RegisterTypeLi
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocString
SysFreeString

shlwapi

PathRemoveFileSpecA
PathAppendA

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

Exports

Exports

ExecCommand

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/PP/ERoc.dll
.dll windows:4 windows x86 arch:x86

e43bbcb8f87ee846306b634ce05db32f

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dc:ca:28:a8:d7:3d:cf:d7:63:19:a6:42:d1:ba:45:67:f9:e3:7c:30
Signer

Actual PE Digest

dc:ca:28:a8:d7:3d:cf:d7:63:19:a6:42:d1:ba:45:67:f9:e3:7c:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetUnhandledExceptionFilter
GetCurrentThread
GetCurrentProcess
OutputDebugStringA
GetProcAddress
LoadLibraryA
FreeLibrary
CloseHandle
Module32Next
GetLongPathNameA
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetLocalTime
GetLastError
lstrcatA
lstrcpyA
VirtualQuery
GetModuleFileNameA
FindFirstFileA
AllocConsole
GetConsoleTitleA
lstrcpynA
WaitForMultipleObjects
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
GetTickCount
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
SetEvent
ResetEvent
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetStringTypeW
GetStringTypeA
Sleep
InterlockedExchange
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
RaiseException
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
FlushFileBuffers
WriteFile
FatalAppExitA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
SetFilePointer
InterlockedDecrement
InterlockedIncrement
CreateFileA
IsBadReadPtr
IsBadCodePtr
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
ReadFile
SetConsoleCtrlHandler
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetEnvironmentVariableA

user32

MessageBoxA

shlwapi

PathAppendA
PathRemoveFileSpecA
PathFindFileNameA
PathCombineA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

TS_XXXX

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/PP/KOM.dll
.dll windows:4 windows x86 arch:x86

6903731fae21a3a4d1993323396b9b1c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

aa:a2:f1:09:99:5e:90:9c:c9:25:b4:c4:76:39:11:5b:52:17:16:5d
Signer

Actual PE Digest

aa:a2:f1:09:99:5e:90:9c:c9:25:b4:c4:76:39:11:5b:52:17:16:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetLastError
LoadLibraryA
GetModuleFileNameA
VirtualQuery
GetVersion
GetCurrentProcessId
GetCommandLineA
GetTickCount
CreateEventA
CloseHandle
GetLocalTime
OutputDebugStringA
lstrcpyA
SetEvent
CreateThread
ResetEvent
TerminateThread
WaitForSingleObject

ole32

CoCreateGuid

msvcp60

??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
??1_Lockit@std@@QAE@XZ

msvcrt

_onexit
??2@YAPAXI@Z
__CxxFrameHandler
memmove
sprintf
fclose
fflush
vfprintf
fprintf
fopen
_except_handler3
free
__dllonexit
_adjust_fdiv
_initterm
malloc

ws2_32

gethostname
gethostbyname

rpcrt4

UuidToStringA

shlwapi

StrStrIA
PathIsRelativeA
PathAppendA
PathRemoveFileSpecA

Exports

Exports

TS_0001
TS_0002
TS_0003
TS_0004
TS_0005
TS_0006
TS_0007
TS_0008
TS_0009

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/PP/MIR.dll
.dll windows:4 windows x86 arch:x86

f8c4a4bb769de40d3b381996f6a7acef

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

93:28:57:ae:98:60:32:a0:3a:89:8b:2a:3a:fd:bb:0a:69:37:9c:09
Signer

Actual PE Digest

93:28:57:ae:98:60:32:a0:3a:89:8b:2a:3a:fd:bb:0a:69:37:9c:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAGetLastError
inet_addr
inet_ntoa
gethostname
gethostbyname
htons
ntohs

msvcp60

?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

msvcrt

_onexit
__dllonexit
_adjust_fdiv
strstr
_initterm
srand
rand
_ftol
memmove
sprintf
_snprintf
_purecall
??2@YAPAXI@Z
free
__CxxFrameHandler
malloc

rpcrt4

UuidCreate
UuidFromStringA

shlwapi

PathFindFileNameA
PathAppendA
PathRenameExtensionA
PathRemoveFileSpecA

kernel32

OutputDebugStringA
GetProcAddress
UnmapViewOfFile
MapViewOfFile
CloseHandle
OpenFileMappingA
CreateFileMappingA
GetLastError
GetTickCount
VirtualQuery
GetModuleFileNameA
FreeLibrary
GetPrivateProfileIntA
WritePrivateProfileStringA
GetVersionExA
LoadLibraryA

user32

wsprintfA
PostMessageA

Exports

Exports

TS_XXXX

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/PP/TEN.dll
.dll windows:4 windows x86 arch:x86

69630f4e49cba917c47d520250bf1ff5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

24:fc:a6:e4:3b:13:a0:ea:9d:30:3a:37:92:16:64:43:ee:ac:b6:f5
Signer

Actual PE Digest

24:fc:a6:e4:3b:13:a0:ea:9d:30:3a:37:92:16:64:43:ee:ac:b6:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
CloseHandle
EnterCriticalSection
GetTickCount
GetModuleFileNameA
GetLocalTime
GetLastError
CreateThread
CancelIo
TerminateThread
GetVersionExA
GetModuleHandleA
CreateEventA
WaitForSingleObject
SetEvent
WaitForMultipleObjects
CreateIoCompletionPort
GetSystemInfo
PostQueuedCompletionStatus
SetConsoleTitleA
GetQueuedCompletionStatus
GetProcAddress
LoadLibraryA
VirtualQuery
InterlockedIncrement
InterlockedDecrement
HeapFree
HeapAlloc
HeapCreate
GetCurrentProcessId
SetEndOfFile
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
ReadFile
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapDestroy
HeapSize
Sleep
InterlockedExchange
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetCommandLineA
GetVersion
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc

user32

PeekMessageA
PostThreadMessageA
DestroyWindow
RegisterClassExA
CreateWindowExA
GetMessageA

iphlpapi

GetIfTable
GetIpAddrTable
SetTcpEntry

ws2_32

WSAEnumNetworkEvents
WSACancelAsyncRequest
WSACleanup
WSAStartup
WSACloseEvent
getsockname
shutdown
closesocket
getpeername
listen
WSAWaitForMultipleEvents
gethostbyname
WSAEventSelect
connect
WSAGetLastError
WSASocketA
setsockopt
htons
htonl
bind
inet_addr
WSASetLastError
WSACreateEvent
WSAAsyncGetHostByName
WSARecv
WSASendTo
WSARecvFrom
WSAGetOverlappedResult
WSAAccept
WSASend

shlwapi

PathRemoveFileSpecA

Exports

Exports

TS_XXXX

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/PP/tpi.dll
.dll windows:4 windows x86 arch:x86

90547e4eb5ec31263ac362ca3152bc21

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8b:04:8b:b8:cd:d1:1c:ba:1e:0b:24:c7:db:5d:0a:6b:23:6a:8d:fb
Signer

Actual PE Digest

8b:04:8b:b8:cd:d1:1c:ba:1e:0b:24:c7:db:5d:0a:6b:23:6a:8d:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohl

kernel32

GetEnvironmentVariableA
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

Locate

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 824KB - Virtual size: 822KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/PPLive.exe
.exe windows:4 windows x86 arch:x86

617c768fd238d02f91b5d732bfac68f5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ed:fb:2e:ea:f0:13:6a:2b:f5:07:87:d9:46:fd:73:3e:17:c5:81:aa
Signer

Actual PE Digest

ed:fb:2e:ea:f0:13:6a:2b:f5:07:87:d9:46:fd:73:3e:17:c5:81:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
GetCurrentThreadId
GetCurrentThread
GetCommandLineA
GetProcAddress
LoadLibraryA
FreeLibrary
CloseHandle
GetLastError
CreateMutexA
GetModuleHandleA
GetStartupInfoA

user32

GetDesktopWindow

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

msvcrt

__CxxFrameHandler
strlen
__p___argv
__p___argc
free
_controlfp
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dll/PSNetwork.dll
.dll windows:4 windows x86 arch:x86

9df42075d1961df48275e7885b07e77b

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2915
ord5572
ord4277
ord4278
ord2763
ord1228
ord6283
ord3721
ord3619
ord809
ord795
ord2614
ord556
ord3663
ord3626
ord2414
ord4275
ord5875
ord2864
ord1088
ord2122
ord1641
ord3797
ord6358
ord6197
ord2859
ord6880
ord926
ord2860
ord4129
ord5683
ord6663
ord4774
ord4402
ord3640
ord693
ord4243
ord3301
ord3910
ord6605
ord2754
ord6696
ord3293
ord6282
ord538
ord6569
ord1085
ord5601
ord802
ord542
ord922
ord6905
ord6007
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord2546
ord291
ord5710
ord2824
ord6874
ord2642
ord1175
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord3953
ord2725
ord771
ord2528
ord1008
ord497
ord1948
ord5303
ord4699
ord5715
ord817
ord565
ord2726
ord4226
ord6215
ord2086
ord5450
ord6394
ord5440
ord6383
ord283
ord5678
ord5789
ord5787
ord5873
ord6172
ord5736
ord2814
ord834
ord3573
ord3089
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord1669
ord5681
ord4224
ord2652
ord6334
ord3874
ord3092
ord858
ord1768
ord5280
ord470
ord755
ord4234
ord2301
ord324
ord567
ord6467
ord1168
ord1146
ord641
ord656
ord3610
ord4424
ord3402
ord4837
ord5290
ord1776
ord6055
ord3597
ord4853
ord4376
ord6199
ord2370
ord4202
ord6877
ord3337
ord4171
ord6311
ord2764
ord3097
ord6453
ord3998
ord6907
ord939
ord5953
ord2379
ord4710
ord3996
ord4258
ord825
ord2302
ord489
ord768
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4835
ord3798
ord5287
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4358
ord4948
ord4976
ord4742
ord4905
ord5160
ord5162
ord5161
ord1907
ord940
ord356
ord535
ord941
ord2770
ord2781
ord4058
ord3181
ord3178
ord3310
ord668
ord2818
ord540
ord3811
ord2820
ord537
ord800
ord860
ord823
ord539

msvcrt

strstr
_beginthreadex
_mbscmp
memset
memcmp
memcpy
atoi
sprintf
strlen
time
srand
rand
__CxxFrameHandler
_purecall
_stricmp
_strcmpi
_strnicmp
_vsnprintf
_except_handler3
__dllonexit
atof
_mbccpy
_mbsnbcmp
_mbsstr
_mbclen
_mbsncmp
_mbschr
strncpy
fopen
fwrite
fflush
fclose
_mbsicmp
sscanf
_mbsrchr
??8type_info@@QBEHABV0@@Z
_CxxThrowException
_ftol
toupper
vsprintf
strcpy
exit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv
_endthreadex

kernel32

DeviceIoControl
lstrcmpA
LoadLibraryA
GetProcAddress
LockFile
WriteFile
UnlockFile
ReadFile
MoveFileA
FindFirstFileA
FindNextFileA
FindClose
GetFileSize
SetFilePointer
SetEndOfFile
GetFileAttributesA
GlobalFree
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
lstrcpyA
ResetEvent
SetEvent
WaitForSingleObject
GetExitCodeThread
CreateFileA
GetVersionExA
WideCharToMultiByte
LocalFree
InterlockedDecrement
TerminateProcess
CreateDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
SetLastError
GetLastError
InterlockedExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
GetPrivateProfileIntA
DeleteFileA
QueryPerformanceCounter
QueryPerformanceFrequency
lstrlenW
GetTempFileNameA
GetTempPathA
SetUnhandledExceptionFilter
VirtualQuery
GetFileTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
IsBadReadPtr
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
InterlockedIncrement
GetWindowsDirectoryA
CreateProcessA
GetCurrentThreadId
lstrcpynA
lstrcmpiA
CreateEventA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetSystemInfo
GlobalMemoryStatus
GetModuleHandleA
OpenFile
GetACP
CopyFileA
SetFileTime
SystemTimeToFileTime
CloseHandle
GetTickCount
GetSystemTime

user32

EnableWindow
GetMessagePos
RegisterWindowMessageA
FillRect
MessageBeep
GetMenuItemCount
GetMenuItemID
LoadMenuA
GetSubMenu
PostMessageA
SetWindowPos
GetCursorPos
ScreenToClient
UpdateWindow
SendDlgItemMessageA
SetDlgItemTextA
ShowWindow
SetForegroundWindow
LoadCursorA
CopyIcon
GetWindowRect
GetDC
ReleaseDC
InflateRect
InvalidateRect
IsWindow
SetCursor
PtInRect
ReleaseCapture
RedrawWindow
SetCapture
DestroyCursor
GetSysColor
wsprintfA
GetMessageA
TranslateMessage
PostThreadMessageA
GetParent
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
SetWindowLongA
GetWindowLongA
IsWindowVisible
IsIconic
KillTimer
SetTimer
DispatchMessageA
MessageBoxA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
LoadIconA

gdi32

GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
GetStockObject

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegEnumValueA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
GetUserNameA

shell32

ExtractIconA
SHGetSpecialFolderPathA
ShellExecuteExA
ShellExecuteA

ole32

CoInitialize
OleRun
CoCreateInstance
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString
GetErrorInfo

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?_Xran@std@@YAXXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

ws2_32

getpeername
gethostname
WSAStartup
recvfrom
WSACleanup
sendto
send
recv
inet_addr
connect
gethostbyname
setsockopt
shutdown
WSACreateEvent
WSAEventSelect
WSACloseEvent
WSASocketA
socket
htons
bind
getsockname
ntohs
listen
WSASetEvent
WSAWaitForMultipleEvents
WSAGetLastError
WSASetLastError
WSAResetEvent
WSAEnumNetworkEvents
accept
closesocket
WSASend
inet_ntoa
WSARecv

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetSetCookieA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

??0CPSNetwork@@QAE@ABV0@@Z
??0CPSNetwork@@QAE@XZ
??1CPSNetwork@@UAE@XZ
??4CPSNetwork@@QAEAAV0@ABV0@@Z
??_7CPSNetwork@@6B@
?Connect@CPSNetwork@@QAEHXZ
?Disconnect@CPSNetwork@@QAEXXZ
?GetCacheTime@CPSNetwork@@QAEHXZ
?GetChannelName@CPSNetwork@@QAEPBDXZ
?GetChannelOnlineCount@CPSNetwork@@QAEKXZ
?GetComment@CPSNetwork@@QAEPBDH@Z
?GetHttpURL@CPSNetwork@@QAEPBDH@Z
?GetMsg@CPSNetwork@@QAEHAAKPAD@Z
?GetPercent@CPSNetwork@@QAEHAAK0@Z
?GetStatus@CPSNetwork@@QAE?AW4PLAY_STATUS@@XZ
?GetStreamingType@CPSNetwork@@QAE?AW4STREAMING_TYPE@@XZ
?Save@CPSNetwork@@QAEHPBD@Z
?SetLogLevel@CPSNetwork@@QAEHH@Z
?SetParam@CPSNetwork@@QAEXPBD0@Z
?ShowPropertyDlg@CPSNetwork@@QAEXH@Z
FIO_Create

Sections

.text
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/PowerPlayer.dll
.dll regsvr32 windows:4 windows x86 arch:x86

bac002bf332151a4156013a7592fdbc7

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord6111
ord2915
ord1200
ord1175
ord2393
ord1567
ord268
ord4160
ord3619
ord809
ord556
ord1088
ord2122
ord3797
ord6358
ord941
ord926
ord2860
ord6385
ord4202
ord6930
ord5450
ord6394
ord5440
ord6383
ord6379
ord772
ord6142
ord500
ord5860
ord3986
ord5606
ord939
ord4284
ord5873
ord5834
ord2841
ord2448
ord2044
ord2107
ord6467
ord5861
ord6883
ord6648
ord4278
ord6663
ord703
ord404
ord603
ord273
ord275
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord640
ord5785
ord1640
ord323
ord816
ord3908
ord562
ord940
ord1233
ord5575
ord6194
ord6378
ord3815
ord5981
ord6442
ord465
ord4204
ord6928
ord2652
ord4224
ord1669
ord5710
ord2763
ord3716
ord790
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord4622
ord3670
ord561
ord1134
ord3952
ord1205
ord2724
ord6354
ord1216
ord1227
ord6010
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord4006
ord2727
ord2730
ord2729
ord5572
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord2575
ord4707
ord2876
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord5332
ord5328
ord5331
ord5314
ord5333
ord2541
ord4949
ord2998
ord4459
ord5033
ord4502
ord6030
ord6876
ord2956
ord1601
ord3474
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord4713
ord6371
ord5286
ord4438
ord3279
ord4625
ord449
ord746
ord2278
ord6311
ord4171
ord2753
ord3546
ord4317
ord2243
ord5788
ord472
ord5787
ord6646
ord6334
ord2450
ord4133
ord4297
ord3005
ord4033
ord433
ord1132
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord1979
ord665
ord924
ord922
ord1641
ord641
ord795
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord2078
ord289
ord613
ord539
ord6143
ord4476
ord2764
ord6199
ord6605
ord4287
ord2688
ord801
ord541
ord283
ord3742
ord2795
ord6215
ord2086
ord2642
ord4299
ord6880
ord3092
ord2116
ord2614
ord6778
ord6453
ord1168
ord2567
ord3874
ord2380
ord4275
ord609
ord3574
ord4396
ord4023
ord6282
ord6283
ord5683
ord4277
ord4129
ord5875
ord5789
ord2754
ord6172
ord2859
ord5768
ord2864
ord4034
ord535
ord1949
ord818
ord2135
ord823
ord1146
ord1644
ord2863
ord6270
ord2379
ord2438
ord3654
ord2584
ord4220
ord470
ord755
ord4710
ord6380
ord6197
ord4234
ord2302
ord2370
ord2414
ord3626
ord3663
ord825
ord324
ord567
ord540
ord860
ord858
ord800
ord537
ord6877
ord2818
ord354
ord5186
ord3318
ord2919
ord4705
ord5442
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord3573
ord3721
ord4424
ord3402
ord5290
ord1776
ord1226
ord6055
ord1131

msvcrt

strstr
_mbsicmp
abs
fopen
fwrite
fflush
fclose
sprintf
time
strcmp
memset
atoi
strlen
_ftol
_stricmp
__CxxFrameHandler
_mbsstr
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_beginthreadex
_endthreadex
exit
memcpy
strcpy
_access
toupper
memcmp
wcsncpy
pow
atol
strcat
strchr
_mbsrchr
strncpy
strncmp
memmove
_mbscmp
strrchr
wcstol
wcscmp
wcslen
rand
srand
strtoul
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
__dllonexit
_adjust_fdiv
malloc
_initterm
free
_onexit

kernel32

CopyFileA
OpenFile
GetCurrentProcess
GetCurrentProcessId
GetSystemTime
OpenProcess
GetExitCodeProcess
TerminateProcess
WinExec
GetProcAddress
lstrcpynA
CreateDirectoryA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResumeThread
MulDiv
GlobalFree
CreateEventA
FindResourceA
LoadResource
SizeofResource
LockResource
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetVersionExA
DeviceIoControl
InterlockedDecrement
GetLastError
CreateFileA
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
LeaveCriticalSection
LocalFree
LocalAlloc
ResetEvent
SetEvent
WaitForSingleObject
EnterCriticalSection
GetExitCodeThread
DeleteCriticalSection
InitializeCriticalSection
CreateProcessA
CloseHandle
lstrcpyA
GetPrivateProfileStringA
GetTickCount
Sleep
DeleteFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrlenA
lstrcatA
lstrlenW

user32

GetMenuStringA
GetMenuState
InsertMenuItemA
MessageBoxA
GetParent
ClientToScreen
KillTimer
SetTimer
RegisterClassA
DefWindowProcA
PostMessageA
SetRect
ScreenToClient
PtInRect
SetCursor
LoadMenuA
GetSubMenu
GetCursorPos
GetClientRect
GetMessageA
TranslateMessage
PostThreadMessageA
GetCapture
CreatePopupMenu
AppendMenuA
GetClassInfoA
EnableMenuItem
DeleteMenu
InsertMenuA
GetPropA
RemoveMenu
MonitorFromWindow
GetMonitorInfoA
GetDesktopWindow
SetParent
SetRectEmpty
ShowCursor
GrayStringA
TabbedTextOutA
wsprintfA
ShowWindow
SetForegroundWindow
LoadCursorA
CopyIcon
SetWindowLongA
ReleaseCapture
RedrawWindow
DestroyCursor
GetMenuItemCount
GetMenuItemInfoA
GetMenuStringW
GetMenuItemID
ModifyMenuA
UpdateWindow
CopyRect
GetSystemMetrics
SystemParametersInfoA
CharLowerA
IntersectRect
IsRectEmpty
MoveWindow
OffsetRect
mouse_event
DispatchMessageA
InvalidateRect
IsWindow
GetDC
CheckMenuItem
ReleaseDC
EnableWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DrawTextA
FillRect
GetSysColor
GetWindowRect
SetPropA
GetWindowLongA
IsWindowVisible
SendMessageA
SetCapture
InflateRect
FrameRect

gdi32

SetBkColor
GetViewportExtEx
GetWindowExtEx
SetMapMode
GetMapMode
PtVisible
RectVisible
CreateBitmap
ExtTextOutA
Escape
GetNearestColor
Rectangle
GetTextMetricsA
GetObjectA
CreateFontIndirectA
StretchBlt
CreateRectRgnIndirect
CombineRgn
FillRgn
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject
GetTextExtentPoint32A
SelectObject
PatBlt
DeleteObject
SetTextColor
SetBkMode
LPtoDP
TextOutA
CreateSolidBrush
DPtoLP

advapi32

RegSetValueA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA

shell32

SHGetMalloc
ShellExecuteA
ShellExecuteExA
SHGetPathFromIDListA
SHGetSpecialFolderLocation

comctl32

_TrackMouseEvent

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance

olepro32

ord251

oleaut32

LoadRegTypeLi
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

psnetwork

?GetStreamingType@CPSNetwork@@QAE?AW4STREAMING_TYPE@@XZ
?GetPercent@CPSNetwork@@QAEHAAK0@Z
?Save@CPSNetwork@@QAEHPBD@Z
?ShowPropertyDlg@CPSNetwork@@QAEXH@Z
?GetStatus@CPSNetwork@@QAE?AW4PLAY_STATUS@@XZ
?Connect@CPSNetwork@@QAEHXZ
??0CPSNetwork@@QAE@XZ
??1CPSNetwork@@UAE@XZ
?SetParam@CPSNetwork@@QAEXPBD0@Z
?GetHttpURL@CPSNetwork@@QAEPBDH@Z
?GetChannelName@CPSNetwork@@QAEPBDXZ
?Disconnect@CPSNetwork@@QAEXXZ
?GetComment@CPSNetwork@@QAEPBDH@Z

ws2_32

WSACleanup
inet_ntoa
WSAStartup

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/SynacastEWA.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

58f19f0799b04806b0e2151bf3df12fe

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:c3:e4:b2:fd:ab:72:e3:30:e6:54:2b:03:17:9e:b7:e8:49:78:0e
Signer

Actual PE Digest

13:c3:e4:b2:fd:ab:72:e3:30:e6:54:2b:03:17:9e:b7:e8:49:78:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord927
ord2078
ord4219
ord2057
ord6139
ord6874
ord802
ord542
ord1131
ord6565
ord5706
ord6655
ord3491
ord5618
ord4199
ord1105
ord6638
ord6107
ord6330
ord815
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3396
ord4616
ord3665
ord561
ord3947
ord2716
ord6350
ord1213
ord6466
ord1224
ord942
ord6865
ord3452
ord6038
ord1869
ord4244
ord2478
ord2679
ord6360
ord3321
ord6361
ord4466
ord5494
ord3273
ord3348
ord3676
ord446
ord743
ord1174
ord4001
ord3253
ord2719
ord2722
ord2721
ord1223
ord1207
ord2431
ord1686
ord5614
ord994
ord4336
ord4681
ord4633
ord5670
ord2148
ord4850
ord4914
ord5998
ord2129
ord1955
ord5207
ord2948
ord3863
ord5144
ord4699
ord4701
ord2871
ord2993
ord5645
ord4108
ord4655
ord4654
ord4762
ord4644
ord4897
ord4542
ord4515
ord4588
ord4982
ord4919
ord4924
ord4929
ord4653
ord4903
ord4902
ord4662
ord4661
ord4660
ord4642
ord4683
ord5017
ord4648
ord4637
ord4348
ord4774
ord4643
ord4631
ord4630
ord5054
ord4578
ord4365
ord4355
ord4350
ord4733
ord4735
ord4732
ord4403
ord4597
ord5002
ord4409
ord4986
ord4973
ord2480
ord3399
ord4533
ord4528
ord2949
ord2376
ord3566
ord2978
ord3143
ord3255
ord4460
ord2981
ord3075
ord4076
ord4618
ord5821
ord723
ord3941
ord423
ord5330
ord2533
ord4943
ord1594
ord6026
ord4453
ord5027
ord4496
ord4779
ord2787
ord6374
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord1637
ord925
ord4197
ord1884
ord4247
ord1209
ord4564
ord4666
ord4837
ord5005
ord4707
ord6367
ord5282
ord4432
ord3274
ord4619
ord449
ord746
ord2270
ord1863
ord4524
ord5681
ord3269
ord3574
ord439
ord736
ord3231
ord4517
ord4078
ord1937
ord4522
ord4536
ord4538
ord4519
ord5568
ord2910
ord2606
ord6770
ord5679
ord2745
ord4142
ord5142
ord2372
ord816
ord6213
ord6237
ord562
ord2706
ord4029
ord2444
ord956
ord5777
ord465
ord5446
ord6390
ord5436
ord6379
ord1921
ord941
ord665
ord5180
ord354
ord668
ord1972
ord833
ord3176
ord4053
ord2773
ord2762
ord356
ord1971
ord933
ord4028
ord5852
ord4272
ord6279
ord6918
ord6278
ord3706
ord783
ord4688
ord2144
ord1230
ord2776
ord860
ord537
ord6640
ord2755
ord2440
ord5830
ord2036
ord2836
ord2099
ord1129
ord1115
ord1173
ord1568
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord289
ord2855
ord1634
ord5785
ord4294
ord613
ord470
ord540
ord538
ord800
ord2810
ord1128
ord2746
ord755
ord6451
ord1165
ord1229
ord5257
ord2371
ord6437
ord2859
ord4279
ord6376
ord6375
ord6193
ord4270
ord818
ord2406
ord3621
ord3658
ord825
ord567
ord3737
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord940
ord2559
ord801
ord541
ord3087
ord4124
ord6919
ord6921
ord6868
ord535
ord433
ord5571
ord922
ord920
ord837
ord834
ord937
ord2756
ord268
ord1560
ord861
ord6654
ord4273
ord858
ord3211
ord4037
ord5491
ord4847
ord4370
ord3701
ord4704
ord4282
ord6195
ord4229
ord2294
ord324
ord641
ord3592
ord4419
ord5276
ord1767
ord6048
ord2506
ord4992
ord5261
ord3915
ord2680
ord2127
ord1941
ord4155
ord5871
ord3871
ord5047
ord3569
ord2567
ord6597
ord823
ord3792
ord6211
ord3541
ord6871
ord790
ord3711
ord3084
ord5977
ord6017
ord6190
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5869
ord6168
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord795
ord3716
ord609
ord3397
ord2114
ord1088
ord6354
ord2854
ord2566
ord809
ord556
ord3567
ord4390
ord1143
ord2397
ord323
ord1633
ord5781
ord5020
ord640
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord6366
ord3614

msvcrt

_wfopen
fgetws
fclose
_wcsicmp
swprintf
srand
rand
wcscmp
time
wcscat
_wtol
wcscpy
wcsncpy
wcslen
_ftol
abs
memset
_strcmpi
__CxxFrameHandler
fopen
_except_handler3
fflush
vfprintf
_wcsnicmp
strlen
_snprintf
strncpy
memcmp
_adjust_fdiv
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
wcsstr
islower
strrchr
strcat
tolower
strchr
strncmp
isspace
isalnum
isalpha
fputs
fseek
ftell
fread
fprintf
strcmp
_purecall
_CxxThrowException
??0exception@@QAE@ABV0@@Z
fwrite
toupper
wcsncmp
_wsplitpath
wcstok
memmove
_wcslwr
iswspace
_wcsdup
free
atoi
malloc
strcpy
_i64tow
_wtoi
fputws
wcstoul
sprintf
memcpy
fabs

kernel32

LocalFree
WinExec
LoadLibraryExW
CreateDirectoryA
GetSystemDirectoryA
GetTempPathA
DeleteFileA
GetModuleHandleA
GetVersionExA
CreateFileA
UnmapViewOfFile
FlushViewOfFile
ReleaseMutex
CreateMutexW
DeviceIoControl
lstrcpyW
lstrcatW
FindResourceW
SizeofResource
LoadResource
LockResource
CompareFileTime
GetFileTime
CopyFileW
GetPrivateProfileStringA
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
lstrcpynW
WritePrivateProfileStringW
GetVersion
CreateDirectoryW
GetPrivateProfileStringW
GetExitCodeProcess
ResetEvent
CreateEventA
SetEvent
TerminateThread
ExpandEnvironmentStringsW
lstrcmpW
Sleep
CreateProcessW
WaitForSingleObject
OpenProcess
TerminateProcess
VirtualQuery
GetCurrentThread
FindFirstFileA
CreateToolhelp32Snapshot
Module32FirstW
GetCurrentProcessId
GetLongPathNameA
Module32NextW
LoadLibraryA
GetModuleFileNameA
lstrcpyA
lstrcatA
GetCurrentProcess
GetLocalTime
OutputDebugStringA
SetUnhandledExceptionFilter
GetModuleFileNameW
GetModuleHandleW
GetVersionExW
CreateEventW
GetCurrentThreadId
GetPrivateProfileIntW
OutputDebugStringW
OpenFileMappingW
MapViewOfFile
lstrlenW
WideCharToMultiByte
GetTempPathW
InterlockedIncrement
InterlockedDecrement
CreateThread
CloseHandle
GetTickCount
DeleteFileW
GetSystemTime
GetWindowsDirectoryW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GlobalLock
GetACP
lstrlenA
MultiByteToWideChar
GlobalUnlock
LoadLibraryW
GetProcAddress
FreeLibrary
MulDiv
LocalAlloc

user32

TranslateMessage
DispatchMessageW
PostQuitMessage
GetMessagePos
MessageBeep
wsprintfW
GetWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
RedrawWindow
FindWindowW
GetAncestor
WaitForInputIdle
SetWindowLongW
CreateWindowExW
SetWindowPos
DestroyWindow
GetMenuItemCount
EnableMenuItem
ModifyMenuW
CheckMenuItem
GetClassNameW
SetCursorPos
KillTimer
SetWindowsHookExW
MessageBoxW
UnhookWindowsHookEx
MessageBoxA
RegisterClipboardFormatW
PeekMessageW
SystemParametersInfoW
SetForegroundWindow
IsWindowVisible
RegisterWindowMessageW
SetRect
GetDoubleClickTime
MoveWindow
CopyIcon
LoadCursorW
IsChild
SetWindowRgn
EqualRect
SetRectEmpty
LoadMenuW
LoadImageW
GetIconInfo
CreateIconIndirect
GetSysColor
FillRect
DrawStateW
GetSubMenu
TrackPopupMenuEx
WindowFromPoint
GetActiveWindow
GetNextDlgTabItem
GetWindowLongW
DestroyIcon
DestroyCursor
DestroyMenu
ClientToScreen
ScreenToClient
FrameRect
IsRectEmpty
ShowWindow
GetParent
SetParent
SendMessageW
LoadBitmapW
PtInRect
InflateRect
GetSystemMetrics
UpdateWindow
GetClientRect
GetCursorPos
OffsetRect
SetCursor
SetTimer
IsWindow
DefWindowProcW
mouse_event
CopyRect
CallNextHookEx
EnableWindow
DrawFocusRect
ReleaseCapture
SetCapture
PostMessageW
GetKeyState
TabbedTextOutW
DrawTextW
GrayStringW
SubtractRect
GetWindowRect
ReleaseDC
GetDC
InvalidateRect

gdi32

DeleteDC
SetTextColor
SetBkColor
SelectObject
SetPixel
CreateRectRgn
GetTextExtentPoint32W
SetMapMode
CombineRgn
CreateDIBSection
MaskBlt
CreateFontIndirectW
CreateRectRgnIndirect
GetPixel
SelectPalette
SetBitmapDimensionEx
CreateDCW
CreateSolidBrush
DeleteObject
MoveToEx
CreatePen
GetTextMetricsW
SetBkMode
SetTextJustification
CreateRoundRectRgn
FrameRgn
SelectClipRgn
LPtoDP
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
GetBkColor
CreateCompatibleBitmap
BitBlt
StretchBlt
CreateCompatibleDC
GetStockObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
LineTo
CreateBitmap
GetObjectW
RealizePalette
CreateFontW
GetDeviceCaps

advapi32

InitializeSecurityDescriptor
RegQueryValueExW
RegQueryValueW
RegDeleteKeyW
RegCloseKey
SetSecurityDescriptorDacl
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW

shell32

ShellExecuteExW
ShellExecuteW

comctl32

ord17
ImageList_GetImageCount
ImageList_GetIcon
_TrackMouseEvent

ole32

CoUninitialize
CoInitialize
CoCreateInstance
StringFromGUID2

oleaut32

SysStringByteLen
VariantClear
SysAllocString
LoadRegTypeLi
SysFreeString
GetErrorInfo
VariantCopy
VariantInit
SysAllocStringByteLen

urlmon

URLDownloadToFileA
URLDownloadToFileW

msvcp60

??0out_of_range@std@@QAE@ABV01@@Z
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
?clear@ios_base@std@@QAEXH_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPADD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Xran@std@@YAXXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7out_of_range@std@@6B@
??1out_of_range@std@@UAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0logic_error@std@@QAE@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB

shlwapi

PathFileExistsA
PathFindFileNameW
PathFindFileNameA
PathRemoveFileSpecA
PathAppendA
PathFindExtensionW
PathRemoveExtensionW
PathStripPathW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
StrStrIW
StrStrIA

atl

ord42
ord47

rpcrt4

UuidFromStringW
RpcStringFreeA
UuidToStringA
UuidFromStringA

winmm

PlaySoundW
waveOutGetVolume
waveOutSetVolume

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

gethostname
gethostbyname
inet_addr
inet_ntoa

wininet

InternetTimeToSystemTimeA
DeleteUrlCacheEntryW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 308KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/TvantsX.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

6875d19c3a33d2551ac60203561b8a1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\working\tvants\output\releaseunicode\TvantsX.pdb

Imports

kernel32

InterlockedExchange
CompareStringA
FreeLibrary
GlobalFree
GetTickCount
LocalFree
GetPrivateProfileStringA
WritePrivateProfileStringA
Beep
GlobalAlloc
GlobalLock
GlobalUnlock
GetThreadTimes
GetCurrentProcess
GetProcessTimes
GetSystemTime
SetLastError
GetThreadLocale
ResumeThread
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
lstrcmpiA
lstrlenA
InterlockedDecrement
LocalAlloc
GetCurrentThread
ResetEvent
WaitForSingleObject
CloseHandle
GetLocalTime
GetCurrentProcessId
SetEvent
EnumResourceNamesW
SizeofResource
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetLastError
GetVersion
Sleep
MulDiv
LoadResource
LockResource
SetEnvironmentVariableA
GetDriveTypeA
GetCurrentDirectoryA
CreateFileA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetConsoleMode
GetConsoleCP
GetDateFormatA
GetTimeFormatA
LCMapStringA
GetOEMCP
GetACP
VirtualFree
HeapCreate
HeapDestroy
GetTimeZoneInformation
HeapSize
VirtualQuery
GetSystemInfo
VirtualAlloc
CreateThread
ExitThread
ExitProcess
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
HeapReAlloc
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
RtlUnwind
GetFileTime
GlobalFlags
SetErrorMode
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GlobalReAlloc
TlsGetValue
IsDBCSLeadByte
GetUserDefaultLCID
GlobalSize
InterlockedIncrement
SuspendThread
SetThreadPriority
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GlobalDeleteAtom
GetVersionExA
TlsAlloc
GetStringTypeA
GlobalHandle
LocalReAlloc
TlsFree
FindClose
VirtualProtect
ReadFile
TlsSetValue

advapi32

OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCloseKey

user32

DestroyIcon
GetSysColor
CopyRect
OffsetRect
FrameRect
DrawFocusRect
ClientToScreen
ScreenToClient
GetActiveWindow
GetCapture
SetCapture
GetParent
WindowFromPoint
DestroyCursor
GetCursorPos
ReleaseCapture
SetCursor
IsWindow
GetWindowThreadProcessId
IsIconic
GetDesktopWindow
SetForegroundWindow
SetWindowPos
GetSubMenu
SetTimer
GetFocus
GetMenuItemCount
GetMenuItemID
IsMenu
GetMenu
EnumChildWindows
UnionRect
SetParent
GetDlgCtrlID
TranslateMessage
MsgWaitForMultipleObjects
GetAsyncKeyState
GetWindow
IsChild
GetDlgItem
MoveWindow
ShowWindow
IsRectEmpty
PtInRect
SetRect
SetRectEmpty
SetFocus
RedrawWindow
IsWindowVisible
InvalidateRect
GetClientRect
GetWindowRect
SetWindowRgn
FillRect
InflateRect
GetSystemMenu
UnregisterClassA
EndDialog
GetNextDlgTabItem
IsWindowEnabled
DestroyWindow
GetSystemMetrics
SetActiveWindow
GetWindowPlacement
SystemParametersInfoA
IntersectRect
SetWindowPlacement
DeferWindowPos
EqualRect
AdjustWindowRectEx
UpdateWindow
GetKeyState
TrackPopupMenu
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetLastActivePopup
GetForegroundWindow
CallNextHookEx
SendDlgItemMessageA
CheckMenuItem
EnableMenuItem
GetMenuState
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
ValidateRect
ShowOwnedPopups
RemoveMenu
MapDialogRect
SetWindowContextHelpId
DrawEdge
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
InvalidateRgn
DestroyMenu
CreateMenu
LockWindowUpdate
MessageBeep
SetMenu
BringWindowToTop
CreatePopupMenu
ReuseDDElParam
UnpackDDElParam
GetDialogBaseUnits
GetSysColorBrush
GetNextDlgGroupItem
GetTabbedTextExtentA
GetDCEx

gdi32

SetMapMode
SetROP2
SetBkMode
PatBlt
DPtoLP
RestoreDC
SaveDC
StretchBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
GetTextColor
DeleteObject
GetStockObject
GetDeviceCaps
CreateRoundRectRgn
IntersectClipRect
LineTo
MoveToEx
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
Escape
GetBkColor
DeleteMetaFile
CloseMetaFile
LPtoDP
GetClipBox
DeleteDC
SetViewportOrgEx
OffsetViewportOrgEx
UnrealizeObject
Rectangle
GetTextAlign
GetRgnBox
GetMapMode
SetRectRgn
CreateRectRgnIndirect
CombineRgn
CreateSolidBrush
CreatePen
CreatePatternBrush
ExtSelectClipRgn
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx

comctl32

ord17

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathIsRelativeW
StrToIntExA
PathFileExistsW

ws2_32

gethostbyname
WSAStartup
closesocket
WSAGetLastError
inet_addr
htonl
inet_ntoa
listen
shutdown
setsockopt
getsockopt
WSAAsyncSelect
accept
ioctlsocket
ntohs
sendto
recv
send
connect
WSASetLastError
getpeername
getsockname
bind
select
socket
htons
WSACleanup
recvfrom
ntohl

ole32

CoUninitialize
CoInitializeSecurity
CoInitialize
CoCreateGuid
CoTaskMemFree
StringFromCLSID
StringFromGUID2
CoRevokeClassObject
ReadFmtUserTypeStg
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
CreateDataCache
OleSaveToStream
CoDisconnectObject
ReadClassStm
CreateOleAdviseHolder
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CreateDataAdviseHolder
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
OleLoadFromStream
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
CoCreateInstance
CoRegisterClassObject

oleaut32

SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleLoadPicture
OleCreatePictureIndirect
VariantCopy
OleCreateFontIndirect
OleCreatePropertyFrame
LoadTypeLi
RegisterTypeLi
SysStringLen
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysAllocString
VariantClear
LoadRegTypeLi
SysAllocStringLen
SysFreeString

iphlpapi

GetIpAddrTable
GetTcpTable
GetBestRoute

shell32

DragFinish

winspool.drv

ClosePrinter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 964KB - Virtual size: 962KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/common.dll
.dll windows:4 windows x86 arch:x86

4af413a6eee4fec07c0985b05516f3f9

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:d5:13:d1:17:51:9f:61:79:0d:16:19:1e:61:be:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/09/2006, 00:00

Not After

24/09/2007, 23:59

Subject

CN=Synacast Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=technology department,O=Synacast Corp.,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b7:9d:e9:fe:26:0a:b0:a9:e6:7a:19:85:83:0e:ae:f0:35:41:c2:ef
Signer

Actual PE Digest

b7:9d:e9:fe:26:0a:b0:a9:e6:7a:19:85:83:0e:ae:f0:35:41:c2:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord3948
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord825
ord815
ord823
ord3579
ord543
ord803
ord698
ord800
ord861
ord2388
ord540
ord668
ord3176
ord2773
ord2762
ord356
ord858
ord925
ord1165
ord6466
ord911
ord398
ord913
ord4182
ord6279
ord6278
ord4273
ord2755
ord5461
ord798
ord5444
ord532
ord3432
ord4184
ord5588
ord6868
ord1173
ord1568
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord396
ord4269
ord600
ord826
ord269
ord1115

msvcrt

__CxxFrameHandler
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_wtol
wcscmp

kernel32

LocalFree
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalAlloc

shlwapi

PathRemoveFileSpecW

Exports

Exports

GetLanguageResW

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 798B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/in_psp.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:be:c6:c0:7a:72:06:31:ba:4c:7f:9e:e7:bd:75:60
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

25/05/2007, 00:00

Not After

24/05/2008, 23:59

Subject

CN=UUSee Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Multimedia Dept.,O=UUSee Inc.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6f:81:12:91:f4:14:4b:83:46:6b:c8:58:56:aa:e1:a5:79:31:14:23
Signer

Actual PE Digest

6f:81:12:91:f4:14:4b:83:46:6b:c8:58:56:aa:e1:a5:79:31:14:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

uuseePSPmodlePlugin
uuseePSPmodlePlugin2
uuseePSPmodlePlugin3
uuseePSPmodlePlugin4

Sections

.text
Size: 269KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 27KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dll/out_mmshttp.dll
.dll windows:4 windows x86 arch:x86

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:be:c6:c0:7a:72:06:31:ba:4c:7f:9e:e7:bd:75:60
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

25/05/2007, 00:00

Not After

24/05/2008, 23:59

Subject

CN=UUSee Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Multimedia Dept.,O=UUSee Inc.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fd:be:de:e5:80:a1:56:c7:47:95:a0:8e:27:5f:4a:fe:7a:25:05:44
Signer

Actual PE Digest

fd:be:de:e5:80:a1:56:c7:47:95:a0:8e:27:5f:4a:fe:7a:25:05:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

RebootServer2
TestPortUp2
uuseeOutmodulePlugin
uuseeOutmodulePlugin2

Sections

CODE
Size: 66KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dll/p2pmmp/gp2core.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c9f40d2cf9e8ff4405c48b7b04431330

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\P2P_Progrm\p2p_code(上传cvs以前)\code\gotoplay20\gp2core\ReleaseMinSize\gp2core.pdb

Imports

ws2_32

bind
WSAStartup
inet_ntoa
htons
accept
gethostbyname
inet_addr
closesocket
shutdown
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
sendto
WSACloseEvent
WSACreateEvent
getpeername
recvfrom
listen
recv
WSASend
WSAGetOverlappedResult
WSACleanup
WSAIoctl
socket
connect
WSAEventSelect
getsockname

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
RaiseException
GetLastError
lstrlenA
lstrcmpiA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
IsDBCSLeadByte
OutputDebugStringA
FlushInstructionCache
GetCurrentProcess
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
SetLastError
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetSystemTimeAsFileTime
CloseHandle
WriteFile
CreateFileA
DeleteFileA
CopyFileA
SetFilePointerEx
SetEndOfFile
ReadFile
MoveFileExA
FindNextFileA
FindFirstFileA
Sleep
CreateEventA
ResetEvent
GetTickCount
SuspendThread
ResumeThread
WaitForSingleObject
CancelWaitableTimer
WaitForMultipleObjects
CreateWaitableTimerA
SetWaitableTimer
GetLocalTime
GetPrivateProfileIntA
GetCurrentDirectoryA
GetFileAttributesA
CreateDirectoryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
ExitProcess
HeapCreate
HeapDestroy
FatalAppExitA
GetCommandLineA
CreateThread
ExitThread
HeapReAlloc
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect
VirtualAlloc
VirtualFree
TlsGetValue
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
TlsAlloc
GetCurrentProcessId
SetConsoleCtrlHandler
GetLocaleInfoW
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
TlsSetValue
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEvent
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetCPInfo
HeapSize
GetCurrentThread
TlsFree

user32

UnregisterClassA
PostMessageA
MessageBoxA
CreateWindowExA
GetParent
SetFocus
GetFocus
IsChild
RegisterClassExA
InvalidateRect
IsWindow
GetKeyState
CallWindowProcA
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetDC
ReleaseDC
LoadCursorA
GetClassInfoExA
ShowWindow
GetWindowLongA
SetWindowLongA
UnionRect
PtInRect
DefWindowProcA
DestroyWindow
CharNextA
BeginPaint

gdi32

LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCA
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
Rectangle
SetTextAlign
TextOutA
RestoreDC

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
OleLoadFromStream
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CreateOleAdviseHolder
WriteClassStm
OleSaveToStream
CLSIDFromString

oleaut32

SysStringByteLen
SysReAllocString
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocStringByteLen
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
LoadRegTypeLi
OleCreatePropertyFrame

shlwapi

PathFileExistsA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/p2pmmp/mmp.inf
dll/p2pmmp/mmsserver.dll
.dll windows:4 windows x86 arch:x86

32e0d7e732794bbb54385e36574cf509

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup
WSACloseEvent
WSARecv
WSASend
htons
WSAStartup
WSASocketA
WSAGetLastError
bind
listen
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAAccept
closesocket

kernel32

TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
GetVersion
SetLastError
GlobalFlags
WritePrivateProfileStringA
GetModuleHandleA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeLibrary
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GlobalReAlloc
ExitThread
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
RaiseException
HeapSize
HeapReAlloc
GetACP
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalFree
LocalAlloc
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetModuleFileNameA
InterlockedExchange
lstrcmpiA
lstrcpynA
lstrcpyA
LoadLibraryA
GetProcAddress
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
GetWindowsDirectoryA
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
TerminateThread
GetLastError
Sleep
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
ResetEvent
WaitForSingleObject
CloseHandle
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
CreateThread

user32

SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
GetSysColorBrush
DestroyMenu
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetSystemMetrics
wsprintfA
GetDlgItem
LoadCursorA
GetCursorPos

gdi32

Escape
ExtTextOutA
TextOutA
GetObjectA
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
CreateBitmap

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

comctl32

ord17

Exports

Exports

?GetServerStatus@@YAIXZ
?MMServerClose@@YAHI@Z
?MMServerStart@@YAHPADIAAI@Z
?SetFileSize@@YAXIJ@Z

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/p2pmmp/p2pmanager.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d0b2d83a5a8583bb3bc491368a2cbf4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
GetCurrentProcessId
DebugBreak
HeapReAlloc
CreateThread
IsBadCodePtr
SetUnhandledExceptionFilter
RaiseException
LocalFree
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
HeapFree
GetProcAddress
GetOEMCP
GetACP
GlobalAlloc
FlushFileBuffers
RtlUnwind
lstrcpyA
MulDiv
FindResourceA
LoadResource
LockResource
MultiByteToWideChar
GlobalAddAtomA
CreateFileMappingA
GetLastError
MapViewOfFile
UnmapViewOfFile
CompareFileTime
RemoveDirectoryA
GetFileAttributesA
FindFirstFileA
SetFileAttributesA
DeleteFileA
FindNextFileA
FindClose
GetSystemDirectoryA
CreateDirectoryExA
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceExA
lstrlenA
LoadLibraryA
GlobalLock
GlobalUnlock
GetCurrentProcess
FlushInstructionCache
CreateEventA
GetModuleFileNameA
TlsGetValue
SetLastError
TlsSetValue
GetCurrentThreadId
TerminateProcess
ExitProcess
SetStdHandle
GetStdHandle
InterlockedIncrement
InterlockedDecrement
OutputDebugStringA
GetPrivateProfileIntA
GetLocalTime
CreateFileA
SetFilePointer
WriteFile
HeapCreate
GetVersionExA
GetSystemInfo
HeapAlloc
DisableThreadLibraryCalls
lstrlenW
WideCharToMultiByte
GetTickCount
EnterCriticalSection
LeaveCriticalSection
ResetEvent
SetEvent
WaitForSingleObject
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetCPInfo

user32

PostMessageA
EnumChildWindows
ShowWindow
DrawTextA
GetKeyState
GetSysColor
UnionRect
PtInRect
IsDialogMessageA
GetNextDlgTabItem
GetWindow
SendMessageA
GetParent
IsChild
GetFocus
SetWindowLongA
GetDlgItem
GetDC
ReleaseDC
GetDialogBaseUnits
FindWindowA
KillTimer
LoadStringA
MessageBoxA
SetTimer
InvalidateRect
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
IsWindow
SetFocus
DestroyWindow

gdi32

SelectObject
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPointA
GetDeviceCaps
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetObjectA
SetBkColor
GetStockObject
Rectangle
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

ole32

CoTaskMemFree
OleRegGetUserType
CLSIDFromString
CreateOleAdviseHolder
OleRegEnumVerbs
CoTaskMemAlloc
CreateDataAdviseHolder
OleRegGetMiscStatus

oleaut32

SysAllocStringLen
SysStringLen
VariantClear
OleTranslateColor
LoadRegTypeLi
DispCallFunc
OleCreatePropertyFrame
SysFreeString
SafeArrayGetDim
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString

mmsserver

?SetFileSize@@YAXIJ@Z
?MMServerStart@@YAHPADIAAI@Z
?MMServerClose@@YAHI@Z

ws2_32

WSACleanup
gethostbyaddr
recvfrom
inet_addr
gethostbyname
sendto
WSAGetLastError
closesocket
setsockopt
WSASocketA
WSAStartup

atl

ord16
ord21
ord23
ord30
ord58
ord50
ord38
ord43
ord44
ord15
ord10
ord54
ord47
ord48
ord31
ord27
ord26
ord25
ord28
ord18
ord57
ord32
ord11
ord51

urlmon

URLOpenBlockingStreamA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/vodnet.dll
.dll regsvr32 windows:4 windows x86 arch:x86

6f579e3c6fba5c86c554a1948b8f6c9e

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\PPStream-Vod-Work\XSearchNew\ppsvod\PPStreamVod\Release\PPStreamVod.pdb

Imports

kernel32

FindResourceExA
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
ExitThread
TerminateProcess
GetFileType
VirtualAlloc
VirtualQuery
GetCommandLineA
HeapReAlloc
SetStdHandle
HeapSize
RaiseException
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetTimeZoneInformation
UnhandledExceptionFilter
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetStartupInfoA
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GetLocaleInfoW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
FlushFileBuffers
FileTimeToLocalFileTime
MulDiv
GlobalAlloc
FormatMessageA
GlobalLock
GlobalUnlock
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GlobalFree
VirtualProtect
FileTimeToSystemTime
OpenFile
GetModuleHandleA
GlobalMemoryStatus
HeapCreate
HeapAlloc
HeapDestroy
CreateEventA
Sleep
GetProcessHeap
HeapFree
GetSystemInfo
lstrcpynA
CompareStringW
CompareStringA
GetVersion
GetFileTime
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
CreateDirectoryA
LoadLibraryExA
GetProcAddress
FreeLibrary
DeviceIoControl
FindFirstFileA
FindNextFileA
GetLastError
FindClose
CreateFileA
LockFile
WriteFile
UnlockFile
ReadFile
GetFileSize
SetFilePointer
SetEndOfFile
GetFileAttributesA
CreateThread
lstrcpyA
LocalFree
LocalAlloc
ResetEvent
WaitForSingleObject
SetEvent
GetExitCodeThread
CloseHandle
MultiByteToWideChar
GetPrivateProfileStringA
GetModuleFileNameA
SetLastError
RemoveDirectoryA
DeleteFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrcmpiA
InterlockedDecrement
InterlockedIncrement
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
InitializeCriticalSection

user32

LoadCursorA
GetSysColorBrush
DestroyMenu
ValidateRect
SetCursor
PostQuitMessage
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ReleaseDC
GetDC
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
GetKeyState
SetForegroundWindow
UpdateWindow
GetClientRect
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
PtInRect
GetWindow
MapDialogRect
ShowWindow
GetCapture
GetActiveWindow
SetActiveWindow
GetAsyncKeyState
GetFocus
SetFocus
GetDlgItem
IsWindowEnabled
CreateWindowExA
TranslateMessage
GetSystemMetrics
GetWindowLongA
GetCursorPos
GetSysColor
SetWindowPos
ScreenToClient
GetWindowRect
GetMessageA
wsprintfA
CharUpperA
IsWindow
PostMessageA
GetParent
PeekMessageA
DispatchMessageA
MessageBoxA
PostThreadMessageA
SetWindowLongA
SendMessageA
EnableWindow
SetTimer
IsWindowVisible
SendDlgItemMessageA

gdi32

TextOutA
EnumFontFamiliesExA
PtVisible
DeleteObject
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RectVisible
GetObjectA
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32A
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegEnumKeyA
RegQueryInfoKeyA
RegEnumValueA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
CryptReleaseContext
CryptAcquireContextA

comctl32

PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ord17
ImageList_Destroy

shlwapi

UrlUnescapeA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA

ws2_32

inet_ntoa
WSAGetLastError
inet_addr
setsockopt
shutdown
send
recv
WSASocketA
sendto
WSACleanup
recvfrom
WSAStartup
__WSAFDIsSet
select
ioctlsocket
getpeername
closesocket
WSASetEvent
WSACloseEvent
WSAEventSelect
WSASend
WSASetLastError
WSACreateEvent
accept
WSAEnumNetworkEvents
WSAResetEvent
WSARecv
WSAWaitForMultipleEvents
listen
ntohs
getsockname
bind
htons
socket
connect
gethostbyname
gethostname

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree

oleaut32

VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocString

wininet

InternetReadFile
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetOpenUrlA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetSetCookieA

winmm

timeSetEvent
timeKillEvent
timeGetTime

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

CreateVodInstance
DestroyVodInstance
Disconnect
DllRegisterServer
DllUnregisterServer
EventNotify
GetChannelName
GetChannelOnlineCount
GetHttpURL
GetPlayingURL
GetStatus
GetStreamingType
PlayURL
PlayURLForTest
SetEchoSvr
SetParam
ShowPropertyDlg
StopFile

Sections

.text
Size: 672KB - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/vodrc.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3789329c090fb362f9d4d75bb096fa5c

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\XSys\XSearchEngine\PPSResServer\overlayicon\Release\OverlayIcon.pdb

Imports

kernel32

IsDBCSLeadByte
GetModuleFileNameA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
DeleteFileA
CopyFileA
MoveFileA
WritePrivateProfileStringA
CreateDirectoryA
GetProcAddress
LoadLibraryA
RemoveDirectoryA
FindClose
FindNextFileA
MoveFileExA
GetTempFileNameA
FindFirstFileA
GetTempPathA
GetExitCodeThread
CloseHandle
SetEvent
WaitForSingleObject
CreateMutexA
OpenMutexA
OutputDebugStringA
lstrcpyA
InterlockedDecrement
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
GetWindowsDirectoryA
GetSystemTime
FileTimeToSystemTime
GetFileAttributesA
SetEndOfFile
SetFilePointer
GetFileSize
ReadFile
UnlockFile
WriteFile
LockFile
CreateFileA
CreateEventA
HeapDestroy
HeapFree
HeapAlloc
HeapCreate
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
lstrcpynA
GetModuleFileNameW
lstrcmpiA
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetFileTime
IsBadReadPtr
GetOEMCP
GetStringTypeW
GetStringTypeA
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetTimeZoneInformation
UnhandledExceptionFilter
HeapSize
SetUnhandledExceptionFilter
GetCurrentProcessId
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
HeapReAlloc
ExitThread
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetCommandLineA
VirtualFree
SetEnvironmentVariableA

user32

CharNextA
MessageBoxA

advapi32

RegCreateKeyA
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegEnumValueA
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysStringLen

ws2_32

gethostbyname
inet_ntoa
inet_addr
sendto
htons
WSACleanup
recvfrom
socket
bind
WSAStartup
closesocket
getsockname
ntohs

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll/vodres.dll
.dll regsvr32 windows:4 windows x86 arch:x86

02fd941a2b4dc2f6cded673210dab266

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
lstrlenA
GetTickCount
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
GetPrivateProfileIntA
RemoveDirectoryA
FindClose
GetLastError
FindNextFileA
FindFirstFileA
DeleteFileA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetExitCodeThread
SetEvent
WaitForSingleObject
ResetEvent
OutputDebugStringA
lstrcpyA
ResumeThread
CreateThread
GetFileAttributesA
SetEndOfFile
SetFilePointer
GetFileSize
ReadFile
UnlockFile
GetSystemInfo
LockFile
GetModuleFileNameA
CreateFileA
_llseek
Sleep
GetCurrentThreadId
SetLastError
MultiByteToWideChar
PostQueuedCompletionStatus
HeapAlloc
GetProcessHeap
lstrcpynA
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetPrivateProfileStringA
OpenEventA
CreateEventA
QueryPerformanceCounter
FlushFileBuffers
GetLocaleInfoW
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetModuleHandleA
GetCurrentProcessId
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
LoadLibraryA
lstrcmpiA
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
VirtualQuery
GetProcAddress
Module32Next
Module32First
CreateToolhelp32Snapshot
WriteFile
CloseHandle
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
ExitThread
ExitProcess
TerminateProcess
GetFileType
HeapFree
GetCommandLineA
GetVersionExA
LCMapStringA
LCMapStringW
GetCPInfo
HeapReAlloc
HeapSize
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
VirtualProtect
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

GetMessageA
GetParent
wsprintfA
PostMessageA
PostThreadMessageA
IsWindow

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
CryptReleaseContext

imagehlp

ImageDirectoryEntryToData

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

CFA
CFW
CH
DllRegisterServer
DllUnregisterServer
GFS
GOR
GetDelayTmCnt
InitialRootDir
OF
RF
RFE
RegMessageRecv
SFP
SFPE
SetQuitFlag
WF
WFE

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
extern/RealCodecs/RealMediaSplitter.ax
.dll regsvr32 windows:4 windows x86 arch:x86

f79bf9ac2177d3d25eeed41ffd8b9782

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\projects\guliverkli2\src\filters\parser\realmediasplitter\release unicode\RealMediaSplitter.pdb

Imports

kernel32

FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameW
LocalAlloc
GlobalAddAtomW
WritePrivateProfileStringW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GetModuleHandleA
GlobalFlags
CompareStringW
GetVersionExA
LoadLibraryA
GlobalFindAtomW
HeapFree
RtlUnwind
HeapAlloc
GetCommandLineA
GetProcessHeap
SetFilePointer
ExitProcess
SetStdHandle
GetFileType
VirtualQuery
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
WriteFile
ReadFile
GetThreadLocale
GetFileTime
GetFileSize
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
SetLastError
DeleteFileW
Sleep
RaiseException
GetModuleFileNameW
GetVersion
CreateFileW
GetVolumeInformationW
FindFirstFileW
FindClose
DisableThreadLibraryCalls
CreateThread
GetVersionExW
GetTickCount
GetCurrentThread
SetThreadPriority
InterlockedExchange
GetModuleHandleW
VirtualAlloc
CreateSemaphoreW
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForSingleObject
ResetEvent
SetEvent
CreateEventW
CloseHandle
lstrcpynW
InterlockedDecrement
InterlockedIncrement
lstrcmpW
GetLastError
lstrlenA
lstrlenW
GetModuleFileNameA
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
HeapReAlloc

user32

LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UnregisterClassA
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
UnregisterClassW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
CharUpperW
GetSystemMetrics
DestroyMenu
ShowWindow
SetWindowLongW
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
UnhookWindowsHookEx
PostMessageW
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetRect
DispatchMessageW
RegisterWindowMessageW
PeekMessageW
GetSysColorBrush

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
RestoreDC
SetViewportExtEx
PtVisible
SaveDC
OffsetViewportOrgEx
CreateBitmap
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
SetBkColor
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
RectVisible

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shlwapi

PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathRemoveFileSpecA
PathAddBackslashA
PathFindFileNameW

ole32

StringFromGUID2
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString

oleaut32

VariantInit
VariantChangeType
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
extern/RealCodecs/cook.dll
.dll windows:4 windows x86 arch:x86

7186ef18b8145b9efacd73914d40cee0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

free
??3@YAXPAX@Z
memmove
_purecall
_CIpow
malloc
??2@YAPAXI@Z
_ftol
_initterm
_adjust_fdiv

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
extern/RealCodecs/drvc.dll
.dll windows:4 windows x86 arch:x86

5d841dc9603dda4e7058b842c1dedbfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

__CxxFrameHandler
memmove
_ftol
_purecall
malloc
free
??3@YAXPAX@Z
_initterm
_adjust_fdiv
_beginthreadex
??2@YAPAXI@Z

kernel32

WaitForMultipleObjects
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
GetSystemInfo
CreateEventA
QueryPerformanceCounter
SetEvent
QueryPerformanceFrequency
ResetEvent

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

?GetGUID@@YGJPAE@Z
RV40toYUV420CustomMessage
RV40toYUV420Free
RV40toYUV420HiveMessage
RV40toYUV420Init
RV40toYUV420Transform

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

55f3dfd13c0557d3e32bcbc604441dd3

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

35:5c:4c:d6:99:b2:89:6f:bb:b1:d5:22:69:47:f3:acCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 25KB - Virtual size: 25KB

3e8f2b182b3d3a5a8713624244dfecbd

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7b:76:16:97:9c:e3:8e:3c:a3:8d:51:48:24:5c:33:6bCertificate

Extended Key Usages

Key Usages

d9:4e:3c:02:eb:81:94:20:56:5d:78:91:ae:f1:97:30:dc:3e:27:45Signer

Headers

File Characteristics

PDB Paths

Imports

version

winmm

wininet

crypt32

rpcrt4

oleaut32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

urlmon

wsock32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 180KB - Virtual size: 176KB

.data Size: 216KB - Virtual size: 1008KB

.rsrc Size: 60KB - Virtual size: 58KB

.reloc Size: 72KB - Virtual size: 69KB

a9d79d340821ec352051fcf0138d0a55

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

35:5c:4c:d6:99:b2:89:6f:bb:b1:d5:22:69:47:f3:ac
Certificate

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 25KB - Virtual size: 25KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7b:76:16:97:9c:e3:8e:3c:a3:8d:51:48:24:5c:33:6b
Certificate

d9:4e:3c:02:eb:81:94:20:56:5d:78:91:ae:f1:97:30:dc:3e:27:45
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 180KB - Virtual size: 176KB

.data
Size: 216KB - Virtual size: 1008KB

.rsrc
Size: 60KB - Virtual size: 58KB

.reloc
Size: 72KB - Virtual size: 69KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7b:76:16:97:9c:e3:8e:3c:a3:8d:51:48:24:5c:33:6b
Certificate

7c:81:ec:1c:a3:0e:63:22:ed:b5:9e:79:b4:06:5b:62:6a:1b:d0:ee
Signer

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 80B

.rsrc
Size: 100KB - Virtual size: 96KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 8KB