-PC_Setup_File_9944_P@ssWord-[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

[email protected]
Size

11.9MB
MD5

219b93e8bb519e7cdcd11a9ddba718ba
SHA1

0562a734a415a02f0f5b6d0cc9012f836b6847b8
SHA256

a242110bb08a9b177dac7e155eb620cbbf10430c639ab607a6c9ca4f202ef7c9
SHA512

9a996aef0e6af445578048f0c9787cd88b4c1d19b3b64123056f2373abac8ae9d0878056d1a6bb21794dd7bf9ea84bba6860cf2560cd0c0e08346ffca633c72d
SSDEEP

196608:O94f022mGUAzIfrZVWyZ88k2OD1Xj4UDEbG8CifovF99TqmEUgnIcIyBVZjognx7:O960wGurbBXk2OJXjibm99TARnHVZjos

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/-PC_Setup_File_9944_P@ssWord-/FIe/ffmpeg.dll
unpack001/-PC_Setup_File_9944_P@ssWord-/FIe/glib-2.dll
unpack001/-PC_Setup_File_9944_P@ssWord-/FIe/gmodule-2.dll
unpack001/-PC_Setup_File_9944_P@ssWord-/Installer_File.exe

Files

[email protected]
.zip
-PC_Setup_File_9944_P@ssWord-/FIe/CSERHelper.dll
.dll windows:4 windows x86 arch:x86

dc33390e11f40d35aacb3b7595b60d08

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/09/2015, 00:00

Not After

03/10/2018, 12:00

Subject

CN=Valve,O=Valve,L=Bellevue,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:b1:01:21:ff:0d:6b:21:e2:db:68:ef:fb:a5:ce:d5:6d:be:ae:a5
Signer

Actual PE Digest

7b:b1:01:21:ff:0d:6b:21:e2:db:68:ef:fb:a5:ce:d5:6d:be:ae:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

u:\p4clients\taylor_pubkeys\ThirdPartyCode\DebugNet\Release\BugslayerUtil.pdb

Imports

dbghelp

SymSetOptions
SymGetSymFromAddr
SymGetOptions
SymLoadModule64
SymGetModuleInfo64
SymGetLineFromAddr64
SymGetSymFromAddr64
SymGetModuleBase64
SymLoadModule
SymCleanup
SymInitialize
StackWalk64
UnDecorateSymbolName
SymFunctionTableAccess64

kernel32

GetThreadContext
OutputDebugStringW
WriteFile
IsDebuggerPresent
GetProfileIntW
SearchPathW
LoadLibraryW
GetProcAddress
MultiByteToWideChar
GetModuleFileNameA
CreateFileA
WideCharToMultiByte
GetACP
RaiseException
GetModuleHandleW
SetUnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
FormatMessageW
lstrlenA
lstrcpynW
ReadProcessMemory
GlobalAlloc
GetCurrentProcess
GetCurrentThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
LocalFree
ExitProcess
OutputDebugStringA
VirtualQueryEx
GetVersionExW
DisableThreadLibraryCalls
VirtualQuery
VirtualProtect
IsBadStringPtrA
IsBadStringPtrW
CreateFileW
CloseHandle
GetCurrentThreadId
OpenProcess
GetThreadPriority
SetThreadPriority
OpenThread
SuspendThread
ResumeThread
FreeLibrary
GlobalLock
GlobalUnlock
GetLocaleInfoW
FindResourceExW
LoadResource
LockResource
GetProcessHeap
HeapFree
lstrlenW
GetLastError
HeapAlloc
GetCurrentProcessId
SetLastError
InterlockedExchange
LocalAlloc
IsBadWritePtr
GlobalFree
HeapReAlloc
TlsSetValue
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
TerminateProcess
HeapSize
TlsFree
TlsGetValue
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemInfo
LCMapStringA
LCMapStringW
InitializeCriticalSection
SetFilePointer
GetOEMCP
GetCPInfo
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
RtlUnwind
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FlushFileBuffers

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
RegCloseKey

Exports

Exports

AddClientDV
AddCrashHandlerLimitModule
AddDiagAssertModule
AllocAndFillProcessModuleList
BSUAnsi2Wide
BSUGetModuleBaseNameA
BSUGetModuleBaseNameW
BSUGetModuleFileNameExA
BSUGetModuleFileNameExW
BSUIsInteractiveUser
BSUSetCurrentThreadNameA
BSUSetCurrentThreadNameW
BSUSetThreadNameA
BSUSetThreadNameW
BSUSymInitializeA
BSUSymInitializeW
BSUWide2Ansi
CreateCurrentProcessCrashDumpA
CreateCurrentProcessCrashDumpW
DiagAssertA
DiagAssertW
DiagOutputA
DiagOutputW
GetFaultReason
GetFirstStackTraceString
GetLimitModuleCount
GetLimitModulesArray
GetLoadedModules
GetNextStackTraceString
GetProcessThreadIds
GetRegisterString
GetSuperAssertionCount
HookImportedFunctionsByNameA
HookImportedFunctionsByNameW
HookOrdinalExportA
HookOrdinalExportW
IsMiniDumpFunctionAvailable
IsNT
IsNT4
IsServer2003
IsServer2003orBetter
IsW2K
IsW2KorBetter
IsXP
IsXPorBetter
MemStressInitializeA
MemStressInitializeW
MemStressTerminate
SetCrashHandlerFilter
SetDiagAssertFile
SetDiagAssertOptions
SetDiagOutputFile
SnapCurrentProcessMiniDumpA
SnapCurrentProcessMiniDumpW
SuperAssertionA
SuperAssertionW
ValidateAllBlocks

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-PC_Setup_File_9944_P@ssWord-/FIe/concrt140.dll
.dll windows:6 windows x64 arch:x64

5f9b23bd4b0029001f687a1ad625be31

Code Sign

33:00:00:00:e5:ce:9e:eb:de:4d:48:35:f4:00:00:00:00:00:e5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/02/2023, 22:33

Not After

31/01/2024, 22:33

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/05/2013, 20:44

Not After

01/05/2028, 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:10

Not After

31/01/2024, 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:d8:43:bb:3e:75:2a:7b:6d:1d:37:3a:f2:fe:d2:96:d9:d5:dc:40:ae:92:bf:2b:cb:2e:29:ab:8f:e0:81:0e
Signer

Actual PE Digest

10:d8:43:bb:3e:75:2a:7b:6d:1d:37:3a:f2:fe:d2:96:d9:d5:dc:40:ae:92:bf:2b:cb:2e:29:ab:8f:e0:81:0e

Digest Algorithm

sha256

PE Digest Matches

true

10:d8:43:bb:3e:75:2a:7b:6d:1d:37:3a:f2:fe:d2:96:d9:d5:dc:40:ae:92:bf:2b:cb:2e:29:ab:8f:e0:81:0e
Signer

Actual PE Digest

10:d8:43:bb:3e:75:2a:7b:6d:1d:37:3a:f2:fe:d2:96:d9:d5:dc:40:ae:92:bf:2b:cb:2e:29:ab:8f:e0:81:0e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb

Imports

msvcp140

?_Xbad_function_call@std@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
?_Throw_C_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
__uncaught_exception
memcpy
__C_specific_handler
__RTDynamicCast
__std_type_info_destroy_list
__current_exception_context
__current_exception

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-math-l1-1-0

exp
sqrt

api-ms-win-crt-string-l1-1-0

wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
__stdio_common_vswprintf_s
__acrt_iob_func
fflush

kernel32

GetCurrentProcess
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetThreadTimes
EncodePointer
OutputDebugStringW
LoadLibraryW
LoadLibraryExW
SetLastError
SetThreadpoolTimer
UnregisterWaitEx
CreateSemaphoreExW
ReleaseSemaphore
InitializeSListHead
SetProcessAffinityMask
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
GetCurrentProcessorNumber
FlushProcessWriteBuffers
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
GetProcAddress
GetModuleHandleW
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetTickCount64
TlsFree
TlsSetValue
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
CreateTimerQueue
GetCurrentThread
CloseHandle
DuplicateHandle
GetLastError
SetEvent
WaitForSingleObjectEx
TlsAlloc
GetCurrentThreadId
InitializeCriticalSectionEx
CreateEventExW
Sleep
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
TlsGetValue

Exports

Exports

??0?$_SpinWait@$00@details@Concurrency@@QEAA@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QEAA@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QEAA@AEBV01@@Z
??0SchedulerPolicy@Concurrency@@QEAA@XZ
??0SchedulerPolicy@Concurrency@@QEAA@_KZZ
??0_Cancellation_beacon@details@Concurrency@@QEAA@XZ
??0_Concurrent_queue_base_v4@details@Concurrency@@IEAA@_K@Z
??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@AEBV_Concurrent_queue_base_v4@12@@Z
??0_Condition_variable@details@Concurrency@@QEAA@XZ
??0_Context@details@Concurrency@@QEAA@PEAVContext@2@@Z
??0_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_ReaderWriterLock@details@Concurrency@@QEAA@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??0_ReentrantLock@details@Concurrency@@QEAA@XZ
??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_Runtime_object@details@Concurrency@@QEAA@H@Z
??0_Runtime_object@details@Concurrency@@QEAA@XZ
??0_Scheduler@details@Concurrency@@QEAA@PEAVScheduler@2@@Z
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_SpinLock@details@Concurrency@@QEAA@AECJ@Z
??0_StructuredTaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QEAA@XZ
??0_Timer@details@Concurrency@@IEAA@I_N@Z
??0agent@Concurrency@@QEAA@AEAVScheduleGroup@1@@Z
??0agent@Concurrency@@QEAA@AEAVScheduler@1@@Z
??0agent@Concurrency@@QEAA@XZ
??0bad_target@Concurrency@@QEAA@PEBD@Z
??0bad_target@Concurrency@@QEAA@XZ
??0context_self_unblock@Concurrency@@QEAA@PEBD@Z
??0context_self_unblock@Concurrency@@QEAA@XZ
??0context_unblock_unbalanced@Concurrency@@QEAA@PEBD@Z
??0context_unblock_unbalanced@Concurrency@@QEAA@XZ
??0critical_section@Concurrency@@QEAA@XZ
??0default_scheduler_exists@Concurrency@@QEAA@PEBD@Z
??0default_scheduler_exists@Concurrency@@QEAA@XZ
??0event@Concurrency@@QEAA@XZ
??0improper_lock@Concurrency@@QEAA@PEBD@Z
??0improper_lock@Concurrency@@QEAA@XZ
??0improper_scheduler_attach@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_attach@Concurrency@@QEAA@XZ
??0improper_scheduler_detach@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_detach@Concurrency@@QEAA@XZ
??0improper_scheduler_reference@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_reference@Concurrency@@QEAA@XZ
??0invalid_link_target@Concurrency@@QEAA@PEBD@Z
??0invalid_link_target@Concurrency@@QEAA@XZ
??0invalid_multiple_scheduling@Concurrency@@QEAA@PEBD@Z
??0invalid_multiple_scheduling@Concurrency@@QEAA@XZ
??0invalid_oversubscribe_operation@Concurrency@@QEAA@PEBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_key@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_value@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QEAA@XZ
??0message_not_found@Concurrency@@QEAA@PEBD@Z
??0message_not_found@Concurrency@@QEAA@XZ
??0missing_wait@Concurrency@@QEAA@PEBD@Z
??0missing_wait@Concurrency@@QEAA@XZ
??0nested_scheduler_missing_detach@Concurrency@@QEAA@PEBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QEAA@XZ
??0operation_timed_out@Concurrency@@QEAA@PEBD@Z
??0operation_timed_out@Concurrency@@QEAA@XZ
??0reader_writer_lock@Concurrency@@QEAA@XZ
??0scheduler_not_attached@Concurrency@@QEAA@PEBD@Z
??0scheduler_not_attached@Concurrency@@QEAA@XZ
??0scheduler_resource_allocation_error@Concurrency@@QEAA@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QEAA@PEBDJ@Z
??0scheduler_worker_creation_error@Concurrency@@QEAA@J@Z
??0scheduler_worker_creation_error@Concurrency@@QEAA@PEBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QEAA@AEAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z
??0unsupported_os@Concurrency@@QEAA@PEBD@Z
??0unsupported_os@Concurrency@@QEAA@XZ
??1SchedulerPolicy@Concurrency@@QEAA@XZ
??1_Cancellation_beacon@details@Concurrency@@QEAA@XZ
??1_Concurrent_queue_base_v4@details@Concurrency@@MEAA@XZ
??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@XZ
??1_Concurrent_vector_base_v4@details@Concurrency@@IEAA@XZ
??1_Condition_variable@details@Concurrency@@QEAA@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_SpinLock@details@Concurrency@@QEAA@XZ
??1_StructuredTaskCollection@details@Concurrency@@QEAA@XZ
??1_TaskCollection@details@Concurrency@@QEAA@XZ
??1_Timer@details@Concurrency@@MEAA@XZ
??1agent@Concurrency@@UEAA@XZ
??1critical_section@Concurrency@@QEAA@XZ
??1event@Concurrency@@QEAA@XZ
??1reader_writer_lock@Concurrency@@QEAA@XZ
??1scoped_lock@critical_section@Concurrency@@QEAA@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QEAA@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@XZ
??4?$_SpinWait@$00@details@Concurrency@@QEAAAEAV012@$$QEAV012@@Z
??4?$_SpinWait@$00@details@Concurrency@@QEAAAEAV012@AEBV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QEAAAEAV012@$$QEAV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QEAAAEAV012@AEBV012@@Z
??4SchedulerPolicy@Concurrency@@QEAAAEAV01@AEBV01@@Z
??_F?$_SpinWait@$00@details@Concurrency@@QEAAXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QEAAXXZ
??_F_Context@details@Concurrency@@QEAAXXZ
??_F_Scheduler@details@Concurrency@@QEAAXXZ
?AgentEventGuid@Concurrency@@3U_GUID@@B
?Alloc@Concurrency@@YAPEAX_K@Z
?Block@Context@Concurrency@@SAXXZ
?ChoreEventGuid@Concurrency@@3U_GUID@@B
?ConcRTEventGuid@Concurrency@@3U_GUID@@B
?ConcRT_ProviderGuid@Concurrency@@3U_GUID@@B
?ContextEventGuid@Concurrency@@3U_GUID@@B
?Create@CurrentScheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPEAV12@AEBVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPEAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@AEAVlocation@2@@Z
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPEAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPEAX@Z
?Get@CurrentScheduler@Concurrency@@SAPEAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QEBAIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPEAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsAvailableLocation@CurrentScheduler@Concurrency@@SA_NAEBVlocation@2@@Z
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?LockEventGuid@Concurrency@@3U_GUID@@B
?Log2@details@Concurrency@@YAK_K@Z
?NFS_Allocate@details@Concurrency@@YAPEAX_K0PEAX@Z
?NFS_Free@details@Concurrency@@YAXPEAX@Z
?NFS_GetLineSize@details@Concurrency@@YA_KXZ
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?PPLParallelForEventGuid@Concurrency@@3U_GUID@@B
?PPLParallelForeachEventGuid@Concurrency@@3U_GUID@@B
?PPLParallelInvokeEventGuid@Concurrency@@3U_GUID@@B
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPEAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ResourceManagerEventGuid@Concurrency@@3U_GUID@@B
?ScheduleGroupEventGuid@Concurrency@@3U_GUID@@B
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0@Z
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0AEAVlocation@2@@Z
?SchedulerEventGuid@Concurrency@@3U_GUID@@B
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QEAAXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QEAAIW4PolicyElementKey@2@I@Z
?VirtualProcessorEventGuid@Concurrency@@3U_GUID@@B
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QEAAXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXXZ
?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXAEBV123@@Z
?_Byte_reverse_table@details@Concurrency@@3QBEB
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QEAAXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QEAAXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IEAAXXZ
?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ
?_ConcRT_CoreAssert@details@Concurrency@@YAXPEBD0H@Z
?_ConcRT_Trace@details@Concurrency@@YAXHPEB_WZZ
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QEAA_NXZ
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
?_Current_node@location@Concurrency@@SA?AV12@XZ
?_Destroy@_AsyncTaskCollection@details@Concurrency@@EEAAXXZ
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ
?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ
?_GetCombinableSize@details@Concurrency@@YA_KXZ
?_GetConcRTTraceInfo@Concurrency@@YAPEBU_CONCRT_TRACE_INFO@details@1@XZ
?_GetConcurrency@details@Concurrency@@YAIXZ
?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAEA_KXZ
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?_GetScheduler@_Scheduler@details@Concurrency@@QEAAPEAVScheduler@3@XZ
?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ
?_Internal_assign@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEBV123@_KP6AXPEAX1@ZP6AX2PEBX1@Z5@Z
?_Internal_capacity@_Concurrent_vector_base_v4@details@Concurrency@@IEBA_KXZ
?_Internal_clear@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_KP6AXPEAX_K@Z@Z
?_Internal_compact@_Concurrent_vector_base_v4@details@Concurrency@@IEAAPEAX_KPEAXP6AX10@ZP6AX1PEBX0@Z@Z
?_Internal_copy@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEBV123@_KP6AXPEAXPEBX1@Z@Z
?_Internal_empty@_Concurrent_queue_base_v4@details@Concurrency@@IEBA_NXZ
?_Internal_finish_clear@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXXZ
?_Internal_grow_by@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_K_K0P6AXPEAXPEBX0@Z2@Z
?_Internal_grow_to_at_least_with_result@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_K_K0P6AXPEAXPEBX0@Z2@Z
?_Internal_move_push@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXPEAX@Z
?_Internal_pop_if_present@_Concurrent_queue_base_v4@details@Concurrency@@IEAA_NPEAX@Z
?_Internal_push@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXPEBX@Z
?_Internal_push_back@_Concurrent_vector_base_v4@details@Concurrency@@IEAAPEAX_KAEA_K@Z
?_Internal_reserve@_Concurrent_vector_base_v4@details@Concurrency@@IEAAX_K00@Z
?_Internal_resize@_Concurrent_vector_base_v4@details@Concurrency@@IEAAX_K00P6AXPEAX0@ZP6AX1PEBX0@Z3@Z
?_Internal_size@_Concurrent_queue_base_v4@details@Concurrency@@IEBA_KXZ
?_Internal_swap@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXAEAV123@@Z
?_Internal_swap@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEAV123@@Z
?_Internal_throw_exception@_Concurrent_queue_base_v4@details@Concurrency@@IEBAXXZ
?_Internal_throw_exception@_Concurrent_vector_base_v4@details@Concurrency@@IEBAX_K@Z
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QEAA_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QEAA_NXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QEBA_NXZ
?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPEAV123@PEAV_CancellationTokenState@23@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IEAAKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IEAAKXZ
?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z
?_Reference@_Scheduler@details@Concurrency@@QEAAIXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QEAAXXZ
?_Release@_Scheduler@details@Concurrency@@QEAAIXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPEAX@Z0@Z
?_Segment_index_of@_Concurrent_vector_base_v4@details@Concurrency@@KA_K_K@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QEAAXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QEAAXI@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IEAA_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IEAA_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QEAA_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IEAAXXZ
?_Stop@_Timer@details@Concurrency@@IEAAXXZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
?_Trace_ppl_function@Concurrency@@YAXAEBU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QEAA_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QEAA_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QEAA_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAA_NXZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?cancel@agent@Concurrency@@QEAA_NXZ
?current@location@Concurrency@@SA?AV12@XZ
?done@agent@Concurrency@@IEAA_NXZ
?from_numa_node@location@Concurrency@@SA?AV12@G@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QEBAJXZ
?is_current_task_group_canceling@Concurrency@@YA_NXZ
?lock@critical_section@Concurrency@@QEAAXXZ
?lock@reader_writer_lock@Concurrency@@QEAAXXZ
?lock_read@reader_writer_lock@Concurrency@@QEAAXXZ
?native_handle@critical_section@Concurrency@@QEAAAEAV12@XZ
?notify_all@_Condition_variable@details@Concurrency@@QEAAXXZ
?notify_one@_Condition_variable@details@Concurrency@@QEAAXXZ
?reset@event@Concurrency@@QEAAXXZ
?set@event@Concurrency@@QEAAXXZ
?set_task_execution_resources@Concurrency@@YAXGPEAU_GROUP_AFFINITY@@@Z
?set_task_execution_resources@Concurrency@@YAX_K@Z
?start@agent@Concurrency@@QEAA_NXZ
?status@agent@Concurrency@@QEAA?AW4agent_status@2@XZ
?status_port@agent@Concurrency@@QEAAPEAV?$ISource@W4agent_status@Concurrency@@@2@XZ
?try_lock@critical_section@Concurrency@@QEAA_NXZ
?try_lock@reader_writer_lock@Concurrency@@QEAA_NXZ
?try_lock_for@critical_section@Concurrency@@QEAA_NI@Z
?try_lock_read@reader_writer_lock@Concurrency@@QEAA_NXZ
?unlock@critical_section@Concurrency@@QEAAXXZ
?unlock@reader_writer_lock@Concurrency@@QEAAXXZ
?wait@Concurrency@@YAXI@Z
?wait@_Condition_variable@details@Concurrency@@QEAAXAEAVcritical_section@3@@Z
?wait@agent@Concurrency@@SA?AW4agent_status@2@PEAV12@I@Z
?wait@event@Concurrency@@QEAA_KI@Z
?wait_for@_Condition_variable@details@Concurrency@@QEAA_NAEAVcritical_section@3@I@Z
?wait_for_all@agent@Concurrency@@SAX_KPEAPEAV12@PEAW4agent_status@2@I@Z
?wait_for_multiple@event@Concurrency@@SA_KPEAPEAV12@_K_NI@Z
?wait_for_one@agent@Concurrency@@SAX_KPEAPEAV12@AEAW4agent_status@2@AEA_KI@Z

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-PC_Setup_File_9944_P@ssWord-/FIe/crashhandler.dll
.dll windows:6 windows x86 arch:x86

85c6f89b0e0d0bc119d87198c85449b4

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/10/2021, 00:00

Not After

09/10/2024, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

aa:2b:28:cb:14:80:c0:bb:61:5c:bd:aa:9e:ef:ca:3f:bd:44:31:2a:af:b3:d4:62:f1:e2:62:77:a7:1d:eb:78
Signer

Actual PE Digest

aa:2b:28:cb:14:80:c0:bb:61:5c:bd:aa:9e:ef:ca:3f:bd:44:31:2a:af:b3:d4:62:f1:e2:62:77:a7:1d:eb:78

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\buildslave\steam_rel_client_win32\build\src\crashhandler\Release\crashhandler.pdb

Imports

kernel32

OutputDebugStringW
CloseHandle
GetLastError
CreateEventA
Sleep
CreateProcessW
GetSystemTimeAsFileTime
GetModuleFileNameW
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
LCMapStringEx
InitializeCriticalSectionEx
WaitNamedPipeW
GetSystemTime
RtlCaptureContext
EnterCriticalSection
GetCurrentProcess
ReleaseSemaphore
InterlockedDecrement
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetCurrentThreadId
TerminateThread
LoadLibraryW
CreateThread
DeleteCriticalSection
CreateSemaphoreW
InterlockedIncrement
OpenThread
VirtualQueryEx
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineW
GetCurrentProcessId
GlobalMemoryStatusEx
VirtualAlloc
GetModuleFileNameA
LoadLibraryA
LocalAlloc
LocalFree
WideCharToMultiByte
GetCommandLineA
GetProcessHeap
HeapSetInformation
HeapLock
HeapUnlock
HeapWalk
HeapQueryInformation
GlobalAlloc
GlobalUnlock
GlobalLock
LoadLibraryExA
MultiByteToWideChar
RaiseException
SetLastError
TryEnterCriticalSection
SetEvent
ResetEvent
WaitForMultipleObjects
GetCurrentThread
GetExitCodeThread
DebugBreak
WriteFile
SetEnvironmentVariableW
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFullPathNameW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetDriveTypeW
GetFileSizeEx
ReadFile
SetEndOfFile
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedFlushSList
EncodePointer
VirtualQuery
ExitProcess
GetModuleHandleExW
HeapSize
HeapValidate
GetFileType
HeapFree
HeapAlloc
GetStdHandle
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
HeapReAlloc
DecodePointer
SetStdHandle
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
WriteConsoleW
TransactNamedPipe
SetNamedPipeHandleState
OutputDebugStringA
GetProcessHeaps
CreateFileW

psapi

GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcessModules

user32

MessageBoxA
GetDesktopWindow
EnumWindows
GetWindowThreadProcessId
SetDlgItemInt
EndDialog
DialogBoxParamA
IsWindowVisible
GetWindowRect
GetWindowTextLengthA
EmptyClipboard
SetClipboardData
GetDlgItemInt
SetDlgItemTextA
OpenClipboard
CloseClipboard
GetDlgItem
wsprintfA
SetWindowPos

shell32

CommandLineToArgvW

wininet

InternetReadFile
HttpAddRequestHeadersW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
InternetOpenW
InternetQueryDataAvailable
HttpOpenRequestW
InternetCrackUrlW

Exports

Exports

Breakpad_SetSteamID
CreateInterface
g_dwDllEntryThreadId

Sections

.text
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-PC_Setup_File_9944_P@ssWord-/FIe/crashhandler64.dll
.dll windows:6 windows x64 arch:x64

bb3b1347c2da5d4d7ba60d1e70072f78

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/10/2021, 00:00

Not After

09/10/2024, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e4:b9:60:f3:57:7c:48:a3:32:50:2b:c0:56:7e:13:19:ee:4a:6c:a3:44:2b:b1:32:24:bd:e6:1a:7b:11:5c:f7
Signer

Actual PE Digest

e4:b9:60:f3:57:7c:48:a3:32:50:2b:c0:56:7e:13:19:ee:4a:6c:a3:44:2b:b1:32:24:bd:e6:1a:7b:11:5c:f7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\buildslave\steam_rel_client_win64\build\src\crashhandler\win64\Release\crashhandler64.pdb

Imports

kernel32

OutputDebugStringW
CloseHandle
GetLastError
CreateEventA
Sleep
GetCurrentProcessId
CreateProcessW
GetSystemTimeAsFileTime
GetModuleFileNameW
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
DecodePointer
LCMapStringEx
InitializeCriticalSectionEx
GetSystemTime
RtlCaptureContext
VirtualQueryEx
GetCurrentProcess
SetUnhandledExceptionFilter
CreateThread
GetCurrentThreadId
OpenThread
TerminateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
LoadLibraryW
IsDebuggerPresent
TerminateProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetCommandLineW
GlobalMemoryStatusEx
VirtualAlloc
VirtualFree
GetModuleFileNameA
LoadLibraryA
LocalAlloc
LocalFree
WideCharToMultiByte
RtlCaptureStackBackTrace
GetCommandLineA
HeapAlloc
HeapFree
GetProcessHeap
HeapSetInformation
HeapLock
HeapUnlock
HeapWalk
HeapQueryInformation
GlobalAlloc
GlobalUnlock
GlobalLock
LoadLibraryExA
MultiByteToWideChar
RaiseException
SetLastError
TryEnterCriticalSection
SetEvent
ResetEvent
WaitForMultipleObjects
GetExitCodeThread
DebugBreak
GetProcessHeaps
WriteFile
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFullPathNameW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetDriveTypeW
GetFileSizeEx
ReadFile
SetEndOfFile
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
EncodePointer
ExitProcess
GetModuleHandleExW
HeapSize
HeapValidate
GetFileType
GetStdHandle
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
HeapReAlloc
SetStdHandle
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
WriteConsoleW
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
OutputDebugStringA
SetEnvironmentVariableW
CreateFileW
RtlUnwind

psapi

GetModuleBaseNameW
EnumProcessModules
GetProcessMemoryInfo

user32

EnumWindows
GetWindowThreadProcessId
GetDesktopWindow
EmptyClipboard
GetDlgItem
EndDialog
MessageBoxA
GetWindowRect
SetDlgItemTextA
GetWindowTextLengthA
SetClipboardData
GetDlgItemInt
CloseClipboard
SetDlgItemInt
OpenClipboard
wsprintfA
SetWindowPos
IsWindowVisible
DialogBoxParamA

shell32

CommandLineToArgvW

wininet

HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetSetOptionW
InternetQueryDataAvailable
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetCrackUrlW
InternetOpenW

Exports

Exports

Breakpad_SetSteamID
CreateInterface
g_dwDllEntryThreadId

Sections

.text
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-PC_Setup_File_9944_P@ssWord-/FIe/d3dcompiler_46.dll
.dll windows:6 windows x86 arch:x86

876b48ac5a1cad7160b32c8df9ab9938

Code Sign

33:00:00:00:88:59:0e:3c:51:1f:e2:6a:67:00:01:00:00:00:88
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

26/07/2012, 20:50

Not After

26/10/2013, 20:50

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:02:8e:42:00:00:00:00:00:1f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/01/2012, 22:25

Not After

09/04/2013, 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:49:55:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/10/2011, 20:45

Not After

10/01/2013, 20:55

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:15:3e:2c:66:21:b8:92:81:de:f4:46:5a:0c:6b:75:ed:d9:c1:78:60:6b:49:bd:b5:6e:90:86:c9:d5:74:9c
Signer

Actual PE Digest

ee:15:3e:2c:66:21:b8:92:81:de:f4:46:5a:0c:6b:75:ed:d9:c1:78:60:6b:49:bd:b5:6e:90:86:c9:d5:74:9c

Digest Algorithm

sha256

PE Digest Matches

true

e5:7a:17:c6:92:b3:05:15:01:cb:16:53:25:2e:4c:43:b6:42:04:37
Signer

Actual PE Digest

e5:7a:17:c6:92:b3:05:15:01:cb:16:53:25:2e:4c:43:b6:42:04:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_46.pdb

Imports

msvcrt

_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_amsg_exit
_XcptFilter
_vsnprintf
_strtoui64
sscanf
_isnan
strtoul
isxdigit
atof
setlocale
_strdup
_mbstrlen
_vsnwprintf
ceil
modf
strrchr
isalnum
_finite
_clearfp
_controlfp
malloc
_strnicmp
_fpclass
_purecall
strncmp
isspace
strstr
strchr
free
_stricmp
memmove
qsort
isalpha
toupper
atoi
isdigit
tolower
??2@YAPAXI@Z
getenv
??3@YAXPAX@Z
_except_handler4_common
wcsncpy_s
_wcsicmp
memcpy
memset
fclose
strcpy_s
strcat_s
bsearch
_CxxThrowException
_snwprintf_s
wcschr
iswdigit
__unDName
fread
fseek
_wfsopen
vsprintf_s
strncpy_s
wcstol
_wcsnicmp
_wsplitpath_s
towlower
wcscpy_s
??_U@YAPAXI@Z
??_V@YAXPAX@Z
swprintf_s
wcsncat_s
wcsrchr
_wmakepath_s
time
_wfullpath
_wcsdup
_wgetenv
_chsize
_close
_read
_write
_lseeki64
_get_osfhandle
_open_osfhandle
wcscat_s
ftell
sprintf_s
_mbscmp
_memicmp
wcsncmp
_wsopen
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
__CxxFrameHandler3
_ftol2
_ftol2_sse
floor

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExW

kernel32

SetLastError
LeaveCriticalSection
EnterCriticalSection
LocalFree
LocalAlloc
GetVersion
InterlockedDecrement
InterlockedIncrement
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
LCMapStringW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetFileSize
CreateFileA
GetSystemInfo
VirtualAlloc
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
GetFileAttributesW
SetFileAttributesW
CopyFileExW
DeleteFileW
GetFileType
DeviceIoControl
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetFilePointer
FlushViewOfFile
MapViewOfFileEx
GetCurrentProcessId
GetModuleFileNameA
DisableThreadLibraryCalls
CreateFileW
GetLastError
GetFileSizeEx
ReadFile
CloseHandle
WriteFile
WideCharToMultiByte
FreeLibrary
lstrcmpiA
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
HeapCreate
HeapDestroy
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
Sleep
TlsAlloc
InterlockedExchange
TlsSetValue
TlsGetValue
TlsFree
GetFullPathNameW
GetFullPathNameA
GetEnvironmentVariableA
LoadLibraryExW
GetProcAddress

rpcrt4

UuidCreate

Exports

Exports

D3DAssemble
D3DCompile
D3DCompile2
D3DCompileFromFile
D3DCompressShaders
D3DCreateBlob
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DDisassemble11Trace
D3DDisassembleRegion
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DGetTraceInstructionOffsets
D3DPreprocess
D3DReadFileToBlob
D3DReflect
D3DReturnFailure1
D3DSetBlobPart
D3DStripShader
D3DWriteBlobToFile
DebugSetMute

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-PC_Setup_File_9944_P@ssWord-/FIe/d3dcompiler_46_64.dll
.dll windows:6 windows x64 arch:x64

dbf56f70ee344f39500f2f3cafb3ea13

Code Sign

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9d
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:42

Not After

04/03/2013, 21:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/08/2012, 17:49

Not After

30/11/2013, 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:98:68:09:b0:d3:8f:2e:5a:a3:cc:7d:cf:b8:84:e9:9f:77:0b:1b:e9:cd:ab:f5:20:95:f2:8d:25:20:9b:44
Signer

Actual PE Digest

d6:98:68:09:b0:d3:8f:2e:5a:a3:cc:7d:cf:b8:84:e9:9f:77:0b:1b:e9:cd:ab:f5:20:95:f2:8d:25:20:9b:44

Digest Algorithm

sha256

PE Digest Matches

true

d6:33:8f:ba:6f:aa:0f:71:25:56:1f:d7:ab:5f:ac:ff:52:9d:b5:cb
Signer

Actual PE Digest

d6:33:8f:ba:6f:aa:0f:71:25:56:1f:d7:ab:5f:ac:ff:52:9d:b5:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_46.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_strtoui64
sscanf
_vsnprintf
_isnan
strtoul
isxdigit
atof
setlocale
_strdup
_mbstrlen
_vsnwprintf
modf
strrchr
isalnum
_finite
_clearfp
_controlfp
malloc
_strnicmp
_fpclass
_purecall
strncmp
isspace
strstr
strchr
free
_stricmp
memmove
qsort
isalpha
toupper
atoi
isdigit
tolower
??2@YAPEAX_K@Z
getenv
??3@YAXPEAX@Z
wcsncmp
_onexit
_wcsicmp
memcpy
memset
fclose
strcpy_s
strcat_s
bsearch
_CxxThrowException
memcmp
_snwprintf_s
wcschr
iswdigit
__unDName
fread
fseek
_wfsopen
vsprintf_s
strncpy_s
wcstol
_wcsnicmp
_wsplitpath_s
towlower
wcscpy_s
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
swprintf_s
wcsncat_s
wcsrchr
_wfullpath
_wmakepath_s
_time64
_chsize
_close
_read
_write
_lseeki64
_get_osfhandle
_open_osfhandle
_wcsdup
wcscat_s
ftell
sprintf_s
_mbscmp
_memicmp
_wgetenv
wcsncpy_s
_wsopen
__CxxFrameHandler3
acos
asin
atan
atan2
ceil
cos
cosh
exp
floor
floorf
fmod
log
pow
sin
sinh
sqrt
tan
tanh

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExW

kernel32

LeaveCriticalSection
EnterCriticalSection
LocalFree
LocalAlloc
GetVersion
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetLastError
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetModuleFileNameA
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetFileSize
CreateFileA
GetSystemInfo
VirtualAlloc
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
LCMapStringW
GetFileAttributesW
SetFileAttributesW
CopyFileExW
DeleteFileW
GetFileType
DeviceIoControl
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetFilePointer
FlushViewOfFile
MapViewOfFileEx
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
DisableThreadLibraryCalls
CreateFileW
GetLastError
GetFileSizeEx
ReadFile
CloseHandle
WriteFile
WideCharToMultiByte
FreeLibrary
lstrcmpiA
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
HeapCreate
HeapDestroy
HeapAlloc
GetProcessHeap
HeapFree
Sleep
TlsAlloc
TlsSetValue
TlsGetValue
TlsFree
GetFullPathNameW
GetFullPathNameA
GetEnvironmentVariableA
LoadLibraryExW
GetProcAddress

rpcrt4

UuidCreate

Exports

Exports

D3DAssemble
D3DCompile
D3DCompile2
D3DCompileFromFile
D3DCompressShaders
D3DCreateBlob
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DDisassemble11Trace
D3DDisassembleRegion
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DGetTraceInstructionOffsets
D3DPreprocess
D3DReadFileToBlob
D3DReflect
D3DReturnFailure1
D3DSetBlobPart
D3DStripShader
D3DWriteBlobToFile
DebugSetMute

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-PC_Setup_File_9944_P@ssWord-/FIe/d3dcompiler_47.dll
.dll windows:10 windows x86 arch:x86

185ce3a45c3a9cfb3bf83afd7f79c140

Code Sign

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:24

Not After

02/12/2021, 21:24

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:01:09:e5:f9:cf:93:de:bb:73:ba:83:76:3f:3b:3a:15:05:a8:8b:66:6c:b6:da:27:97:34:46:68:78:5b:68
Signer

Actual PE Digest

84:01:09:e5:f9:cf:93:de:bb:73:ba:83:76:3f:3b:3a:15:05:a8:8b:66:6c:b6:da:27:97:34:46:68:78:5b:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_47.pdb

Imports

kernel32

WriteFile
FreeLibrary
Sleep
TlsAlloc
TlsSetValue
HeapDestroy
TlsGetValue
TlsFree
GetFullPathNameW
GetFullPathNameA
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
GetSystemInfo
GetProcAddress
LoadLibraryExW
SetLastError
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
RaiseException
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleW
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetFilePointerEx
GetStringTypeW
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadFile
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetModuleFileNameW
ReadConsoleW
HeapSize
HeapReAlloc
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwind
InterlockedFlushSList
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
LocalAlloc
LocalFree
GetFileSizeEx
GetLastError
CreateFileW
HeapFree
GetProcessHeap
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
GetFileAttributesW
SetFileAttributesW
DeleteFileW
SetEndOfFile
DeviceIoControl
MapViewOfFileEx
CreateFileMappingA
ExpandEnvironmentStringsW
HeapAlloc
OutputDebugStringA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
lstrcmpiA
HeapCreate
GetModuleFileNameA
CreateFileA
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetDriveTypeW
GetCurrentDirectoryW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
MultiByteToWideChar
SetEnvironmentVariableW
DisableThreadLibraryCalls

advapi32

CryptDestroyHash
CryptAcquireContextW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
CryptGetHashParam
CryptCreateHash
CryptHashData
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptReleaseContext

rpcrt4

UuidCreate

Exports

Exports

D3DAssemble
D3DCompile
D3DCompile2
D3DCompileFromFile
D3DCompressShaders
D3DCreateBlob
D3DCreateFunctionLinkingGraph
D3DCreateLinker
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DDisassemble11Trace
D3DDisassembleRegion
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DGetTraceInstructionOffsets
D3DLoadModule
D3DPreprocess
D3DReadFileToBlob
D3DReflect
D3DReflectLibrary
D3DReturnFailure1
D3DSetBlobPart
D3DStripShader
D3DWriteBlobToFile
DebugSetMute

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-PC_Setup_File_9944_P@ssWord-/FIe/ffmpeg.dll
.dll windows:5 windows x86 arch:x86

c7497313062f9c96c83518b36f70731f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\src\out\Default\ffmpeg.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateEventW
CreateFileW
CreateThread
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapQueryInformation
HeapReAlloc
HeapSize
InitOnceBeginInitialize
InitOnceComplete
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

av_buffer_create
av_buffer_get_opaque
av_dict_count
av_dict_free
av_dict_get
av_dict_set
av_force_cpu_flags
av_frame_alloc
av_frame_clone
av_frame_free
av_frame_unref
av_free
av_get_bytes_per_sample
av_get_cpu_flags
av_image_check_size
av_init_packet
av_log_set_level
av_malloc
av_max_alloc
av_new_packet
av_packet_alloc
av_packet_copy_props
av_packet_free
av_packet_get_side_data
av_packet_unref
av_rdft_calc
av_rdft_end
av_rdft_init
av_read_frame
av_rescale_q
av_samples_get_buffer_size
av_seek_frame
av_stream_get_first_dts
av_stream_get_side_data
av_strerror
avcodec_align_dimensions
avcodec_alloc_context3
avcodec_descriptor_get
avcodec_descriptor_next
avcodec_find_decoder
avcodec_flush_buffers
avcodec_free_context
avcodec_get_name
avcodec_open2
avcodec_parameters_to_context
avcodec_receive_frame
avcodec_send_packet
avformat_alloc_context
avformat_close_input
avformat_find_stream_info
avformat_free_context
avformat_open_input
avio_alloc_context
avio_close

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 132B

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-PC_Setup_File_9944_P@ssWord-/FIe/glib-2.dll
.dll windows:6 windows x64 arch:x64

f97499326d070979651d83a0a6ca0500

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\winlib-builder\winlib-builder\glib\win32\vs16\Release\x64\bin\glib-2.pdb

Imports

ws2_32

WSAGetLastError
closesocket
WSACreateEvent
WSASetEvent
WSAEventSelect
send
recv
getsockopt
WSAEnumNetworkEvents
ioctlsocket
WSACloseEvent

kernel32

RtlLookupFunctionEntry
GetCurrentThreadId
InitializeSListHead
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcessId
RtlCaptureContext
IsDebuggerPresent
IsDBCSLeadByteEx
GetCPInfo
GetACP
IsValidCodePage
MultiByteToWideChar
GetLastError
LoadLibraryA
GetProcAddress
WideCharToMultiByte
GetThreadLocale
GetLocaleInfoW
GetTimeZoneInformation
GetTimeFormatW
GetDateFormatW
GetFileAttributesW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentDirectoryW
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetExitCodeProcess
UnmapViewOfFile
CloseHandle
CreateFileMappingA
MapViewOfFile
SetConsoleMode
GetConsoleMode
LoadLibraryW
FreeLibrary
WaitForMultipleObjectsEx
SleepEx
GetSystemInfo
MoveFileExW
TerminateProcess
GetCurrentProcess
GetProcessAffinityMask
GetNativeSystemInfo
Sleep
GetModuleFileNameW
GetSystemDirectoryW
GetModuleHandleA
GetWindowsDirectoryW
DebugBreak
VirtualQuery
GetComputerNameA
SetEvent
ResetEvent
CreateEventA
ReadFile
EnterCriticalSection
WriteFile
LeaveCriticalSection
InitializeCriticalSection
PeekNamedPipe
PeekConsoleInputA
WaitForSingleObject
ReadConsoleInputA
DeleteCriticalSection
DuplicateHandle
GetConsoleWindow
TryEnterCriticalSection
TlsSetValue
TlsAlloc
RaiseException
IsProcessorFeaturePresent
GetCommandLineW
GetShortPathNameW
GetLocaleInfoA
GetVersion
FormatMessageW
LocalFree
GetModuleHandleW
EnumResourceLanguagesA
GetFileType
TlsGetValue
SetUnhandledExceptionFilter

user32

PostMessageA
IsWindow
PeekMessageA
MessageBoxA
MsgWaitForMultipleObjectsEx

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
GetUserNameW

shell32

CommandLineToArgvW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

vcruntime140

memcmp
memmove
memcpy
strchr
strstr
memchr
__std_type_info_destroy_list
strrchr
__C_specific_handler
memset
wcschr

api-ms-win-crt-string-l1-1-0

isalnum
isalpha
isspace
_strdup
strspn
strxfrm
strcoll
strncpy
strncmp
_strnicmp
_stricmp
tolower
strcspn
islower
strpbrk
isdigit
strcmp
wcsncmp
isupper
toupper
wcsspn

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_cexit
_initterm
_errno
_initterm_e
raise
strerror_s
abort
_set_invalid_parameter_handler
_endthreadex
strerror
_getpid
_exit
_beginthreadex
_execute_onexit_table
exit
_crt_atexit

api-ms-win-crt-time-l1-1-0

_mktime64
_localtime64
_wutime64
_time64
_gmtime64

api-ms-win-crt-convert-l1-1-0

strtoul
strtod
wctomb
strtol
atoi
atol

api-ms-win-crt-heap-l1-1-0

free
realloc
calloc
malloc

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv
___mb_cur_max_func

api-ms-win-crt-filesystem-l1-1-0

_findclose
_wfindfirst64i32
_fstat64
_wstat64i32
_wchmod
_wfindnext64i32
_fstat64i32
_wfullpath
_wrmdir
_wremove
_wunlink
_wchdir
_wmkdir
_waccess

api-ms-win-crt-environment-l1-1-0

getenv
_wputenv

api-ms-win-crt-stdio-l1-1-0

_lseek
_fileno
_getcwd
_chsize
__stdio_common_vsprintf
_open_osfhandle
_pipe
fflush
_write
_get_osfhandle
__acrt_iob_func
fread
_read
_close
_open
__stdio_common_vfprintf
fopen
putc
_isatty
fwrite
feof
fclose
fgets
fputs
_wfopen
ferror
_wfreopen
_wcreat
_wopen
_kbhit

api-ms-win-crt-utility-l1-1-0

rand_s
qsort
bsearch

api-ms-win-crt-process-l1-1-0

_wspawnvp
_wspawnvpe
_wspawnv
_wspawnve

Exports

Exports

__glib_assert_msg
_glib_get_locale_dir
g_abort
g_access
g_allocator_free
g_allocator_new
g_array_append_vals
g_array_free
g_array_get_element_size
g_array_insert_vals
g_array_new
g_array_prepend_vals
g_array_ref
g_array_remove_index
g_array_remove_index_fast
g_array_remove_range
g_array_set_clear_func
g_array_set_size
g_array_sized_new
g_array_sort
g_array_sort_with_data
g_array_unref
g_ascii_digit_value
g_ascii_dtostr
g_ascii_formatd
g_ascii_strcasecmp
g_ascii_strdown
g_ascii_string_to_signed
g_ascii_string_to_unsigned
g_ascii_strncasecmp
g_ascii_strtod
g_ascii_strtoll
g_ascii_strtoull
g_ascii_strup
g_ascii_table
g_ascii_tolower
g_ascii_toupper
g_ascii_xdigit_value
g_assert_warning
g_assertion_message
g_assertion_message_cmpnum
g_assertion_message_cmpstr
g_assertion_message_error
g_assertion_message_expr
g_async_queue_length
g_async_queue_length_unlocked
g_async_queue_lock
g_async_queue_new
g_async_queue_new_full
g_async_queue_pop
g_async_queue_pop_unlocked
g_async_queue_push
g_async_queue_push_front
g_async_queue_push_front_unlocked
g_async_queue_push_sorted
g_async_queue_push_sorted_unlocked
g_async_queue_push_unlocked
g_async_queue_ref
g_async_queue_ref_unlocked
g_async_queue_remove
g_async_queue_remove_unlocked
g_async_queue_sort
g_async_queue_sort_unlocked
g_async_queue_timed_pop
g_async_queue_timed_pop_unlocked
g_async_queue_timeout_pop
g_async_queue_timeout_pop_unlocked
g_async_queue_try_pop
g_async_queue_try_pop_unlocked
g_async_queue_unlock
g_async_queue_unref
g_async_queue_unref_and_unlock
g_atexit
g_atomic_int_add
g_atomic_int_and
g_atomic_int_compare_and_exchange
g_atomic_int_dec_and_test
g_atomic_int_exchange_and_add
g_atomic_int_get
g_atomic_int_inc
g_atomic_int_or
g_atomic_int_set
g_atomic_int_xor
g_atomic_pointer_add
g_atomic_pointer_and
g_atomic_pointer_compare_and_exchange
g_atomic_pointer_get
g_atomic_pointer_or
g_atomic_pointer_set
g_atomic_pointer_xor
g_base64_decode
g_base64_decode_inplace
g_base64_decode_step
g_base64_encode
g_base64_encode_close
g_base64_encode_step
g_basename
g_bit_lock
g_bit_nth_lsf
g_bit_nth_msf
g_bit_storage
g_bit_trylock
g_bit_unlock
g_blow_chunks
g_bookmark_file_add_application
g_bookmark_file_add_group
g_bookmark_file_error_quark
g_bookmark_file_free
g_bookmark_file_get_added
g_bookmark_file_get_app_info
g_bookmark_file_get_applications
g_bookmark_file_get_description
g_bookmark_file_get_groups
g_bookmark_file_get_icon
g_bookmark_file_get_is_private
g_bookmark_file_get_mime_type
g_bookmark_file_get_modified
g_bookmark_file_get_size
g_bookmark_file_get_title
g_bookmark_file_get_uris
g_bookmark_file_get_visited
g_bookmark_file_has_application
g_bookmark_file_has_group
g_bookmark_file_has_item
g_bookmark_file_load_from_data
g_bookmark_file_load_from_data_dirs
g_bookmark_file_load_from_file
g_bookmark_file_move_item
g_bookmark_file_new
g_bookmark_file_remove_application
g_bookmark_file_remove_group
g_bookmark_file_remove_item
g_bookmark_file_set_added
g_bookmark_file_set_app_info
g_bookmark_file_set_description
g_bookmark_file_set_groups
g_bookmark_file_set_icon
g_bookmark_file_set_is_private
g_bookmark_file_set_mime_type
g_bookmark_file_set_modified
g_bookmark_file_set_title
g_bookmark_file_set_visited
g_bookmark_file_to_data
g_bookmark_file_to_file
g_build_filename
g_build_filenamev
g_build_path
g_build_pathv
g_byte_array_append
g_byte_array_free
g_byte_array_free_to_bytes
g_byte_array_new
g_byte_array_new_take
g_byte_array_prepend
g_byte_array_ref
g_byte_array_remove_index
g_byte_array_remove_index_fast
g_byte_array_remove_range
g_byte_array_set_size
g_byte_array_sized_new
g_byte_array_sort
g_byte_array_sort_with_data
g_byte_array_unref
g_bytes_compare
g_bytes_equal
g_bytes_get_data
g_bytes_get_size
g_bytes_hash
g_bytes_new
g_bytes_new_from_bytes
g_bytes_new_static
g_bytes_new_take
g_bytes_new_with_free_func
g_bytes_ref
g_bytes_unref
g_bytes_unref_to_array
g_bytes_unref_to_data
g_cache_destroy
g_cache_insert
g_cache_key_foreach
g_cache_new
g_cache_remove
g_cache_value_foreach
g_chdir
g_checksum_copy
g_checksum_free
g_checksum_get_digest
g_checksum_get_string
g_checksum_new
g_checksum_reset
g_checksum_type_get_length
g_checksum_update
g_child_watch_add
g_child_watch_add_full
g_child_watch_funcs
g_child_watch_source_new
g_chmod
g_clear_error
g_clear_pointer
g_close
g_completion_add_items
g_completion_clear_items
g_completion_complete
g_completion_complete_utf8
g_completion_free
g_completion_new
g_completion_remove_items
g_completion_set_compare
g_compute_checksum_for_bytes
g_compute_checksum_for_data
g_compute_checksum_for_string
g_compute_hmac_for_bytes
g_compute_hmac_for_data
g_compute_hmac_for_string
g_cond_broadcast
g_cond_clear
g_cond_free
g_cond_init
g_cond_new
g_cond_signal
g_cond_timed_wait
g_cond_wait
g_cond_wait_until
g_convert
g_convert_error_quark
g_convert_with_fallback
g_convert_with_iconv
g_creat
g_datalist_clear
g_datalist_foreach
g_datalist_get_data
g_datalist_get_flags
g_datalist_id_dup_data
g_datalist_id_get_data
g_datalist_id_remove_no_notify
g_datalist_id_replace_data
g_datalist_id_set_data_full
g_datalist_init
g_datalist_set_flags
g_datalist_unset_flags
g_dataset_destroy
g_dataset_foreach
g_dataset_id_get_data
g_dataset_id_remove_no_notify
g_dataset_id_set_data_full
g_date_add_days
g_date_add_months
g_date_add_years
g_date_clamp
g_date_clear
g_date_compare
g_date_days_between
g_date_free
g_date_get_day
g_date_get_day_of_year
g_date_get_days_in_month
g_date_get_iso8601_week_of_year
g_date_get_julian
g_date_get_monday_week_of_year
g_date_get_monday_weeks_in_year
g_date_get_month
g_date_get_sunday_week_of_year
g_date_get_sunday_weeks_in_year
g_date_get_weekday
g_date_get_year
g_date_is_first_of_month
g_date_is_last_of_month
g_date_is_leap_year
g_date_new
g_date_new_dmy
g_date_new_julian
g_date_order
g_date_set_day
g_date_set_dmy
g_date_set_julian
g_date_set_month
g_date_set_parse
g_date_set_time
g_date_set_time_t
g_date_set_time_val
g_date_set_year
g_date_strftime
g_date_subtract_days
g_date_subtract_months
g_date_subtract_years
g_date_time_add
g_date_time_add_days
g_date_time_add_full
g_date_time_add_hours
g_date_time_add_minutes
g_date_time_add_months
g_date_time_add_seconds
g_date_time_add_weeks
g_date_time_add_years
g_date_time_compare
g_date_time_difference
g_date_time_equal
g_date_time_format
g_date_time_get_day_of_month
g_date_time_get_day_of_week
g_date_time_get_day_of_year
g_date_time_get_hour
g_date_time_get_microsecond
g_date_time_get_minute
g_date_time_get_month
g_date_time_get_second
g_date_time_get_seconds
g_date_time_get_timezone_abbreviation
g_date_time_get_utc_offset
g_date_time_get_week_numbering_year
g_date_time_get_week_of_year
g_date_time_get_year
g_date_time_get_ymd
g_date_time_hash
g_date_time_is_daylight_savings
g_date_time_new
g_date_time_new_from_timeval_local
g_date_time_new_from_timeval_utc
g_date_time_new_from_unix_local
g_date_time_new_from_unix_utc
g_date_time_new_local
g_date_time_new_now
g_date_time_new_now_local
g_date_time_new_now_utc
g_date_time_new_utc
g_date_time_ref
g_date_time_to_local
g_date_time_to_timeval
g_date_time_to_timezone
g_date_time_to_unix
g_date_time_to_utc
g_date_time_unref
g_date_to_struct_tm
g_date_valid
g_date_valid_day
g_date_valid_dmy
g_date_valid_julian
g_date_valid_month
g_date_valid_weekday
g_date_valid_year
g_dcgettext
g_dgettext
g_dir_close
g_dir_make_tmp
g_dir_open
g_dir_open_utf8
g_dir_read_name
g_dir_read_name_utf8
g_dir_rewind
g_direct_equal
g_direct_hash
g_dngettext
g_double_equal
g_double_hash
g_dpgettext
g_dpgettext2
g_environ_getenv
g_environ_setenv
g_environ_unsetenv
g_error_copy
g_error_free
g_error_matches
g_error_new
g_error_new_literal
g_error_new_valist
g_file_error_from_errno
g_file_error_quark
g_file_get_contents
g_file_get_contents_utf8
g_file_open_tmp
g_file_open_tmp_utf8
g_file_read_link
g_file_set_contents
g_file_test
g_file_test_utf8
g_filename_display_basename
g_filename_display_name
g_filename_from_uri
g_filename_from_uri_utf8
g_filename_from_utf8
g_filename_from_utf8_utf8
g_filename_to_uri
g_filename_to_uri_utf8
g_filename_to_utf8
g_filename_to_utf8_utf8
g_find_program_in_path
g_fopen
g_format_size
g_format_size_for_display
g_format_size_full
g_fprintf
g_free
g_freopen
g_get_application_name
g_get_charset
g_get_codeset
g_get_current_dir
g_get_current_dir_utf8
g_get_current_time
g_get_environ
g_get_filename_charsets
g_get_home_dir
g_get_host_name
g_get_language_names
g_get_locale_variants
g_get_monotonic_time
g_get_num_processors
g_get_prgname
g_get_real_name
g_get_real_time
g_get_system_config_dirs
g_get_system_data_dirs
g_get_tmp_dir
g_get_user_cache_dir
g_get_user_config_dir
g_get_user_data_dir
g_get_user_name
g_get_user_runtime_dir
g_get_user_special_dir
g_getenv
g_getenv_utf8
g_hash_table_add
g_hash_table_contains
g_hash_table_destroy
g_hash_table_find
g_hash_table_foreach
g_hash_table_foreach_remove
g_hash_table_foreach_steal
g_hash_table_get_keys
g_hash_table_get_keys_as_array
g_hash_table_get_values
g_hash_table_insert
g_hash_table_iter_get_hash_table
g_hash_table_iter_init
g_hash_table_iter_next
g_hash_table_iter_remove
g_hash_table_iter_replace
g_hash_table_iter_steal
g_hash_table_lookup
g_hash_table_lookup_extended
g_hash_table_new
g_hash_table_new_full
g_hash_table_ref
g_hash_table_remove
g_hash_table_remove_all
g_hash_table_replace
g_hash_table_size
g_hash_table_steal
g_hash_table_steal_all
g_hash_table_unref
g_hmac_copy
g_hmac_get_digest
g_hmac_get_string
g_hmac_new
g_hmac_ref
g_hmac_unref
g_hmac_update
g_hook_alloc
g_hook_compare_ids
g_hook_destroy
g_hook_destroy_link
g_hook_find
g_hook_find_data
g_hook_find_func
g_hook_find_func_data
g_hook_first_valid
g_hook_free
g_hook_get
g_hook_insert_before
g_hook_insert_sorted
g_hook_list_clear
g_hook_list_init
g_hook_list_invoke
g_hook_list_invoke_check
g_hook_list_marshal
g_hook_list_marshal_check
g_hook_next_valid
g_hook_prepend
g_hook_ref
g_hook_unref
g_hostname_is_ascii_encoded
g_hostname_is_ip_address
g_hostname_is_non_ascii
g_hostname_to_ascii
g_hostname_to_unicode
g_iconv
g_iconv_close
g_iconv_open
g_idle_add
g_idle_add_full
g_idle_funcs
g_idle_remove_by_data
g_idle_source_new
g_int64_equal
g_int64_hash
g_int_equal
g_int_hash
g_intern_static_string
g_intern_string
g_io_add_watch

Sections

.text
Size: 976KB - Virtual size: 976KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-PC_Setup_File_9944_P@ssWord-/FIe/gmodule-2.dll
.dll windows:6 windows x64 arch:x64

dd3969e7102609331d83594201dc28c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\winlib-builder\winlib-builder\glib\win32\vs16\Release\x64\bin\gmodule-2.pdb

Imports

kernel32

Module32Next
Module32First
GetModuleHandleA
CreateToolhelp32Snapshot
GetLastError
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

glib-2

g_parse_debug_string
g_strdup_printf
g_rec_mutex_lock
g_scanner_input_file
g_private_get
g_file_test
g_scanner_destroy
g_strdup
g_scanner_get_next_token
g_utf8_to_utf16
g_scanner_new
g_strconcat
g_free
g_ascii_strcasecmp
g_rec_mutex_unlock
g_scanner_eof
g_strdup_vprintf
g_return_if_fail_warning
g_open
g_private_replace
g_malloc_n
g_path_get_dirname
g_scanner_scope_add_symbol
g_getenv
g_win32_error_message
g_filename_display_name

vcruntime140

memset
__C_specific_handler
strrchr
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_configure_narrow_argv
_execute_onexit_table
_seh_filter_dll
_cexit
_initialize_narrow_environment
_initterm_e
_errno
_initterm

api-ms-win-crt-stdio-l1-1-0

_close

Exports

Exports

g_module_build_path
g_module_close
g_module_error
g_module_make_resident
g_module_name
g_module_name_utf8
g_module_open
g_module_open_utf8
g_module_supported
g_module_symbol

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-PC_Setup_File_9944_P@ssWord-/Installer_File.exe
.exe windows:6 windows x64 arch:x64

7c2fe60df21c5bf7048fa4a414b9ecb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
AddVectoredContinueHandler
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateMutexA
CreateSemaphoreA
CreateThread
CreateWaitableTimerA
CreateWaitableTimerExW
DeleteAtom
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
FormatMessageA
FreeEnvironmentStringsW
GetAtomNameA
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetHandleInformation
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RaiseFailFastException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetLastError
SetProcessAffinityMask
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_fmode
_initterm
_lock
_memccpy
_onexit
_setjmp
_strdup
_ultoa
_unlock
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
longjmp
malloc
memcpy
memmove
memset
printf
realloc
signal
strerror
strlen
strncmp
vfprintf
wcslen

Exports

Exports

_cgo_dummy_export

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 433KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 591KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc33390e11f40d35aacb3b7595b60d08

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

7b:b1:01:21:ff:0d:6b:21:e2:db:68:ef:fb:a5:ce:d5:6d:be:ae:a5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

kernel32

advapi32

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

5f9b23bd4b0029001f687a1ad625be31

Code Sign

33:00:00:00:e5:ce:9e:eb:de:4d:48:35:f4:00:00:00:00:00:e5Certificate

Extended Key Usages

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14Certificate

Key Usages

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3cCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

10:d8:43:bb:3e:75:2a:7b:6d:1d:37:3a:f2:fe:d2:96:d9:d5:dc:40:ae:92:bf:2b:cb:2e:29:ab:8f:e0:81:0eSigner

10:d8:43:bb:3e:75:2a:7b:6d:1d:37:3a:f2:fe:d2:96:d9:d5:dc:40:ae:92:bf:2b:cb:2e:29:ab:8f:e0:81:0eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 183KB - Virtual size: 182KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 14KB - Virtual size: 16KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 3KB - Virtual size: 2KB

85c6f89b0e0d0bc119d87198c85449b4

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:b1:01:21:ff:0d:6b:21:e2:db:68:ef:fb:a5:ce:d5:6d:be:ae:a5
Signer

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB

33:00:00:00:e5:ce:9e:eb:de:4d:48:35:f4:00:00:00:00:00:e5
Certificate

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

10:d8:43:bb:3e:75:2a:7b:6d:1d:37:3a:f2:fe:d2:96:d9:d5:dc:40:ae:92:bf:2b:cb:2e:29:ab:8f:e0:81:0e
Signer

10:d8:43:bb:3e:75:2a:7b:6d:1d:37:3a:f2:fe:d2:96:d9:d5:dc:40:ae:92:bf:2b:cb:2e:29:ab:8f:e0:81:0e
Signer

.text
Size: 183KB - Virtual size: 182KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 14KB - Virtual size: 16KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 3KB - Virtual size: 2KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

aa:2b:28:cb:14:80:c0:bb:61:5c:bd:aa:9e:ef:ca:3f:bd:44:31:2a:af:b3:d4:62:f1:e2:62:77:a7:1d:eb:78
Signer

.text
Size: 258KB - Virtual size: 258KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 4KB - Virtual size: 305KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 11KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

e4:b9:60:f3:57:7c:48:a3:32:50:2b:c0:56:7e:13:19:ee:4a:6c:a3:44:2b:b1:32:24:bd:e6:1a:7b:11:5c:f7
Signer

.text
Size: 323KB - Virtual size: 322KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 5KB - Virtual size: 1.2MB

.pdata
Size: 17KB - Virtual size: 17KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB