7134f183e714676906e832d0490e92ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7134f183e714676906e832d0490e92ca_JaffaCakes118
Size

7.4MB
MD5

7134f183e714676906e832d0490e92ca
SHA1

1e0b13b074ce431171ec853c6f8eeb0d4ddcf656
SHA256

fa58d64d372569edc99d80484e9819e184fad39cb3d9a57c0a9a0c2e6096f5a2
SHA512

cba85303b97fddb7c63a9057fe706ef312afa028c6b862a8153e83fd047841f2cf849ffc81f909488d75d18aaa331b28667ec92e220d172c0e491abe58a1cdb0
SSDEEP

196608:vEotz8tdaxrmrUCW1C163hSGPKcWjcweuqKOl:vhxrmcC+8GCcTeIl

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsRandom.dll	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/NSISArray.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsRandom.dll
unpack002/out.upx
unpack001/Dance/ChatHall.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

7134f183e714676906e832d0490e92ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b0:92:0e:bc:db:bf:ef:69:0f:39:28:fb:60:58:83:f4
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

25/01/2011, 00:00

Not After

24/01/2013, 23:59

Subject

CN=北京八度互联科技有限公司,OU=WoSign Class 3 Code Signing,O=北京八度互联科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:12:cc:68:37:9a:71:2d:9d:0d:59:50:ce:51:4d:e7:b0:bc:ba:54
Signer

Actual PE Digest

7b:12:cc:68:37:9a:71:2d:9d:0d:59:50:ce:51:4d:e7:b0:bc:ba:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DefCamSetup-English.ini
$PLUGINSDIR/DefCamSetup-Simpchinese.ini
$PLUGINSDIR/DefCamSetup-Tradchinese.ini
$PLUGINSDIR/DefCamSetup.dll
.dll windows:4 windows x86 arch:x86

0843fc35a546e4ff989f2c0b0f345e69

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

2c:d1:34:0c:85:dc:25:53:6c:c8:40:10:d4:da:f9:1d:2b:e2:43:d8
Signer

Actual PE Digest

2c:d1:34:0c:85:dc:25:53:6c:c8:40:10:d4:da:f9:1d:2b:e2:43:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
FreeResource
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
lstrlenA
DeviceIoControl
GetFileAttributesA
GetProcAddress
LoadLibraryA
GetVersionExA
SetFileAttributesA
CreateDirectoryA
GetDriveTypeA
GetModuleFileNameA
GetModuleHandleA
ReadFile
WritePrivateProfileStringA
FindFirstFileA
FindNextFileA
FindClose
CloseHandle
FreeLibrary
CompareStringW
CompareStringA
FlushFileBuffers
GetTimeZoneInformation
GetSystemInfo
GetCurrentThreadId
GetLastError
RtlUnwind
ExitProcess
RaiseException
GetCommandLineA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapFree
HeapAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InterlockedExchange
VirtualQuery
IsBadReadPtr
IsBadCodePtr
SetFilePointer
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
GetLocaleInfoA
HeapSize
SetStdHandle
VirtualProtect
SetEnvironmentVariableA

advapi32

RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFolderPathA

netapi32

Netbios

Exports

Exports

InitCameraSetup
SetMSNDefaultCamera
SetQQDefaultCamera
SetSinaShowDefaultCamera
SetSinaUCDefaultCamera

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GGExit.exe
.exe windows:4 windows x86 arch:x86

eedec5ce5c99c872622f21ddf098d820

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

d3:13:10:91:50:54:32:70:c7:f3:9f:f8:08:da:bb:b9:53:0d:f0:b2
Signer

Actual PE Digest

d3:13:10:91:50:54:32:70:c7:f3:9f:f8:08:da:bb:b9:53:0d:f0:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
OpenProcess
TerminateProcess
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
ExitProcess
GetModuleHandleA
GetStartupInfoW
GetVersionExA
HeapAlloc
HeapFree
TlsAlloc
SetLastError
GetCurrentThreadId
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
SetUnhandledExceptionFilter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapReAlloc
GetCurrentProcess
HeapSize
WriteFile
GetStdHandle
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
InterlockedExchange
VirtualQuery
LoadLibraryA
GetStringTypeA
WideCharToMultiByte
GetStringTypeW
GetLocaleInfoA

user32

GetWindowTextW
FindWindowW
IsWindow
GetWindowThreadProcessId
PostMessageW
EnumWindows

psapi

GetProcessImageFileNameW

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetTickCount
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

LoadCursorA
PtInRect
MapWindowPoints
GetDlgCtrlID
CloseClipboard
SetCursor
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
SetTimer
KillTimer
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClipboardData

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISArray.dll
.dll windows:4 windows x86 arch:x86

91596216b99c852af6e0fb1fe8192de4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
lstrcmpiA
lstrcmpA
lstrcatA
GlobalAlloc

user32

MessageBoxA
SendMessageA
wsprintfA
GetDlgItem
FindWindowExA
DialogBoxParamA
EnableWindow
SetWindowTextA
EndDialog
RedrawWindow
CharLowerA

Exports

Exports

ArrayCount
ArrayExists
Clear
Concat
Copy
Cut
Debug
Delete
ErrorStyle
Exists
ExistsI
FreeUnusedMem
Join
New
Pop
Push
Put
ReDim
Read
ReadToStack
Reverse
Search
SearchI
SetAutoReDim
SetSize
Shift
SizeOf
Sort
Splice
Subtract
Swap
Unload
Unshift
Write
WriteList
WriteListC

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
FindClose
FindNextFileA
MulDiv
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpiA
FindFirstFileA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsRandom.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetRandom

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Dance/5BO_BSHOW.ico
Dance/AudioCapture.dll
.dll windows:4 windows x86 arch:x86

762b13b876a54f52c249939b179810a4

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:e8:d0:95:28:df:dd:cc:77:63:c3:a3:92:2c:2d:1c:df:db:f8:16
Signer

Actual PE Digest

bb:e8:d0:95:28:df:dd:cc:77:63:c3:a3:92:2c:2d:1c:df:db:f8:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
GetLastError
SetEvent
ResetEvent
WaitForSingleObject
TerminateThread
CloseHandle
SetThreadPriority
CreateThread
CreateEventA
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter

winmm

waveOutWrite
waveOutGetNumDevs
waveOutOpen
waveOutUnprepareHeader
waveOutReset
waveInGetNumDevs
waveOutPrepareHeader
waveInReset
waveInStop
waveInClose
waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInOpen
waveOutClose

msvcr71

__CppXcptFilter
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_except_handler3
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
_purecall

Exports

Exports

CreateAudioCapture
DestroyAudioCapture
SetMainPath

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/AudioCodec1.dll
.dll windows:4 windows x86 arch:x86

f8410c3dce8c223672198bb8cd34c429

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:fd:48:7d:01:bf:d6:d4:38:16:c6:24:56:1a:f7:76:82:14:58:b2
Signer

Actual PE Digest

b4:fd:48:7d:01:bf:d6:d4:38:16:c6:24:56:1a:f7:76:82:14:58:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
FlushFileBuffers
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
CloseHandle
SetStdHandle
VirtualProtect
GetSystemInfo

Exports

Exports

Decode
DecoderClose
DecoderCreate
DecoderInit
Encode
EncoderClose
EncoderCreate
EncoderInit

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/AudioCodec2.dll
.dll windows:4 windows x86 arch:x86

f6b9b7f76f67521152057b9e22b48c89

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:3c:91:c6:83:f4:27:7f:b8:4d:83:77:de:a4:49:9a:95:47:ac:71
Signer

Actual PE Digest

b2:3c:91:c6:83:f4:27:7f:b8:4d:83:77:de:a4:49:9a:95:47:ac:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SVNGuaGua\RtpStack\lame mp3\Lamedll\Release\lameDLL.pdb

Imports

msvcr71

rand
srand
time
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
_adj_fdiv_r
cos
_adj_fdiv_m64
log10
_adj_fdivr_m64
free
calloc
fclose
pow
_adj_fdiv_m32
malloc
exp
atan
sin
fabs
floor
fflush
vfprintf
_iob
log
sqrt
sprintf
abort
fscanf
_initterm
_adjust_fdiv
__CppXcptFilter
_except_handler3
__dllonexit
_onexit

Exports

Exports

Decode
DecoderClose
DecoderInit
Encode
EncoderClose
EncoderInit

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/AudioCodec3.dll
.dll windows:4 windows x86 arch:x86

73b8553e8adb7e658ef50d0961c5b298

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:71:b9:64:bd:20:60:f6:fb:84:c5:70:3b:52:7f:bb:18:c5:ec:8c
Signer

Actual PE Digest

0d:71:b9:64:bd:20:60:f6:fb:84:c5:70:3b:52:7f:bb:18:c5:ec:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
InterlockedExchange
VirtualQuery
VirtualAlloc
HeapReAlloc
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
VirtualProtect
GetSystemInfo
RaiseException

Sections

.text
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/AudioDecodec3.dll
.dll windows:4 windows x86 arch:x86

fb0d04ce49d8c7c6a22f3824469aaf95

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:ea:8c:a6:6e:8f:0b:16:03:6c:2a:01:b9:4a:70:65:99:9b:00:c8
Signer

Actual PE Digest

7c:ea:8c:a6:6e:8f:0b:16:03:6c:2a:01:b9:4a:70:65:99:9b:00:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
MultiByteToWideChar
LCMapStringW
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
RaiseException

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/ChatHall.exe
.exe windows:4 windows x86 arch:x86

b906cbfa4ab59f937c7e4f8e9febaff7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71u

ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord2856
ord4480
ord4256
ord1785
ord4119
ord1386
ord6063
ord3922
ord4123
ord2366
ord2651
ord1894
ord4112
ord4314
ord1176
ord2362
ord5864
ord3985
ord3756
ord2121
ord745
ord557
ord1156
ord5914
ord655
ord1434
ord4098
ord5966
ord5105
ord421
ord2365
ord1058
ord709
ord501
ord6161
ord1946
ord6140
ord5398
ord2461
ord896
ord900
ord3435
ord4347
ord4019
ord5609
ord894
ord3928
ord2444
ord1472
ord2893
ord4109
ord6232
ord5829
ord2155
ord563
ord753
ord1006
ord1939
ord1782
ord1867
ord1883
ord1871
ord629
ord1430
ord6284
ord5083
ord384
ord2159
ord1476
ord1873
ord1864
ord3875
ord2261
ord860
ord4121
ord2918
ord651
ord416
ord5862
ord3873
ord2876
ord2364
ord3869
ord1555
ord5869
ord6061
ord2860
ord2083
ord1632
ord1562
ord5911
ord1393
ord4232
ord6271
ord5210
ord5196
ord2952
ord3224
ord572
ord658
ord1921
ord1959
ord5851
ord589
ord330
ord3635
ord354
ord605
ord6279
ord4574
ord723
ord531
ord1000
ord5455
ord5441
ord3198
ord1920
ord5727
ord2255
ord4117
ord2870
ord3395
ord3793
ord3995
ord5637
ord502
ord1645
ord1589
ord2872
ord3877
ord3678
ord3424
ord1922
ord1474
ord1538
ord4228
ord591
ord4092
ord3983
ord2066
ord3674
ord3581
ord754
ord3990
ord1641
ord1585
ord4237
ord2086
ord1582
ord4234
ord3666
ord3561
ord5984
ord6087
ord4585
ord4659
ord3345
ord1416
ord4929
ord2254
ord3734
ord4438
ord4437
ord4784
ord4198
ord4775
ord4974
ord5199
ord4770
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4857
ord4854
ord3968
ord3338
ord1351
ord5170
ord4267
ord732
ord544
ord503
ord5972
ord758
ord567
ord3590
ord1719
ord760
ord5710
ord5633
ord3174
ord530
ord722
ord2225
ord1192
ord1115
ord1960
ord6002
ord5712
ord5711
ord5442
ord899
ord4126
ord1999
ord1293
ord4125
ord4668
ord4955
ord4501
ord4940
ord4643
ord4958
ord5047
ord4799
ord4704
ord4790
ord4371
ord4370
ord4788
ord4942
ord4510
ord4965
ord4474
ord4523
ord4964
ord4840
ord4495
ord4362
ord4433
ord5043
ord4553
ord4914
ord4513
ord4383
ord4165
ord4172
ord4581
ord5910
ord1610
ord5202
ord1553
ord2711
ord4358
ord4667
ord2413
ord2414
ord2415
ord2412
ord2411
ord3644
ord3471
ord4957
ord4281
ord410
ord648
ord4337
ord5147
ord4514
ord4194
ord2797
ord4879
ord4094
ord2085
ord3238
ord1274
ord4656
ord2229
ord5272
ord3596
ord1182
ord1178
ord2132
ord4292
ord2809
ord777
ord5558
ord4027
ord5162
ord781
ord4103
ord5399
ord2463
ord907
ord304
ord4179
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord1542
ord1661
ord1662
ord4884
ord4729
ord4206
ord5178
ord5630
ord347
ord1270
ord602
ord5715
ord5917
ord5397
ord5410
ord5584
ord5519
ord5643
ord5638
ord4041
ord4042
ord1154
ord783
ord1202
ord642
ord4230
ord1549
ord1628
ord2081
ord3467
ord2871
ord731
ord1578
ord3560
ord326
ord317
ord1425
ord584
ord6299
ord3043
ord5485
ord2250
ord1172
ord2297
ord5337
ord1027
ord3508
ord3400
ord657
ord4231
ord1561
ord4093
ord1475
ord1924
ord6262
ord1388
ord3482
ord2489
ord5742
ord2867
ord3396
ord2788
ord3483
ord3645
ord748
ord3577
ord3670
ord4882
ord6116
ord6282
ord5316
ord5723
ord6033
ord5884
ord6053
ord4155
ord6050
ord5604
ord6056
ord5607
ord2521
ord1271
ord3296
ord3155
ord1925
ord3204
ord4535
ord2361
ord3433
ord2460
ord3824
ord1049
ord1096
ord774
ord287
ord1220
ord773
ord2011
ord1118
ord2239
ord5209
ord310
ord2313
ord2896
ord784
ord4079
ord578
ord6086
ord776
ord1155
ord2311
ord5524
ord1906
ord566
ord293
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord6293
ord5327
ord1571
ord3249
ord2340
ord2932
ord3497
ord5981
ord620
ord3157
ord3448
ord4755
ord741
ord3570
ord6044
ord1588
ord2252
ord6251
ord587
ord4226
ord1536
ord2077
ord3417
ord1087
ord5648
ord2368
ord2622
ord2713
ord3752
ord5226

msvcr71

_itoa
tolower
isprint
toupper
memmove
atoi
_wtol
_wcsicmp
wcsncpy
_purecall
srand
time
fclose
fwrite
_wfopen
fread
ftell
fseek
fopen
_localtime64
sprintf
_time64
rand
_waccess
wcsrchr
wcscpy
wcscat
_wtoi64
swscanf
wcsncmp
wcsstr
swprintf
wcslen
__CxxFrameHandler
fprintf
_wtoi
wcschr
_snprintf
strchr
strstr
isspace
isalnum
_endthreadex
localtime
printf
vsprintf
fputwc
strncmp
_mbclen
memset
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
_itow
wcscmp
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_except_handler3
_beginthreadex
malloc
free
strncpy
_wcsnicmp
_ftime

kernel32

MulDiv
DeleteFileW
GetStartupInfoW
GetTempPathW
GlobalFree
GetTickCount
ResumeThread
FindResourceW
LoadResource
lstrlenW
SizeofResource
CreateEventW
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObject
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetFileAttributesW
MultiByteToWideChar
CreateProcessW
CreateDirectoryW
GetPrivateProfileIntW
Sleep
GetPrivateProfileStringW
GetLastError
GetCurrentProcessId
UnmapViewOfFile
CreateFileMappingW
OpenProcess
OpenFileMappingW
MapViewOfFile
CloseHandle
WideCharToMultiByte
GetProcAddress
GetModuleFileNameW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetWindowsDirectoryW
lstrcpyW
WinExec
lstrcatW
GlobalReAlloc
GlobalSize
DeviceIoControl
CreateFileW
GetVersion
ReadFile
GetDriveTypeW
SetFileAttributesW
WriteFile
CreateEventA
LocalFree
WritePrivateProfileStringW
lstrlenA
GetModuleHandleA
ExitProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
LockResource
LoadLibraryW

user32

GetUpdateRect
GetMenu
GetMenuItemID
GetMenuItemCount
GetMenuItemInfoW
ScreenToClient
IsRectEmpty
InflateRect
GetWindowLongW
SetWindowLongW
SetRect
GetAsyncKeyState
LoadImageW
SetCursor
LoadBitmapW
CopyImage
FindWindowW
GetClassNameW
GetActiveWindow
SystemParametersInfoW
GetCapture
GetMessageW
GetCursorPos
IsWindow
MoveWindow
SetLayeredWindowAttributes
KillTimer
SetTimer
GetWindowRect
PtInRect
PostMessageW
GetParent
CreatePopupMenu
EnumChildWindows
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CopyRect
GetDC
ReleaseDC
PeekMessageW
TranslateMessage
DispatchMessageW
EnumWindows
RegisterHotKey
UnregisterHotKey
GetClassInfoW
IsWindowVisible
InvalidateRect
GetWindowTextW
GetWindowThreadProcessId
MessageBoxW
SendMessageW
SwitchToThisWindow
SetWindowPos
DestroyIcon
GetSystemMetrics
LoadIconW
GetForegroundWindow
SetForegroundWindow
GetFocus
IsWindowEnabled
DestroyCursor
GetMessagePos
MessageBeep
GetWindowDC
ClientToScreen
RedrawWindow
SetActiveWindow
GetClientRect
BringWindowToTop
IsIconic
GetSubMenu
EnableMenuItem
DrawIcon
GetDlgCtrlID
UpdateWindow
EnableWindow
ShowWindow
AppendMenuW
DefWindowProcW
OffsetRect
TrackMouseEvent
ReleaseCapture
GetSysColorBrush
FillRect
SetCapture
CallWindowProcW
GetKeyState
DrawFocusRect
LoadCursorW
GetSysColor
SetWindowRgn
FindWindowExW
BeginPaint
EndPaint
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
CreateMenu
ModifyMenuW
InsertMenuW
LoadMenuW
GetMenuState
RegisterClassW
GetClassInfoExW
CreateWindowExW
SetPropW
GetScrollInfo
SetParent
RemovePropW
DestroyWindow
IntersectRect
GetPropW
GetWindowInfo
GetNextDlgGroupItem
FrameRect

gdi32

GetTextExtentPoint32W
DeleteDC
CreateFontW
ExtTextOutW
SetBkMode
GetViewportOrgEx
SetBkColor
RectVisible
PtVisible
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgnIndirect
CreatePen
SelectObject
SetTextColor
GetTextMetricsW
GetObjectW
CreateFontIndirectW
GetDeviceCaps
BitBlt
TextOutW
Escape
DPtoLP
GetTextExtentPointW
CreatePatternBrush
OffsetRgn
CreateRectRgn
CreateDIBSection
ExtCreateRegion
CombineRgn
CreateDCW
GdiFlush
ExcludeClipRect
CreateSolidBrush
GetStockObject
DeleteObject

msimg32

TransparentBlt

advapi32

RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW
SHFileOperationW

comctl32

_TrackMouseEvent
ImageList_DrawEx
ImageList_GetImageCount
ImageList_Draw
ImageList_AddMasked
ord17
ImageList_GetImageInfo

shlwapi

PathFileExistsW
PathIsDirectoryW

ole32

CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
VariantInit
OleLoadPicture

gdiplus

GdipCloneBrush
GdipDrawString
GdipFillRectangleI
GdipSetStringFormatTrimming
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipDrawImageRectRectI
GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCloneImage
GdipAlloc
GdipDrawImageRectI
GdipCreateFromHDC
GdipFree
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipDrawImageI
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipCreateBitmapFromResource
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetImageAttributesColorKeys
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipMeasureString
GdipCreateBitmapFromHBITMAP
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipDrawRectangleI
GdipSetClipRectI
GdipLoadImageFromStreamICM

msvcp71

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??7ios_base@std@@QBE_NXZ
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

psapi

GetProcessImageFileNameW

wininet

InternetGetCookieExW
InternetSetOptionW

ws2_32

htons
gethostbyname
socket
connect
send
ntohs
closesocket
inet_addr
shutdown
WSAStartup
WSACleanup
inet_ntoa
htonl
ntohl
recv

netapi32

Netbios

Sections

.text
Size: 680KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v-lizer
Size: 969KB - Virtual size: 969KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Dance/ChatHall.ini
Dance/ChatRoom/ChatRoomClient.dll
.dll windows:4 windows x86 arch:x86

782413a3e05168360f8dc444a2dd3d26

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

50:bd:75:9b:31:20:4f:69:2e:ca:77:e3:c6:56:81:29:2d:2b:5d:93
Signer

Actual PE Digest

50:bd:75:9b:31:20:4f:69:2e:ca:77:e3:c6:56:81:29:2d:2b:5d:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
GetProcAddress
Sleep
WritePrivateProfileStringW
GetFileAttributesW
GetLocalTime
GetPrivateProfileStringW
CreateDirectoryW
GetPrivateProfileIntW
WideCharToMultiByte
GetModuleFileNameW
GetLastError
GetModuleHandleW
CloseHandle
CreateEventW
WaitForSingleObject
SetEvent
ResetEvent
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
DeviceIoControl
CreateFileW
GetVersionExW
GetVersion
ReadFile
GetDriveTypeW
SetFileAttributesW
WriteFile
InitializeCriticalSection
ExitProcess

user32

PostMessageW

shell32

SHGetSpecialFolderPathW

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??7ios_base@std@@QBE_NXZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Nomemory@std@@YAXXZ

msvcr71

time
memmove
strncmp
wcsncmp
??1exception@@UAE@XZ
??0exception@@QAE@XZ
wcsncpy
fclose
fputwc
_wfopen
_waccess
wcscmp
wcscat
wcsrchr
_endthreadex
_beginthreadex
sprintf
localtime
fprintf
fopen
printf
vsprintf
strstr
_mbclen
malloc
_callnewh
__security_error_handler
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
free
_initterm
_adjust_fdiv
__CppXcptFilter
isspace
isprint
_ftime
??3@YAXPAX@Z
wcscpy
_wcsicmp
wcslen
__CxxFrameHandler
swprintf
strncpy
??0exception@@QAE@ABV0@@Z
srand
rand
??_V@YAXPAX@Z
_CxxThrowException
tolower

ws2_32

recv
connect
htons
socket
WSAGetLastError
closesocket
send
shutdown
WSAStartup
WSACleanup

netapi32

Netbios

advapi32

RegCloseKey
RegOpenKeyW
RegSetValueExW
RegCreateKeyW
RegQueryValueExW

ole32

CoCreateGuid

Exports

Exports

CreateVideoChat
ReleaseVideoChat
SetMainPath

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/ChatRoom/ChatRoomUI.dll
.dll windows:4 windows x86 arch:x86

a33ac7a2aa85a20347d6b9cd3ac85abd

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

94:f5:a0:f2:4b:48:14:4d:39:36:dc:15:c4:fe:c2:d2:c5:2b:79:f5
Signer

Actual PE Digest

94:f5:a0:f2:4b:48:14:4d:39:36:dc:15:c4:fe:c2:d2:c5:2b:79:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipDrawRectangleI
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipMeasureString
GdipDrawString
GdipDrawRectangle
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipCreateRegionPath
GdipFillRegion
GdipDrawPath
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipAddPathStringI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateTexture
GdipCreateBitmapFromResource
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteRegion
GdipDeletePath
GdipCreatePath
GdipGetFontCollectionFamilyCount
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipCloneBrush
GdipDrawImageRectI
GdipDrawImageI
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDeleteBrush
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipNewInstalledFontCollection
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipGetFamilyName
GdipSetLinePresetBlend
GdipCreateLineBrushI
GdipSetImageAttributesColorKeys
GdipSetStringFormatFlags
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipCreateBitmapFromHBITMAP
GdipSetPenMode
GdipSetClipRectI
GdipDeleteStringFormat
GdipSaveImageToStream
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCloneImage
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusShutdown

mfc71u

ord1271
ord1058
ord2239
ord1118
ord1555
ord1906
ord5524
ord1049
ord3824
ord416
ord651
ord5178
ord4206
ord4729
ord4884
ord2011
ord1662
ord1661
ord1542
ord5908
ord1611
ord1608
ord3940
ord1392
ord4238
ord5148
ord1899
ord5067
ord4179
ord5199
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord2856
ord4480
ord4256
ord1785
ord4119
ord1894
ord6086
ord6063
ord589
ord330
ord1959
ord2155
ord3873
ord2877
ord5869
ord3869
ord3678
ord774
ord6061
ord3198
ord1270
ord2077
ord1536
ord5911
ord1393
ord4226
ord6271
ord5210
ord5196
ord2985
ord3158
ord572
ord587
ord753
ord4109
ord5829
ord602
ord347
ord5727
ord6251
ord1006
ord326
ord3995
ord4117
ord5637
ord502
ord2066
ord563
ord3756
ord2361
ord4026
ord3590
ord2121
ord760
ord709
ord5638
ord6031
ord501
ord4347
ord2460
ord5987
ord1636
ord1577
ord3298
ord730
ord3990
ord5558
ord2362
ord4094
ord2085
ord3238
ord1946
ord1274
ord605
ord6140
ord1380
ord2857
ord1182
ord6064
ord5989
ord2486
ord2013
ord391
ord2611
ord3355
ord1220
ord2461
ord3644
ord3596
ord3471
ord1178
ord4126
ord1999
ord1293
ord4125
ord4668
ord4955
ord4501
ord4940
ord4643
ord4958
ord5047
ord4799
ord4704
ord4790
ord4957
ord4371
ord4370
ord4281
ord4942
ord4510
ord4965
ord4474
ord4523
ord4964
ord4840
ord4495
ord4362
ord4433
ord5043
ord4553
ord4914
ord3734
ord4438
ord4437
ord4784
ord4198
ord4775
ord4383
ord4974
ord3155
ord4172
ord4581
ord4770
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4857
ord4854
ord3968
ord5910
ord1610
ord3338
ord1351
ord1553
ord2711
ord4267
ord648
ord2132
ord410
ord4292
ord4337
ord5147
ord2809
ord777
ord6173
ord6167
ord2261
ord2282
ord4879
ord4788
ord4194
ord4667
ord5202
ord1472
ord1176
ord5711
ord2413
ord2414
ord2415
ord2412
ord2411
ord5609
ord2651
ord4656
ord4929
ord4098
ord4027
ord287
ord4078
ord745
ord557
ord4358
ord2229
ord5272
ord5398
ord1416
ord5633
ord1883
ord1871
ord6232
ord4314
ord860
ord5862
ord2860
ord2876
ord5867
ord1156
ord3789
ord2364
ord5851
ord3875
ord1641
ord1585
ord4237
ord3599
ord3635
ord3435
ord3902
ord1605
ord354
ord4112
ord4574
ord2086
ord1582
ord4234
ord2255
ord1920
ord3645
ord3483
ord2083
ord1632
ord1562
ord4232
ord658
ord2952
ord3224
ord578
ord2313
ord310
ord2926
ord1386
ord3296
ord2867
ord6277
ord4101
ord2260
ord2893
ord5485
ord3755
ord5791
ord2489
ord5742
ord1765
ord1782
ord1784
ord1960
ord1719
ord3157
ord4755
ord4074
ord629
ord1430
ord6284
ord5083
ord384
ord5319
ord4019
ord6161
ord772
ord2444
ord3922
ord620
ord1545
ord3189
ord5712
ord657
ord1772
ord3249
ord1388
ord6262
ord1924
ord1475
ord4093
ord2082
ord1561
ord4231
ord3223
ord3363
ord3351
ord5327
ord6293
ord5316
ord6282
ord3829
ord3281
ord1957
ord5636
ord2159
ord2648
ord3176
ord356
ord3570
ord741
ord4100
ord588
ord328
ord6165
ord894
ord5414
ord5705
ord2010
ord333
ord3396
ord2788
ord2224
ord2151
ord2225
ord1939
ord282
ord6111
ord1479
ord2895
ord3390
ord3927
ord776
ord1925
ord3204
ord314
ord899
ord896
ord283
ord1079
ord280
ord1921
ord4562
ord265
ord266
ord2366
ord5209
ord566
ord757
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2984
ord2527
ord2640
ord2534
ord581
ord1162
ord1087
ord1200
ord1170
ord1168
ord1192
ord1115
ord371
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5226
ord3942
ord5222
ord1093
ord1199
ord1197
ord1033
ord315
ord765
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord3752
ord2713
ord3395
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord762
ord764
ord293
ord870
ord2311
ord577
ord4228
ord591
ord4882
ord3497
ord2932
ord2340
ord1571
ord3448
ord3670
ord3577
ord748
ord3568
ord1638
ord1580
ord739
ord3508
ord1027
ord5337
ord2297
ord1172
ord2250
ord3043
ord6299
ord584
ord1425
ord317
ord3467
ord2081
ord1628
ord1549
ord4230

msvcr71

__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
__security_error_handler
memset
fwrite
wcstoul
log10
isalpha
strstr
fgets
wcstok
swscanf
_time64
_resetstkoflw
time
srand
rand
wcscmp
_localtime64
iswdigit
fabs
_wtol
wcschr
_wtoi
strncpy
_beginthreadex
wcsstr
memmove
malloc
_purecall
wcsncmp
wcsncpy
_wtoi64
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
free
_except_handler3
wcsrchr
wcscat
_wcsicmp
isalnum
isspace
wcscpy
swprintf
_itow
wcslen
_wfopen
fputwc
fclose
__CxxFrameHandler
toupper
_ftime
_strnicmp

kernel32

InitializeCriticalSection
RaiseException
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringW
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersion
WinExec
GetProcAddress
GetLastError
LoadLibraryW
Sleep
CloseHandle
EnterCriticalSection
LeaveCriticalSection
CreateEventW
WaitForSingleObject
SetEvent
FreeLibrary
GetFileAttributesW
GetTickCount
SizeofResource
LoadResource
FindResourceW
ResumeThread
LocalFree
InterlockedDecrement
lstrlenW
lstrcpyW
MulDiv
InterlockedIncrement
GlobalSize
SetProcessWorkingSetSize
GetCurrentProcess
lstrcatW
LoadLibraryExW
GetWindowsDirectoryW
GetModuleHandleW
LocalAlloc
ExitProcess
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
DeleteCriticalSection

user32

ModifyMenuW
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
InsertMenuW
LoadIconW
IsZoomed
EnumDisplaySettingsW
GetUpdateRect
SystemParametersInfoW
CopyIcon
GetSystemMetrics
GetTopWindow
ChildWindowFromPointEx
ChildWindowFromPoint
SetParent
GetScrollInfo
CheckMenuItem
GetDesktopWindow
TrackMouseEvent
DrawTextExW
IsIconic
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetFocus
SetActiveWindow
SetWindowPos
SetLayeredWindowAttributes
IsWindowVisible
ScreenToClient
PtInRect
ReleaseCapture
SetCapture
GetCapture
DrawTextW
IsWindow
GetCursorPos
RedrawWindow
EnableMenuItem
AppendMenuW
CreatePopupMenu
KillTimer
SetTimer
MessageBoxW
DefWindowProcW
CreateWindowExW
ShowWindow
RegisterClassW
DestroyWindow
IsRectEmpty
GetWindowDC
GetMenuState
FindWindowExW
BeginPaint
EndPaint
GetClassInfoExW
SetPropW
GetWindowInfo
CallWindowProcW
RemovePropW
IntersectRect
GetPropW
IsWindowEnabled
GetNextDlgGroupItem
GetClassNameW
GetSysColor
MessageBeep
SetWindowLongW
GetDlgCtrlID
GetMessagePos
EnumChildWindows
GetMenu
GetMenuItemID
GetMenuItemCount
GetMenuItemInfoW
MoveWindow
LoadBitmapW
DestroyCursor
LoadCursorW
PostMessageW
GetClientRect
GetParent
EnableWindow
LoadImageW
SendMessageW
GetSubMenu
SetCursor
GetWindowLongW
WindowFromPoint
GetActiveWindow
InvalidateRect
ClientToScreen
GetWindowRect
SetWindowRgn
FrameRect
FillRect
OffsetRect
InflateRect
CopyRect
SetRect
GetIconInfo
CreateIconIndirect
GetDC
ReleaseDC
DestroyIcon

gdi32

GetTextExtentPoint32W
StretchDIBits
SetBkMode
TextOutW
CreateFontIndirectW
GetDeviceCaps
GetBitmapBits
CreateSolidBrush
Rectangle
CreateFontW
CreatePatternBrush
CombineRgn
GetObjectW
CreateCompatibleBitmap
SetPixel
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC
GetStockObject
DeleteObject
CreatePen
SetDIBColorTable
StretchBlt
SetStretchBltMode
LineTo
ExcludeClipRect
GdiFlush
CreateDCW
CreateRectRgn
ExtCreateRegion
GetTextExtentPointW
OffsetRgn
Ellipse
GetTextMetricsW
CreateDIBSection
SetTextJustification
MoveToEx

msimg32

TransparentBlt
AlphaBlend

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW

comctl32

ImageList_GetImageInfo
_TrackMouseEvent
ImageList_Draw
ImageList_DrawEx
ord17
ImageList_GetIcon
ImageList_GetImageCount
ImageList_AddMasked

shlwapi

PathIsRelativeA
PathIsURLA
PathFileExistsA
PathFileExistsW
StrStrW

ole32

StgCreateDocfileOnILockBytes
OleRun
CoCreateInstance
OleSetContainedObject
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CreateILockBytesOnHGlobal

oleaut32

SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VariantClear
VariantCopy
VariantInit
SysAllocString
VariantTimeToSystemTime
SysFreeString
GetErrorInfo

msvcp71

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??7ios_base@std@@QBE_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

winmm

mixerGetControlDetailsW
waveInClose
mixerGetID
waveInOpen
mixerGetNumDevs
mixerGetLineControlsW
mixerGetLineInfoW
mixerOpen
mixerClose
waveOutClose
waveOutOpen
mixerSetControlDetails

ddraw

DirectDrawCreateEx

ws2_32

inet_ntoa
inet_addr

Exports

Exports

CreateRoomUI
DestroyRoomUI
SetMainPath

Sections

.text
Size: 760KB - Virtual size: 759KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/ChatRoom/Config.ini
Dance/ChatRoom/RoomRadioMgr.dll
.dll windows:4 windows x86 arch:x86

560d51bbe32d3ad6c197407108eeaa9c

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

64:bf:2d:1f:13:21:18:c5:07:ee:a3:d3:27:4b:55:85:4b:0b:c2:ff
Signer

Actual PE Digest

64:bf:2d:1f:13:21:18:c5:07:ee:a3:d3:27:4b:55:85:4b:0b:c2:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipDrawImageRectRectI
GdipGetImageGraphicsContext
GdipFree
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCreateSolidFill
GdipSetPenMode
GdipCreateFromHDC
GdipDrawRectangleI
GdipFillRectangleI
GdipSetClipRectI
GdipCloneBrush
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteFontFamily
GdipDeleteFont
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetImageAttributesColorKeys
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipDrawString
GdipMeasureString
GdipCreateFont
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipDrawImageI
GdipCreateFontFamilyFromName
GdiplusStartup
GdipDeleteGraphics
GdiplusShutdown

mfc71u

ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4255
ord764
ord3677
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4475
ord3327
ord757
ord566
ord2239
ord1118
ord280
ord1479
ord2895
ord6111
ord282
ord2926
ord1079
ord283
ord314
ord1906
ord5524
ord3824
ord762
ord2011
ord776
ord2311
ord5485
ord5178
ord4884
ord1662
ord1661
ord1542
ord5908
ord1392
ord5199
ord4256
ord4019
ord4206
ord4729
ord1785
ord899
ord630
ord3082
ord2012
ord385
ord4098
ord3755
ord2155
ord4119
ord1894
ord5829
ord3990
ord3400
ord1386
ord6086
ord2159
ord3644
ord3596
ord3471
ord1182
ord1178
ord4126
ord1999
ord1293
ord4125
ord4668
ord4955
ord4501
ord4940
ord4643
ord4958
ord5047
ord4799
ord4704
ord4790
ord4957
ord4371
ord4370
ord4281
ord4942
ord4510
ord4965
ord4474
ord4523
ord4964
ord4840
ord4495
ord4362
ord4433
ord5043
ord4553
ord4914
ord3734
ord4438
ord4437
ord4784
ord4198
ord4301
ord4383
ord4974
ord4165
ord4172
ord4581
ord4770
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4857
ord4854
ord3968
ord5910
ord1610
ord3338
ord1351
ord1553
ord5196
ord2711
ord4267
ord648
ord2132
ord410
ord4292
ord4337
ord5147
ord2809
ord5558
ord4879
ord4788
ord4194
ord4667
ord5202
ord4094
ord2085
ord3238
ord1946
ord1274
ord2413
ord2414
ord2415
ord2412
ord2411
ord5609
ord2651
ord4656
ord6061
ord4929
ord4027
ord287
ord1220
ord4358
ord2229
ord6140
ord5272
ord2829
ord731
ord1578
ord3560
ord2254
ord2066
ord502
ord5637
ord4117
ord3995
ord2362
ord310
ord4041
ord4042
ord2725
ord2531
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord578
ord1154
ord784
ord783
ord3249
ord1202
ord1156
ord760
ord5981
ord3590
ord3296
ord2388
ord2404
ord2255
ord3043
ord6282
ord5316
ord2250
ord1172
ord2297
ord384
ord5083
ord317
ord1425
ord1430
ord584
ord629
ord6293
ord5327
ord6299
ord1027
ord5337
ord3508
ord326
ord657
ord4231
ord1561
ord4093
ord1475
ord1924
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord1271
ord3157
ord1925
ord3204
ord1472
ord293
ord3756
ord3927
ord577
ord774
ord870
ord6063
ord4775
ord581
ord1162
ord1087
ord1200
ord1170
ord1168
ord1192
ord1115
ord371
ord1093
ord1199
ord1197
ord1033
ord315
ord765
ord3678
ord3448
ord3198
ord2361
ord572
ord620
ord3395
ord3983
ord2713
ord3635
ord3435
ord3752
ord4112
ord4109
ord4347
ord3155
ord1270
ord5633
ord2365
ord2622
ord2366
ord605
ord354
ord589
ord602
ord1920
ord347
ord330
ord709
ord501
ord2368
ord5648
ord4574
ord3417
ord2077
ord1536
ord4226
ord587
ord6251
ord1006
ord2252
ord1588
ord6044
ord563
ord753
ord3482
ord1388
ord6262

msvcr71

swprintf
_wcsicmp
toupper
_purecall
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcslen
wcscpy
memset
_except_handler3
free
__security_error_handler
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
malloc
_adjust_fdiv
__CppXcptFilter
__CxxFrameHandler

kernel32

GetVersionExA
GlobalSize
GlobalReAlloc
MulDiv
GlobalAlloc
GlobalLock
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
LoadLibraryW
FreeLibrary
LocalFree
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetVersionExW
GetModuleFileNameW
GlobalFree
GlobalUnlock

user32

GetWindowLongW
GetClassNameW
GetNextDlgGroupItem
IsWindowEnabled
IsWindowVisible
ReleaseCapture
DefWindowProcW
InflateRect
FillRect
SetRect
CallWindowProcW
SetWindowLongW
SetWindowRgn
IntersectRect
FrameRect
GetPropW
LoadIconW
DestroyWindow
RemovePropW
SetParent
GetScrollInfo
SetPropW
CreateWindowExW
GetClassInfoExW
RegisterClassW
LoadCursorW
GetCursorPos
KillTimer
SetTimer
GetFocus
SetCapture
IsRectEmpty
GetDC
GetWindowDC
ReleaseDC
RedrawWindow
GetWindowInfo
MoveWindow
ScreenToClient
GetParent
GetMenuItemInfoW
GetMenuItemCount
CopyRect
GetSysColor
EnableWindow
GetClientRect
IsWindow
OffsetRect
SendMessageW
CreatePopupMenu
AppendMenuW
GetWindowRect
SetCursor
GetDlgCtrlID
ClientToScreen
SetWindowPos
EnumChildWindows
SystemParametersInfoW
GetSystemMetrics
GetActiveWindow
InvalidateRect
GetUpdateRect
GetMenu
GetSubMenu
GetMenuItemID

gdi32

GetDeviceCaps
GetTextExtentPointW
CreatePatternBrush
SetBkMode
SetTextColor
GetStockObject
ExcludeClipRect
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
TextOutW
CreateFontIndirectW
CreateSolidBrush
CreateDCW
CombineRgn
ExtCreateRegion
CreateDIBSection
GetObjectW
CreateRectRgn
OffsetRgn

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

comctl32

ImageList_GetImageCount
ImageList_Draw
_TrackMouseEvent

Exports

Exports

CreateRoomRadioInterface
DestroyRoomRadioInterface

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/ChatRoom/Skin/2010beta1ChatRoom.ggs
Dance/ChatRoom/Skin/2010beta2RoomRadioMgr.ggs
Dance/ChatRoom/Skin/Alarm.png
.png
Dance/ChatRoom/Skin/DefFace.bmp
Dance/ChatRoom/Skin/PrivteMic.bmp
Dance/ChatRoom/Skin/VideoBack.bmp
Dance/ChatRoom/Skin/VideoBack2.bmp
Dance/ChatRoom/Skin/WndBack.bmp
Dance/ChatRoom/Skin/bg1.jpg
.jpg
Dance/ChatRoom/Skin/wedhead.jpg
.jpg
Dance/ChatRoom/UIToolTip.dll
.dll windows:4 windows x86 arch:x86

04897ae99bc29616991912ca68521429

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

af:d2:d7:0e:54:f3:15:e3:9a:83:16:b9:2f:0d:b1:b3:ac:c2:61:92
Signer

Actual PE Digest

af:d2:d7:0e:54:f3:15:e3:9a:83:16:b9:2f:0d:b1:b3:ac:c2:61:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Svn\guagua\Skin\UIToolTip\DebugU\UIToolTip.pdb

Imports

mfc71ud

ord1180
ord1184
ord3271
ord3291
ord3275
ord3281
ord3279
ord3277
ord3294
ord3289
ord3273
ord3296
ord3284
ord3266
ord3268
ord3286
ord3002
ord2992
ord2064
ord8668
ord5280
ord8670
ord4655
ord6730
ord1864
ord6970
ord2222
ord2221
ord2152
ord6998
ord3999
ord6179
ord2894
ord1760
ord4642
ord891
ord668
ord4648
ord685
ord1559
ord1526
ord1431
ord328
ord1358
ord2580
ord5841
ord1182
ord7600
ord7366
ord4646
ord3640
ord832
ord573
ord7012
ord5582
ord8337
ord6725
ord8424
ord4771
ord8388
ord8389
ord5785
ord3187
ord8659
ord4664
ord5510
ord4971
ord3253
ord4020
ord3550
ord7766
ord3365
ord5633
ord1416
ord1178
ord1173
ord7050
ord7052
ord8194
ord2153
ord5961
ord6455
ord4775
ord2634
ord1802
ord2994
ord5856
ord8666
ord6841
ord2508
ord6946
ord5922
ord1917
ord5499
ord2176
ord2179
ord8120
ord5088
ord893
ord2022
ord4115
ord288
ord8463
ord2029
ord8547
ord1140
ord5087
ord8545
ord3111
ord5585
ord7547
ord1142
ord1145
ord5707
ord5703
ord7727
ord8553
ord3341
ord5755
ord1089
ord7458
ord7376
ord5468
ord4068
ord3110
ord5756
ord919
ord2933
ord921
ord3401
ord7359
ord289
ord5649
ord286
ord1406
ord299
ord673
ord270
ord267
ord901
ord3080
ord5311
ord888
ord908
ord662
ord686
ord906
ord329
ord1373
ord1448
ord1577
ord1579
ord1454
ord900
ord405
ord1535
ord1436
ord8500
ord1478
ord1571
ord1544
ord1546
ord1580
ord4638
ord7685
ord1757
ord2891
ord5940
ord6174
ord5506
ord3682
ord5142
ord5152
ord5151
ord3503
ord3684
ord3511
ord3975
ord3780
ord5990
ord3972
ord3803
ord3508
ord7553
ord7011
ord7046
ord6266
ord5503
ord7036
ord7034
ord4114
ord2522
ord5313
ord7276
ord8601
ord6873
ord1341
ord5287
ord7570
ord2644
ord2689
ord6009
ord8669
ord5279
ord8667
ord5613
ord5655
ord3693

msvcr71d

wcsstr
wcscpy
_wtoi
wcstoul
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
memmove
wcscmp
_purecall
free
__CxxFrameHandler
__dllonexit
_onexit
_except_handler3
??1type_info@@UAE@XZ
_free_dbg
_initterm
_malloc_dbg
_adjust_fdiv
__CppXcptFilter
__security_error_handler
?terminate@@YAXXZ
wcsncpy
rand
_CrtDbgReport
memcpy
_CRT_RTC_INIT
_gmtime64
wcslen
memcmp
realloc
_localtime64
_mktime64
_time64
_snwprintf
_vsnwprintf
_vsnprintf
_snprintf
memset

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
GetModuleFileNameA
GetProcessHeap
HeapAlloc
HeapFree
ExitProcess
GetCurrentProcessId
DebugBreak
RaiseException
DeleteCriticalSection
LocalAlloc
LocalFree
lstrcmpiW
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
GetVersionExA
GetWindowsDirectoryW
LoadLibraryW
MulDiv
lstrcpyW
WideCharToMultiByte
lstrcatW
lstrlenW
WinExec
LoadLibraryExW
FreeLibrary
CreateFileW
WriteFile
CloseHandle
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
GetVersionExW
SetEvent
OpenEventA
lstrlenA
lstrcpyA
OutputDebugStringA
OutputDebugStringW
lstrcpynW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
UnmapViewOfFile
IsBadReadPtr
GetSystemInfo
MapViewOfFile
GetLastError
CreateFileMappingA
GetCurrentThread
GetVersion
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetSystemTimeAsFileTime
LoadLibraryA
GetACP

user32

ReleaseDC
GetIconInfo
DestroyCursor
LoadImageW
LoadStringW
SystemParametersInfoW
SetCursor
SendMessageW
GetDC
LoadCursorW
GetWindowRect
GetWindowPlacement
CreateIconIndirect
FillRect
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
DefWindowProcW
GetClassInfoW
DestroyIcon
CopyIcon
GetSystemMetrics
IsWindow
GetCursorPos
ScreenToClient
IsWindowEnabled
ChildWindowFromPoint
GetParent
WindowFromPoint
ClientToScreen
GetClassNameW
GetWindowLongW
GetWindowTextW
GetMenuState
GetMenuItemID
GetMenuItemRect
GetMenuItemCount
EnumWindows
EnumChildWindows
CopyRect
IsRectEmpty
PtInRect
SetRect
SetRectEmpty
EqualRect
InflateRect
UnionRect
SubtractRect
UnregisterClassA
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
PeekMessageA
MsgWaitForMultipleObjects
FindWindowW
UnregisterClassW
GetSysColor

gdi32

CreateDIBSection
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
TextOutW
GetTextExtentPoint32W
SetTextJustification
GetDeviceCaps
LineTo
GetClipBox
GetObjectW
SelectClipRgn
FillRgn
OffsetRgn
CombineRgn
CreateRectRgn
CreatePolygonRgn
CreateRoundRectRgn
GetPixel
MoveToEx
CreatePen
GetTextMetricsW
SetBkColor
StretchBlt
CreateBitmap
CreateSolidBrush
CreateCompatibleBitmap
FrameRgn
SetTextColor
SetBkMode
GetDCOrgEx
CreateFontIndirectW

advapi32

OpenThreadToken
RevertToSelf
RegOpenKeyExW
RegQueryValueW
RegCloseKey
SetThreadToken

shell32

Shell_NotifyIconW
ShellExecuteW

comctl32

ImageList_AddMasked
ord17
ImageList_GetImageCount
ImageList_GetIcon
ImageList_Create

oleaut32

SysFreeString

msvcp71d

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

ole32

CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoRevokeClassObject
CoRegisterClassObject
CoReleaseMarshalData

Exports

Exports

CreateToolTipModule
ReleaseToolTipModule

Sections

.textbss
Size: - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/ChatRoom/VcrMediaLib.dll
.dll windows:4 windows x86 arch:x86

408879edc14569be9924251c0fc7dfd9

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

65:98:67:db:ca:ba:43:e1:fd:0c:5d:70:e6:89:ed:77:de:a6:61:42
Signer

Actual PE Digest

65:98:67:db:ca:ba:43:e1:fd:0c:5d:70:e6:89:ed:77:de:a6:61:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
CloseHandle
OpenMutexW
Sleep
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
CreateEventW
WaitForSingleObject
SetEvent
ResetEvent
GetModuleFileNameW
SetThreadPriority
GetTickCount
OpenEventW
OpenFileMappingW
MapViewOfFile
OpenProcess
ReleaseMutex
UnmapViewOfFile
WaitForMultipleObjects
InterlockedCompareExchange
GetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
ReadFile
SetEndOfFile
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
CreateFileA
FlushFileBuffers
ExitProcess
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetModuleFileNameA
HeapFree
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
HeapAlloc
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTimeZoneInformation
HeapReAlloc
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
SetFilePointer
LoadLibraryA
InterlockedExchange
VirtualQuery
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
SetStdHandle

ole32

CoUninitialize
CoInitialize

winmm

timeGetTime
waveInGetNumDevs

ws2_32

WSAIoctl
bind
getsockname
gethostname
socket
ntohs
inet_ntoa
htons
inet_addr
closesocket
setsockopt
shutdown
sendto
recvfrom
WSACleanup
WSAStartup
gethostbyname

shell32

ShellExecuteW

Exports

Exports

CreateMediaLib
ReleaseMediaLib
SetMainPath

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/ChatRoom/VolumeCtrl.dll
.dll windows:5 windows x86 arch:x86

9f214f5ff27e25a36acb6f280f58f6be

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

6f:21:cb:2a:6a:1d:2a:7a:4a:2b:48:ec:47:5d:80:3f:8e:79:72:27
Signer

Actual PE Digest

6f:21:cb:2a:6a:1d:2a:7a:4a:2b:48:ec:47:5d:80:3f:8e:79:72:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DebugBreak
FatalExit
OutputDebugStringW
MultiByteToWideChar
CompareStringW
CompareStringA
ReadFile
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
RtlUnwind
GetTimeZoneInformation
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCurrentThreadId
GetCommandLineA
GetLastError
HeapFree
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetModuleHandleA
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
Sleep
HeapSize
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
CreateFileA
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

user32

MessageBoxW
PostMessageW

ole32

CoCreateGuid
CoInitialize
PropVariantClear
CoTaskMemFree
CoUninitialize
CoCreateInstance

Exports

Exports

CreateVolumeForVista
ReleaseVolumeForVista

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/ChatRoom/VolumeCtrlForVista.dll
.dll windows:5 windows x86 arch:x86

c7af61f9a000f0b992891a89efd630f8

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4e:e0:d7:8b:40:c7:23:f5:ab:a5:4d:78:ba:45:52:f4:66:49:b9
Signer

Actual PE Digest

0c:4e:e0:d7:8b:40:c7:23:f5:ab:a5:4d:78:ba:45:52:f4:66:49:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\badu\Desktop\guagua\ChatRoom\ClassicChatRoomUI\MixCtrlForWin7\VolumeCtrl\Release\VolumeCtrlForVista.pdb

Imports

kernel32

GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
Sleep
ExitProcess
RaiseException
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
CreateFileA
SetStdHandle
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
lstrlenA
GlobalFindAtomW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
GlobalFlags
GetModuleHandleA
WritePrivateProfileStringW
CloseHandle
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetLastError
SetLastError
GlobalFree
GlobalUnlock
FormatMessageW
LocalFree
SetErrorMode
lstrlenW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcpynW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection

user32

DestroyMenu
ShowWindow
LoadCursorW
GetSysColorBrush
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetWindow
GetDlgCtrlID
GetWindowRect
GetWindowLongW
MessageBoxW
PostQuitMessage
PostMessageW
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringW
GetMessagePos
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
SendMessageW
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
UnregisterClassW
CheckMenuItem
EnableMenuItem
DrawTextExW
DrawTextW
TabbedTextOutW
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
TextOutW
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindExtensionW
PathFindFileNameW

ole32

CoTaskMemFree
PropVariantClear
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

GetInputVolumeCtrlInstance
GetOutputVolumeCtrlInstance
ReleaseInputVolumeCtrlInstance
ReleaseOutputVolumeCtrlInstance

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/ChatRoom/data/FlowerData.dat
Dance/ChatRoom/plug_folder_focus.bmp
Dance/ChatRoom/plug_folder_normal.bmp
Dance/ChatRoomUI.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

135cc4765d434b7922f2bb51b73648fc

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:20:73:63:e8:9f:4c:aa:e0:5a:91:d1:f0:74:66:7b:59:cc:4c:79
Signer

Actual PE Digest

ea:20:73:63:e8:9f:4c:aa:e0:5a:91:d1:f0:74:66:7b:59:cc:4c:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Svn\guagua\ChatHall\ChatRoomOcx\ReleaseU\ChatRoomOcx.pdb

Imports

mfc71u

ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord605
ord354
ord5199
ord4347
ord1894
ord764
ord6063
ord6061
ord6277
ord4574
ord3598
ord3596
ord3651
ord3514
ord6260
ord2905
ord6261
ord4308
ord5376
ord2851
ord2936
ord4475
ord4255
ord3269
ord476
ord2292
ord701
ord1948
ord1320
ord5452
ord963
ord4167
ord4550
ord4492
ord5515
ord1649
ord4731
ord4808
ord5856
ord1612
ord1415
ord5112
ord2503
ord3750
ord5055
ord4569
ord4571
ord2416
ord5483
ord3974
ord4525
ord4524
ord4636
ord4508
ord4789
ord4398
ord4368
ord4443
ord4873
ord4815
ord4820
ord4825
ord4521
ord4795
ord4794
ord4530
ord4529
ord4528
ord4506
ord4552
ord4913
ord4515
ord4500
ord5956
ord4650
ord4507
ord4490
ord4489
ord4952
ord4432
ord4199
ord4187
ord4182
ord4607
ord4609
ord4606
ord4239
ord4453
ord4894
ord4246
ord4877
ord4864
ord1988
ord2987
ord4389
ord2504
ord5911
ord1393
ord1897
ord6266
ord2532
ord2726
ord2830
ord4302
ord2841
ord2535
ord2639
ord3944
ord4477
ord5675
ord683
ord2148
ord3819
ord451
ord2550
ord4839
ord4340
ord4925
ord5210
ord4295
ord762
ord1079
ord2362
ord1088
ord314
ord1142
ord1127
ord2041
ord577
ord1220
ord2311
ord293
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2238
ord3942
ord4562
ord5226
ord5209
ord5562
ord3823
ord2832
ord2984
ord3256
ord566
ord757
ord6248
ord1133
ord1145
ord3655
ord3531
ord4420
ord4534
ord4720
ord4897
ord4576
ord6267
ord5206
ord4273
ord2852
ord4478
ord479
ord1754
ord1129
ord703
ord1044
ord1591
ord4276
ord4716
ord765
ord315
ord1033
ord1197
ord1199
ord1093
ord371
ord1115
ord1192
ord1168
ord1170
ord1200
ord1087
ord1162
ord581
ord3397
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord3435
ord4180
ord3635
ord1043

msvcr71

__CxxFrameHandler
wcscpy
wcsncpy
wcslen
_wtoi64
wcscat
wcsrchr
memset
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
__security_error_handler
free
_except_handler3

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
GetSystemTimeAsFileTime
GetModuleFileNameW
SetCurrentDirectoryW
LoadLibraryW
GetProcAddress
LocalFree
GetVersionExA

user32

GetSystemMetrics
GetClientRect
FillRect
EnableWindow

gdi32

GetStockObject

ole32

CoCreateInstance

oleaut32

LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/DnsSession.dll
.dll windows:4 windows x86 arch:x86

43d17f529f26f51b6f12b182d9cc0d38

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

1e:33:66:d1:71:f7:d5:f0:40:e5:e6:55:de:72:8b:2a:ac:61:f5:bd
Signer

Actual PE Digest

1e:33:66:d1:71:f7:d5:f0:40:e5:e6:55:de:72:8b:2a:ac:61:f5:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcpynW
Sleep
WritePrivateProfileStringW
GetTickCount
GetPrivateProfileIntW
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
CreateEventW
WaitForSingleObject
SetEvent
ResetEvent
InterlockedDecrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
SetEndOfFile
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
CreateFileA
CreateFileW
SetFilePointer
FlushFileBuffers
SetStdHandle
VirtualQuery
InterlockedExchange
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
RtlUnwind
ExitProcess
RaiseException
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
GetCommandLineA
GetVersionExA
HeapAlloc
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
HeapFree
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTimeZoneInformation
HeapReAlloc
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr

user32

IsWindow
PostMessageW

oleaut32

SysAllocStringByteLen

winmm

timeGetTime

ws2_32

bind
setsockopt
recvfrom
sendto
closesocket
htonl
WSAStartup
ntohs
gethostbyname
htons
inet_addr
inet_ntoa
socket
WSAGetLastError
shutdown
recv
send
connect
getsockname
WSACleanup

Exports

Exports

CreateCqsSession
CreateDnsIns
CreateOemConf
SetMainPath

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/Downloader.exe
.exe windows:4 windows x86 arch:x86

9c1807b39fbc34cab8dda6752d922a9f

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

36:a6:47:91:79:6d:a9:81:48:e5:b4:27:68:f5:71:d5:9e:36:ea:81
Signer

Actual PE Digest

36:a6:47:91:79:6d:a9:81:48:e5:b4:27:68:f5:71:d5:9e:36:ea:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71u

ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord2856
ord4480
ord4256
ord416
ord1785
ord709
ord501
ord2155
ord4098
ord2311
ord5869
ord2860
ord762
ord2364
ord293
ord2159
ord3869
ord1555
ord5914
ord421
ord774
ord3781
ord5280
ord383
ord1472
ord655
ord5657
ord5913
ord1908
ord5105
ord3433
ord3204
ord1925
ord3155
ord1271
ord3296
ord1270
ord5633
ord2521
ord5607
ord6056
ord5604
ord6050
ord4155
ord6053
ord6033
ord5723
ord5638
ord5643
ord4276
ord5584
ord5410
ord5397
ord2534
ord5715
ord602
ord2255
ord5884
ord347
ord5630
ord2361
ord1920
ord2362
ord5862
ord3873
ord2081
ord1628
ord1549
ord5911
ord1393
ord6271
ord5210
ord5196
ord4230
ord6116
ord2788
ord3396
ord5727
ord2066
ord1632
ord1562
ord4232
ord899
ord3995
ord4117
ord5637
ord502
ord2876
ord5489
ord2697
ord3195
ord380
ord266
ord629
ord2897
ord1430
ord5083
ord384
ord265
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord4716
ord3397
ord5199
ord4179
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord1542
ord731
ord1578
ord3560
ord3198
ord2254
ord3927
ord1661
ord1662
ord4884
ord4729
ord4206
ord5178
ord1058
ord1894
ord4119
ord3824
ord1049
ord1118
ord2011
ord5524
ord1906
ord764
ord2926
ord282
ord1479
ord280
ord2461
ord776
ord5398
ord6161
ord1155
ord2239
ord651
ord757
ord566
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord5519
ord2640
ord326
ord310
ord4041
ord4042
ord578
ord1154
ord784
ord783
ord3249
ord1178
ord1182
ord1202
ord287
ord1156
ord760
ord5981
ord3590
ord3043
ord5485
ord6282
ord5316
ord2250
ord1172
ord2297
ord317
ord2009
ord2054
ord4320
ord6274
ord3795
ord577
ord6272
ord4008
ord4032
ord2366
ord1079
ord3677
ord4535
ord1425
ord584
ord283
ord5917
ord6293
ord5327
ord5558
ord6299
ord1027
ord5337
ord3508
ord2121
ord642
ord3467
ord1959
ord2895
ord2489
ord5742
ord3983
ord2867
ord658
ord3483
ord3645
ord753
ord563
ord6044
ord1588
ord2252
ord1006
ord6251
ord587
ord572
ord4226
ord1536
ord2077
ord870
ord3417
ord3678
ord4574
ord1087
ord5648
ord2368
ord2651
ord5609
ord3756
ord330
ord589
ord354
ord605
ord2622
ord2365
ord4347
ord3395
ord2713
ord4109
ord4112
ord3752
ord6086
ord3435
ord3635
ord1198

msvcr71

swprintf
__CxxFrameHandler
wcstok
wcslen
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_waccess
_wcsicmp
wcscpy
_wtoi
free
malloc
fclose
fread
_wfopen
memmove
_beginthreadex
_controlfp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
toupper
_purecall
_ftime
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_except_handler3
memset

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetStartupInfoW
GetModuleHandleA
MultiByteToWideChar
CreateProcessW
GetExitCodeProcess
CreateEventW
Sleep
TerminateThread
GetLastError
GetPrivateProfileIntW
GetPrivateProfileStringW
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
SetEvent
CreateDirectoryW
DeleteFileW
GetCommandLineW
GetModuleFileNameW
GetVersionExW
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GlobalSize
GetVersionExA
GetSystemTimeAsFileTime

user32

GetWindowRect
GetParent
GetMenuItemInfoW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenu
GetUpdateRect
GetActiveWindow
SystemParametersInfoW
ReleaseDC
GetDC
MoveWindow
SetWindowPos
ClientToScreen
GetDlgCtrlID
SetCursor
LoadCursorW
GetWindowLongW
GetNextDlgGroupItem
IsWindowEnabled
IsWindowVisible
ReleaseCapture
DefWindowProcW
PtInRect
SetCapture
SetRect
SetWindowRgn
IntersectRect
CallWindowProcW
SetWindowLongW
FrameRect
FillRect
GetPropW
GetSysColor
DestroyWindow
RemovePropW
SetParent
GetScrollInfo
GetWindowInfo
SetPropW
ScreenToClient
GetClassInfoExW
RegisterClassW
InflateRect
GetCursorPos
KillTimer
SetTimer
GetFocus
FindWindowW
GetClassInfoW
SendMessageW
SetForegroundWindow
ShowWindow
DrawIcon
PostMessageW
IsIconic
GetClientRect
FlashWindow
LoadIconW
EnableWindow
GetSystemMetrics
GetClassNameW
IsWindow
EnumWindows
IsRectEmpty
CopyRect
TabbedTextOutW
DrawTextW
DrawTextExW
CreateWindowExW
OffsetRect
GrayStringW
EnumChildWindows
InvalidateRect

gdi32

RectVisible
PtVisible
GetMapMode
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject
ExcludeClipRect
CombineRgn
TextOutW
CreateDIBSection
GetObjectW
OffsetRgn
CreateFontIndirectW
GetDeviceCaps
CreateDCW
CreateSolidBrush
GetStockObject
SetTextColor
SetBkMode
CreatePatternBrush
GetTextExtentPointW
ExtTextOutW
Escape
CreateRectRgn
ExtCreateRegion
BitBlt

shell32

ShellExecuteW

comctl32

ord17
ImageList_GetImageCount
ImageList_GetImageInfo
_TrackMouseEvent
ImageList_Draw

gdiplus

GdipCloneImage
GdipCreateFromHDC
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDeleteFont
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetImageAttributesColorKeys
GdipCreateSolidFill
GdipAlloc
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipFillRectangleI
GdipDrawString
GdipMeasureString
GdipCreateFont
GdipCloneBrush
GdipCreateBitmapFromHBITMAP
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipDrawRectangleI
GdipSetClipRectI
GdipSaveImageToStream
GdipDrawImageI
GdipGetImageGraphicsContext
GdipFree
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipDeleteGraphics
GdipSetStringFormatFlags
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectRectI

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

wininet

InternetSetOptionW

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Dance/EncWmv.dll
.dll windows:4 windows x86 arch:x86

5b3f9a2956f683d60eb5c773dd4ed6f4

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

91:0c:ee:d6:d4:10:29:cd:7f:31:30:6b:59:67:4b:67:1e:32:d1:c7
Signer

Actual PE Digest

91:0c:ee:d6:d4:10:29:cd:7f:31:30:6b:59:67:4b:67:1e:32:d1:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetModuleHandleW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA

user32

LoadImageW

gdi32

CreateBitmap
DeleteDC
SelectObject
StretchDIBits
GetObjectW
DeleteObject
GetBitmapBits
CreateCompatibleDC

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

msvcp71

?_Nomemory@std@@YAXXZ

msvcr71

malloc
_purecall
??3@YAXPAX@Z
wcscmp
__CxxFrameHandler
memset
_callnewh
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
__security_error_handler
free
??_V@YAXPAX@Z
_except_handler3

wmvcore

WMCreateWriter
WMCreateProfileManager

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

CreateWmvEncObj
DestroyEncWmvObj

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/EquipCenter.dll
.dll windows:4 windows x86 arch:x86

d8d7f4527fc8302dfe91ea7df3718db5

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:03:e0:54:c0:bc:57:ab:3b:c9:62:a1:95:98:00:3c:91:65:6a:3d
Signer

Actual PE Digest

b0:03:e0:54:c0:bc:57:ab:3b:c9:62:a1:95:98:00:3c:91:65:6a:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc71u

ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2856
ord4480
ord572
ord760
ord3204
ord1925
ord3198
ord1271
ord2895
ord1894
ord6061
ord774
ord709
ord5638
ord6031
ord501
ord4347
ord6086
ord1079
ord266
ord265
ord2460
ord283
ord1785
ord762
ord6063
ord2311
ord5178
ord4206
ord4729
ord4884
ord2011
ord1662
ord1661
ord1542
ord5908
ord1392
ord5199
ord4256
ord896
ord1479
ord6111
ord282
ord2926
ord897
ord2444
ord6002
ord1176
ord5711
ord4119
ord899
ord894
ord777
ord900
ord772
ord745
ord2260
ord557
ord1118
ord5914
ord5558
ord5524
ord1472
ord1189
ord5657
ord5913
ord5280
ord6284
ord655
ord629
ord1430
ord383
ord5300
ord5105
ord421
ord313
ord2077
ord1536
ord4226
ord563
ord4109
ord2366
ord753
ord6251
ord1006
ord2361
ord1871
ord5803
ord4098
ord2657
ord5862
ord3873
ord3756
ord2860
ord2654
ord2155
ord5801
ord2169
ord5867
ord5869
ord3869
ord1883
ord2640
ord5829
ord6232
ord651
ord416
ord3875
ord5727
ord4314
ord5609
ord1156
ord4101
ord860
ord3155
ord1058
ord2461
ord3249
ord5327
ord6293
ord5316
ord6282
ord2364
ord1555
ord1921
ord3645
ord3483
ord1632
ord1562
ord4232
ord658
ord2255
ord2867
ord1270
ord5633
ord4117
ord3995
ord2788
ord5637
ord602
ord1920
ord347
ord1867
ord1876
ord741
ord3395
ord2086
ord1582
ord4234
ord2985
ord3311
ord2159
ord1162
ord1087
ord1200
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord3677
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord2399
ord2381
ord2379
ord2397
ord731
ord1578
ord3560
ord2254
ord287
ord2066
ord502
ord2362
ord310
ord4041
ord4042
ord578
ord1154
ord784
ord783
ord1178
ord1182
ord1202
ord2871
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord3590
ord3678
ord577
ord293
ord314
ord3824
ord764
ord2121
ord870
ord776
ord3927
ord280
ord2239
ord566
ord757
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2651
ord2527
ord642
ord4230
ord1549
ord1628
ord2081
ord3467
ord5981
ord326
ord3043
ord5485
ord2250
ord1172
ord2297
ord384
ord5083
ord317
ord1425
ord584
ord6299
ord1027
ord5337
ord3508
ord1170
ord3296
ord748
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4237
ord1585
ord4008
ord4032
ord2656
ord1641
ord3577
ord3670
ord1959
ord2876
ord2489
ord5742
ord3396
ord6116
ord739
ord1580
ord1638
ord3568
ord620
ord3157
ord3448
ord4755
ord3983
ord3570
ord6044
ord1588
ord2252
ord587
ord3417
ord4574
ord5648
ord2368
ord330
ord589
ord354
ord605
ord2622
ord2365
ord2713
ord4112
ord3752
ord3435
ord3635
ord765
ord315
ord1033
ord1197
ord1199
ord1093
ord371
ord1115
ord1168
ord1192
ord581

msvcr71

__CxxFrameHandler
_wcsicmp
_purecall
free
malloc
_beginthreadex
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_endthreadex
sprintf
wcslen
localtime
fclose
fprintf
fopen
printf
vsprintf
swprintf
strncpy
fputwc
_wfopen
_ftime
time
srand
rand
toupper
_wrename
fwrite
fseek
fread
wcsncpy
_waccess
wcscpy
_wtoi64
_except_handler3
_localtime64
strstr
_wtoi
memmove
_wtol
ceil
memset
__dllonexit
_onexit
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CppXcptFilter

kernel32

GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
LocalAlloc
LocalFree
TerminateThread
CreateThread
GlobalFree
FindFirstFileW
FindClose
SetFileAttributesW
lstrcatW
lstrcpyW
lstrlenW
GetPrivateProfileStringW
ReleaseMutex
CreateMutexW
InterlockedExchangeAdd
CreateDirectoryW
DeleteFileW
WritePrivateProfileStringW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
Sleep
ResumeThread
GetLastError
CreateEventW
GlobalAlloc
GlobalLock
GlobalUnlock
WaitForSingleObject
CloseHandle
ResetEvent
SetEvent
GetTickCount
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FreeLibrary
GlobalReAlloc
MulDiv
GlobalSize
GetVersionExA
GetSystemTimeAsFileTime

user32

IsWindowVisible
GetNextDlgGroupItem
SetWindowPos
LoadBitmapW
LoadImageW
OffsetRect
PtInRect
LockWindowUpdate
ReleaseCapture
WindowFromPoint
GetParent
SetCapture
GetCapture
GetActiveWindow
ClientToScreen
IsWindow
GetWindowRect
SendMessageW
GetDC
ReleaseDC
PostMessageW
EnableWindow
KillTimer
SetTimer
InvalidateRect
GetClientRect
DefWindowProcW
FillRect
IsWindowEnabled
GetWindowDC
RedrawWindow
GetSysColor
GetWindowInfo
CallWindowProcW
SetRect
SetWindowRgn
IntersectRect
InflateRect
FrameRect
GetPropW
LoadIconW
DestroyWindow
RemovePropW
SetParent
GetScrollInfo
SetPropW
CreateWindowExW
GetClassInfoExW
BringWindowToTop
RegisterClassW
GetCursorPos
GetFocus
SetWindowLongW
MoveWindow
ScreenToClient
GetMenuItemInfoW
GetMenuItemCount
CopyRect
IsRectEmpty
GetMenuItemID
GetSubMenu
GetMenu
GetUpdateRect
GetSystemMetrics
SystemParametersInfoW
EnumChildWindows
GetDlgCtrlID
SetCursor
LoadCursorW
GetWindowLongW
GetClassNameW

gdi32

CreateCompatibleBitmap
DeleteObject
GetStockObject
Rectangle
CreateFontW
SelectObject
DeleteDC
SetBkMode
CreateSolidBrush
CreateCompatibleDC
TextOutW
ExtCreateRegion
CreateDIBSection
GetObjectW
CreateRectRgn
OffsetRgn
CreateFontIndirectW
GetDeviceCaps
CreateDCW
SetTextColor
CreatePatternBrush
GetTextExtentPointW
BitBlt
ExcludeClipRect
CombineRgn

shell32

ShellExecuteW

comctl32

ImageList_AddMasked
_TrackMouseEvent
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Draw

ole32

CreateStreamOnHGlobal

gdiplus

GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromScan0
GdipCreateSolidFill
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipFillRectangleI
GdipDrawImageI
GdipDrawImageRectI
GdipCloneBrush
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreatePath
GdipDeletePath
GdipDeleteRegion
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateBitmapFromResource
GdipCreateTexture
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipAddPathStringI
GdipSetTextRenderingHint
GdipImageSelectActiveFrame
GdipDrawPath
GdipFillRegion
GdipCreateRegionPath
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDeleteGraphics
GdipDeleteBrush
GdipGetImageHeight
GdipGetImageWidth
GdipFree
GdipDrawImageRectRectI
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDeleteFont
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetImageAttributesColorKeys
GdipSetStringFormatFlags
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipDrawString
GdipMeasureString
GdipCreateFont
GdipCreateBitmapFromHBITMAP
GdipSetPenMode
GdipDrawRectangleI
GdipSetClipRectI
GdipSaveImageToStream
GdipAlloc
GdipSetSmoothingMode

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

wininet

InternetQueryDataAvailable

ws2_32

connect
socket
gethostbyname
htons
recv
WSACleanup
WSAStartup
inet_addr
inet_ntoa
shutdown
closesocket
send

Exports

Exports

CreateEquipCenter
DestroyEquipCenter
SetMainPath
SetResPath

Sections

.text
Size: 320KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/GameMediaLib.dll
.dll windows:4 windows x86 arch:x86

89dd1f67cbc9f7f926dedce3b1b30bcb

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

c5:d2:5e:cc:c1:b1:8d:98:e7:11:b5:5b:4d:c4:74:ae:d1:fe:25:c6
Signer

Actual PE Digest

c5:d2:5e:cc:c1:b1:8d:98:e7:11:b5:5b:4d:c4:74:ae:d1:fe:25:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\guagua\productu\GameMediaLib.pdb

Imports

kernel32

LoadLibraryW
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
CloseHandle
OpenMutexW
WideCharToMultiByte
GetProcAddress
MultiByteToWideChar
CreateEventW
WaitForSingleObject
SetEvent
ResetEvent
GetTickCount
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
Sleep
ReadFile
SetEndOfFile
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
CreateFileA
FlushFileBuffers
SetStdHandle
SetFilePointer
VirtualQuery
InterlockedExchange
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
RaiseException
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
GetCommandLineA
GetVersionExA
HeapAlloc
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetModuleFileNameA
HeapFree
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTimeZoneInformation
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA

ole32

CoInitialize
CoUninitialize

winmm

timeGetTime
waveOutGetNumDevs

ws2_32

setsockopt
closesocket
socket
WSAIoctl
bind
sendto
gethostbyname
htons
inet_addr
inet_ntoa
ntohs
shutdown
WSACleanup
recvfrom
WSAStartup
gethostname

Exports

Exports

CreateGameMediaLib
SetMainPath

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/ImageOle.dll
.dll regsvr32 windows:4 windows x86 arch:x86

18e201c66fb36f0c34f99d047daacbc0

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

d9:da:c3:10:c3:f0:5a:06:42:06:68:3e:54:28:b7:33:33:23:2c:2d
Signer

Actual PE Digest

d9:da:c3:10:c3:f0:5a:06:42:06:68:3e:54:28:b7:33:33:23:2c:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
DeleteCriticalSection
EnterCriticalSection
HeapDestroy
GetCurrentThreadId
LeaveCriticalSection
InitializeCriticalSection
HeapCreate
GetVersionExA
GetSystemInfo
HeapAlloc
DisableThreadLibraryCalls
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
GetCurrentProcess
FlushInstructionCache
lstrlenW
GlobalAlloc
GlobalLock
InterlockedDecrement
GetTickCount
InterlockedIncrement
MultiByteToWideChar
LocalAlloc
InterlockedExchange
RaiseException
WideCharToMultiByte
CloseHandle
GlobalUnlock
ReadFile
SetFilePointer
CreateFileA

user32

GetClassNameA
SetWindowPos
UnionRect
SetWindowLongA
SetFocus
IsChild
GetWindowTextA
GetParent
InvalidateRect
CharNextA
DefWindowProcA
IsWindow
GetKeyState
PtInRect
SetTimer
IsWindowVisible
GetDC
ReleaseDC
KillTimer
UpdateWindow
DestroyWindow
SendMessageA
WindowFromDC
GetFocus
ShowWindow
CreateWindowExA
RegisterClassExA
BeginPaint
GetClientRect
EndPaint
EqualRect
SetWindowRgn
OffsetRect
CallWindowProcA
IntersectRect
GetWindowLongA
GetClassInfoExA
LoadCursorA
wsprintfA

gdi32

BitBlt
CreateCompatibleDC
DeleteDC
DeleteObject
SelectClipRgn
CreateRectRgn
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCA
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileA

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

ole32

CreateOleAdviseHolder
CoLoadLibrary
OleLoadFromStream
CreateDataAdviseHolder
OleRegGetMiscStatus
OleSaveToStream
WriteClassStm
OleRegGetUserType
OleRegEnumVerbs
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

SysStringLen
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
OleCreatePropertyFrame
SysAllocString
SysFreeString

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

msvcrt

_purecall
realloc
??2@YAPAXI@Z
memcpy
free
__CxxFrameHandler
malloc
_onexit
strcat
strcpy
_mbsrchr
__dllonexit
memset
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
memcmp

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/MFC71u.dll
.dll windows:4 windows x86 arch:x86

b3fbf4599c17e9bc7ccae6518bf0f868

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

37:8d:07:e5:80:ce:e9:19:43:38:1b:02:9d:9a:21:bb:c7:b9:fb:ae
Signer

Actual PE Digest

37:8d:07:e5:80:ce:e9:19:43:38:1b:02:9d:9a:21:bb:c7:b9:fb:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mfc71u.pdb

Imports

msvcr71

__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
__security_error_handler
??1type_info@@UAE@XZ
_itow
wcsncpy
wcscpy
_ltow
_ultow
iswdigit
ceil
wcsncmp
_wcsnicmp
_wsplitpath
_wfullpath
_wtol
__p___argc
__p___wargv
_beginthreadex
_endthreadex
_wcsdup
_expand
_wtoi
wcstod
wcstol
wcstoul
swscanf
abs
labs
_snwprintf
calloc
__CxxFrameHandler
_msize
_purecall
_localtime64
_mktime64
realloc
fflush
fseek
ftell
fgetws
fputws
fwrite
fread
clearerr
fclose
_open_osfhandle
_fdopen
__doserrno
_get_osfhandle
abort
memcmp
_resetstkoflw
malloc
swprintf
_CxxThrowException
vsprintf
_vscprintf
_mbsrev
_mbslwr
_mbsupr
_mbscspn
_mbsspn
_mbspbrk
_mbsrchr
_mbschr
_mbsstr
_mbsicoll
_mbscoll
_mbsicmp
_mbscmp
_ismbcspace
_mbsinc
free
strlen
memmove
wcslen
memcpy
vswprintf
_vscwprintf
_wcsrev
_wcslwr
_wcsupr
wcscspn
wcsspn
wcspbrk
wcsrchr
wcschr
wcsstr
_wcsicoll
wcscoll
_wcsicmp
wcscmp
iswspace
_except_handler3
memset
strcpy
strcmp

kernel32

FindResourceExW
GetEnvironmentVariableW
MultiByteToWideChar
FormatMessageW
WideCharToMultiByte
FormatMessageA
GetEnvironmentVariableA
lstrcpynW
SetLastError
GetLastError
lstrlenW
lstrcmpA
lstrlenA
MoveFileW
DeleteFileW
GetStringTypeExW
lstrcmpiW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
CloseHandle
lstrcpyW
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
CreateFileW
GetShortPathNameW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
GlobalSize
GlobalLock
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileAttributesW
GetFileTime
InterlockedDecrement
LocalAlloc
LeaveCriticalSection
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
FindResourceW
TlsFree
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
CreateEventW
WaitForMultipleObjects
GetVersionExA
GetModuleHandleW
lstrcmpW
lstrcatW
FreeLibrary
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
FreeResource
GlobalGetAtomNameW
GetVersion
GetModuleHandleA
MulDiv
GetProfileIntW
VirtualProtect
GlobalFlags
GetTempFileNameW
GetDiskFreeSpaceW
LocalUnlock
LocalLock
SearchPathW
GetTempPathW
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
lstrcmpiA
GetCurrentThread
SetErrorMode
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentDirectoryW
InterlockedIncrement
FindNextFileW
GetTickCount
CopyFileW
GetUserDefaultLCID
IsDBCSLeadByte
lstrcpyA
GetSystemTime
ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LocalFree
LocalReAlloc

gdi32

ScaleWindowExtEx
OffsetRgn
SetBrushOrgEx
GetRgnBox
CreateMetaFileW
CopyMetaFileW
Ellipse
LPtoDP
CreateEllipticRgn
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
OffsetWindowOrgEx
StartDocW
GetPixel
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
EnumFontFamiliesExW
CreateDCW
BitBlt
CreateRectRgnIndirect
UnrealizeObject
CreateBitmap
CreatePatternBrush
CreatePen
PatBlt
Rectangle
TextOutW
DeleteMetaFile
CloseMetaFile
ScaleViewportExtEx
IntersectClipRect
GetDeviceCaps
SetMapMode
SetWindowExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetViewportOrgEx
SetViewportOrgEx
GetWindowOrgEx
SetWindowOrgEx
ExtTextOutW
GetTextExtentPoint32A
GetCurrentPositionEx
MoveToEx
CreateFontIndirectW
GetWindowExtEx
GetViewportExtEx
GetTextFaceW
GetTextAlign
RectVisible
PtVisible
GetTextColor
GetStretchBltMode
GetROP2
GetPolyFillMode
GetBkMode
Escape
GetNearestColor
SaveDC
RestoreDC
GetStockObject
GetTextExtentPoint32W
GetTextMetricsW
CreateFontW
GetCharWidthW
DeleteObject
SelectObject
StretchDIBits
DeleteDC
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox

user32

PtInRect
CopyRect
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongW
GetWindowLongW
CallWindowProcW
DefWindowProcW
SendMessageW
GetDlgCtrlID
SetWindowPlacement
RegisterClassW
GetClassInfoW
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
GetParent
AdjustWindowRectEx
GetSysColor
LoadIconW
GetMenuItemCount
GetMenuItemID
GetSubMenu
PostMessageW
GetMenu
GetClientRect
UpdateWindow
IsWindowVisible
ShowScrollBar
SetForegroundWindow
EnableWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
GetKeyState
TrackPopupMenu
TrackPopupMenuEx
MessageBoxW
ScrollWindow
MapWindowPoints
PeekMessageW
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageW
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
IsChild
SetFocus
IsWindow
GetFocus
SendDlgItemMessageA
SendDlgItemMessageW
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetClassInfoExW
CallNextHookEx
SetWindowsHookExW
CreateWindowExW
GetCapture
WinHelpW
RegisterWindowMessageW
LoadAcceleratorsW
TranslateAcceleratorW
IsWindowEnabled
GetDesktopWindow
ShowWindow
SetMenu
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemW
InvalidateRect
ReleaseCapture
SetCursor
ReuseDDElParam
UnpackDDElParam
GetActiveWindow
DestroyMenu
LoadMenuW
GetWindow
ClientToScreen
SetCapture
WindowFromPoint
GetWindowThreadProcessId
GetCursorPos
TranslateMessage
GetMessageW
WaitMessage
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
RedrawWindow
InflateRect
SetRect
SetTimer
KillTimer
ReleaseDC
GetDC
IsZoomed
IsRectEmpty
DeleteMenu
AppendMenuW
GetSystemMenu
SetParent
GetDCEx
LockWindowUpdate
GetTabbedTextExtentA
DrawTextW
DrawTextExW
GrayStringW
UnionRect
GetKeyNameTextW
MapVirtualKeyW
LoadBitmapW
FillRect
DrawFocusRect
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
GetMenuItemInfoW
SystemParametersInfoW
GetMenuStringW
GetSysColorBrush
SetWindowTextW
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
MoveWindow
ScrollWindowEx
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
DestroyIcon
DestroyCursor
SetCursorPos
FindWindowW
DrawIcon
SetWindowRgn
IsClipboardFormatAvailable
MessageBeep
GetTabbedTextExtentW
RemoveMenu
ValidateRect
PostQuitMessage
ShowOwnedPopups
InsertMenuW
RegisterClipboardFormatW
SendNotifyMessageW
CopyAcceleratorTableW
InSendMessage
PostThreadMessageW
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextW
InvalidateRgn
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
MsgWaitForMultipleObjects
UnhookWindowsHookEx
CharUpperW
GetSystemMetrics
wsprintfW
LoadCursorW
UnregisterClassW
OemToCharA
CharToOemA

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
UrlUnescapeW

Sections

.text
Size: 871KB - Virtual size: 870KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/Mp4Maker.exe
.exe windows:4 windows x86 arch:x86

1f68c90cff8a30b4c0e3f92a4f23f231

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

80:25:0e:67:e8:f4:ff:0c:24:0e:45:42:63:11:3f:f1:37:45:9e:06
Signer

Actual PE Digest

80:25:0e:67:e8:f4:ff:0c:24:0e:45:42:63:11:3f:f1:37:45:9e:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetCurrentThreadId
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
LoadLibraryA
InterlockedExchange
VirtualQuery
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
VirtualProtect
GetSystemInfo
WaitForSingleObject
ResetEvent
WaitForMultipleObjects
SetEvent
UnmapViewOfFile
CloseHandle
TerminateThread
CreateThread
MapViewOfFile
OpenFileMappingA
OpenEventA
OpenProcess
lstrcpyA
RaiseException
SetStdHandle
SetFilePointer
FlushFileBuffers

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Dance/OemIcon.ico
Dance/ResCenter.dll
.dll windows:4 windows x86 arch:x86

01e5253a44173e5f467d225298f22084

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

d4:47:4a:8f:5c:e4:5b:5a:4c:8a:46:38:ea:ef:01:13:5c:30:24:4b
Signer

Actual PE Digest

d4:47:4a:8f:5c:e4:5b:5a:4c:8a:46:38:ea:ef:01:13:5c:30:24:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc71u

ord2311
ord283
ord776
ord2121
ord3824
ord314
ord293
ord774
ord1189
ord5914
ord5558
ord2895
ord5524
ord1479
ord282
ord2926
ord1472
ord5657
ord5913
ord5280
ord266
ord6284
ord655
ord629
ord1430
ord265
ord383
ord5300
ord5105
ord421
ord313
ord870
ord897
ord2444
ord896
ord2261
ord6002
ord1176
ord5711
ord894
ord777
ord900
ord772
ord745
ord2260
ord557
ord4101
ord1162
ord1087
ord1079
ord1200
ord1170
ord1168
ord1192
ord1115
ord371
ord1093
ord1199
ord1197
ord581
ord1033
ord315
ord765
ord577
ord3927
ord280
ord2239
ord566
ord757
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord3677
ord762
ord6111
ord764

msvcr71

malloc
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
free
_except_handler3
memset
_i64tow
vsprintf
printf
fopen
fprintf
localtime
sprintf
_adjust_fdiv
fputwc
_wtoi64
wcscmp
fread
_waccess
rand
wcsncpy
_wfopen
fseek
_ftime
memmove
time
srand
__CppXcptFilter
?terminate@@YAXXZ
_endthreadex
fwrite
fclose
_wrename
_wtoi
_beginthreadex
_wcsicmp
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??0exception@@QAE@XZ
??1exception@@UAE@XZ
strncpy
swprintf
wcslen
__CxxFrameHandler
wcscpy

kernel32

SetFilePointer
DeleteFileW
CloseHandle
InterlockedExchangeAdd
Sleep
GetProcAddress
LoadLibraryW
GetModuleFileNameW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetFileSize
CreateFileW
CreateDirectoryW
CreateMutexW
ReleaseMutex
GetPrivateProfileStringW
WaitForSingleObject
WritePrivateProfileStringW
GetLastError
SetFileAttributesW
FindClose
FindFirstFileW
WideCharToMultiByte
MultiByteToWideChar
CreateEventW
SetEvent
ResetEvent
GetPrivateProfileIntW
LocalFree
LocalAlloc
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
ReadFile

user32

PostMessageW

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

wininet

InternetQueryDataAvailable

ws2_32

recv
inet_ntoa
shutdown
WSAStartup
WSACleanup
closesocket
send
connect
socket
gethostbyname
htons
inet_addr

Exports

Exports

CreateFamilyCenter
CreateMsgNotifyCenter
CreateResCenter
DestroyFamilyCenter
DestroyMsgNotifyCenter
DestroyResCenter
SetMainPath
SetResPath

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/RtpStack.DLL
.dll windows:4 windows x86 arch:x86

784794bd29e6f793431c8af904f233f2

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:db:ec:99:17:4e:01:26:d6:ec:6c:90:e3:2d:ad:10:77:02:4f:64
Signer

Actual PE Digest

2e:db:ec:99:17:4e:01:26:d6:ec:6c:90:e3:2d:ad:10:77:02:4f:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
TerminateThread
WaitForSingleObject
Sleep
SetThreadPriority
CreateThread
WideCharToMultiByte
MultiByteToWideChar
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetTickCount
QueryPerformanceCounter
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
FlushFileBuffers
SetStdHandle
VirtualQuery
InterlockedExchange
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
ResetEvent
WaitForMultipleObjects
SetEvent
IsBadReadPtr
UnmapViewOfFile
MapViewOfFile
lstrcpyA
CreateProcessA
CreateFileMappingA
GetCurrentProcessId
GetModuleFileNameA
CreateEventA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
SetUnhandledExceptionFilter
GetTimeZoneInformation
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
SetFilePointer

ole32

CoCreateGuid

msacm32

acmStreamUnprepareHeader
acmStreamConvert
acmStreamPrepareHeader
acmDriverClose
acmStreamClose
acmFormatEnumW
acmMetrics
acmDriverOpen
acmDriverDetailsW
acmStreamOpen
acmDriverEnum

msvfw32

ICSendMessage
ICClose
ICDecompress
ICCompress
ICOpen

winmm

waveOutReset
waveOutOpen
waveOutGetNumDevs
waveOutWrite
waveOutPrepareHeader
timeGetTime
waveOutUnprepareHeader
waveOutClose

Exports

Exports

CreateRtpStack
ReleaseRtpStack

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/Skin/2010beta1DownLoader.ggs
Dance/Skin/2010beta1EquipCenterSkin.ggs
Dance/Skin/2010beta1Skin.ggs
Dance/Skin/2010beta1Skin_0.ggs
Dance/Skin/2010beta1UpdateSkin.ggs
Dance/Skin/2010beta1UserInfoSkin.ggs
Dance/Skin/Alarm.png
.png
Dance/Skin/DefFace.bmp
Dance/Skin/DefFace_16.bmp
Dance/Skin/DefFace_21.bmp
Dance/Skin/DefSendedStarGift.gif
.gif
Dance/Skin/DefStarLevel.bmp
Dance/Skin/DefaultCar.gif
.gif
Dance/Skin/GiftButtonBK.bmp
Dance/Skin/VideoBack.bmp
Dance/Skin/WndBack.bmp
Dance/Skin/default_female.png
.png
Dance/Skin/default_male.png
.png
Dance/Skin/jilv.jpg
.jpg
Dance/Skin/login.gif
.gif
Dance/Skin/progressbar.gif
.gif
Dance/Thumbs.db
Dance/UIToolTip.dll
.dll windows:4 windows x86 arch:x86

0b5fe4eb2b7be03512291391bd4a08c3

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

b1:f5:7d:66:63:32:01:ca:67:ae:73:3f:dd:78:09:bd:10:dc:b5:d2
Signer

Actual PE Digest

b1:f5:7d:66:63:32:01:ca:67:ae:73:3f:dd:78:09:bd:10:dc:b5:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc71u

ord4074
ord5414
ord5485
ord4078
ord5705
ord3678
ord3395
ord1079
ord4119
ord2361
ord2366
ord1894
ord2648
ord709
ord501
ord6086
ord2311
ord1183
ord1155
ord314
ord1955
ord6061
ord2863
ord3345
ord3946
ord3561
ord5210
ord5911
ord1611
ord1608
ord3940
ord1393
ord4238
ord5148
ord1899
ord5067
ord6271
ord4179
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord3824
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord894
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1647
ord1646
ord1590
ord5196
ord2856
ord4480
ord3331
ord760
ord572
ord757
ord566
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord6165
ord2261
ord896
ord5558
ord762
ord1472
ord2926
ord282
ord6111
ord1479
ord3990
ord4100
ord6173
ord6167
ord2444
ord899
ord870
ord3927
ord2895
ord2260
ord4101
ord774
ord2121
ord776
ord2460
ord5398
ord283
ord4026
ord280
ord1058
ord577
ord293
ord266
ord265
ord764
ord2407
ord2239
ord3826
ord765
ord315
ord1033
ord1197
ord1199
ord1093
ord371
ord1115
ord1192
ord1168
ord1170
ord1200
ord1087
ord1162
ord581
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord931
ord3677

msvcr71

?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
__security_error_handler
free
_except_handler3
wcstoul
_wtoi
wcsstr
memmove
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcscpy
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
rand
memset

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetVersionExA
lstrcatW
lstrlenW
WinExec
MulDiv
GetWindowsDirectoryW
LoadLibraryW
lstrcpyW
LoadLibraryExW
FreeLibrary
WideCharToMultiByte
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

EnableWindow
GetWindowTextW
ClientToScreen
GetParent
ChildWindowFromPoint
IsWindowEnabled
DefWindowProcW
GetCursorPos
WindowFromPoint
KillTimer
SetTimer
ScreenToClient
SetWindowRgn
EqualRect
GetClassInfoW
SetRectEmpty
SetRect
PtInRect
IsRectEmpty
GetWindowLongW
GetClassNameW
IsWindow
OffsetRect
GetWindowRect
GetSystemMetrics
GetSysColor
SetCursor
DestroyCursor
LoadCursorW
SendMessageW
LoadImageW
CopyIcon
DestroyIcon
FillRect
GetDC
CreateIconIndirect
ReleaseDC
GetIconInfo

gdi32

MoveToEx
OffsetRgn
CreateRoundRectRgn
CreateRectRgn
CreatePolygonRgn
CombineRgn
FillRgn
SelectClipRgn
FrameRgn
TextOutW
SetTextJustification
GetDeviceCaps
GetTextExtentPoint32W
CreateFontIndirectW
GetTextMetricsW
SetBkMode
SetBkColor
SetTextColor
CreateCompatibleBitmap
CreatePen
DeleteObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateDIBSection
GetObjectW
StretchBlt
CreateBitmap
CreateSolidBrush
LineTo

advapi32

RegCloseKey
RegQueryValueW
RegOpenKeyExW

shell32

ShellExecuteW

comctl32

ord17
ImageList_GetIcon
ImageList_GetImageCount

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

CreateToolTipModule
ReleaseToolTipModule

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/Update.exe
.exe windows:4 windows x86 arch:x86

271cb0154fc9f39f8dedc9518fb189bf

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39:1a:85:3a:49:10:64:cf:4f:37:3b:f3:4d:35:bb:c8:f6:a3:a2:68
Signer

Actual PE Digest

39:1a:85:3a:49:10:64:cf:4f:37:3b:f3:4d:35:bb:c8:f6:a3:a2:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71u

ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4255
ord572
ord741
ord5727
ord3395
ord3756
ord4026
ord2648
ord5609
ord589
ord1416
ord5638
ord330
ord4535
ord3677
ord757
ord2239
ord1118
ord280
ord1479
ord282
ord2926
ord1182
ord1178
ord1079
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5319
ord5222
ord3942
ord2362
ord6275
ord5209
ord5562
ord2832
ord4475
ord3327
ord566
ord1906
ord5524
ord5971
ord1049
ord3824
ord6115
ord1785
ord1883
ord2365
ord1058
ord5178
ord4206
ord4729
ord4884
ord2011
ord1662
ord1661
ord1542
ord5908
ord1392
ord4238
ord5199
ord4256
ord6232
ord2155
ord2651
ord709
ord501
ord578
ord297
ord5399
ord2462
ord310
ord304
ord631
ord2271
ord386
ord1430
ord764
ord380
ord293
ord776
ord577
ord3195
ord2697
ord1925
ord3204
ord3570
ord3678
ord899
ord313
ord5621
ord2897
ord2311
ord265
ord6284
ord2299
ord266
ord1189
ord421
ord5105
ord1434
ord655
ord5280
ord5914
ord283
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4234
ord1393
ord3940
ord1608
ord1611
ord5911
ord1582
ord2086
ord2366
ord1271
ord5226
ord3198
ord4041
ord4042
ord1154
ord784
ord783
ord3249
ord1202
ord384
ord5083
ord4562
ord629
ord2254
ord287
ord5220
ord5489
ord2066
ord502
ord5637
ord4117
ord3995
ord3635
ord3435
ord6086
ord3752
ord4112
ord4109
ord2713
ord4347
ord3155
ord1270
ord5633
ord4119
ord2622
ord1894
ord605
ord354
ord602
ord1920
ord347
ord2361
ord2368
ord762
ord5648
ord1087
ord6063
ord4574
ord3983
ord6251
ord1006
ord870
ord2252
ord1588
ord4755
ord6044
ord563
ord753
ord3417
ord2077
ord1536
ord4226
ord587
ord5398
ord2460
ord777
ord2895
ord2121
ord6061
ord3927
ord774
ord3508
ord5337
ord1027
ord6299
ord5558
ord5327
ord6293
ord584
ord1425
ord317
ord2255
ord3296
ord6111
ord2297
ord1172
ord2250
ord5316
ord6282
ord5485
ord3043
ord326
ord1198

msvcr71

_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
_controlfp
_strlwr
_purecall
wcscpy
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??0exception@@QAE@XZ
??1exception@@UAE@XZ
wcsstr
_wcsicmp
toupper
__set_app_type
__CxxFrameHandler
_wtoi
free
malloc
wcslen
_mktime64
_localtime64
wcsncpy
__p___argc
_time64
_i64tow
_XcptFilter
_exit
_c_exit
_except_handler3
memset
_wtof
wcsrchr
swprintf
strtok
atoi
atol
strncpy
strncmp
wcsncmp
wcscat
_wtoi64

kernel32

GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetStartupInfoW
GetModuleHandleA
DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryW
DeleteFileW
MultiByteToWideChar
CreateMutexW
GetLastError
ReleaseMutex
GetPrivateProfileStringW
WritePrivateProfileStringW
GetModuleFileNameW
LoadLibraryW
FreeLibrary
Sleep
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcpyW
WideCharToMultiByte
WinExec
lstrlenW
lstrcatW
EnterCriticalSection
LeaveCriticalSection
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GlobalSize
GetVersionExA
GetWindowsDirectoryW

user32

GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
GetSystemMenu
AppendMenuW
DrawIcon
MessageBeep
EnableWindow
GetParent
InvalidateRect
GetWindowRect
SendMessageW
DrawFocusRect
InflateRect
SetRectEmpty
LoadCursorW
CopyIcon
SetCursor
MoveWindow
OffsetRect
ScreenToClient
GetMenuItemInfoW
GetMenuItemCount
CopyRect
IsRectEmpty
GetMenuItemID
GetSubMenu
GetMenu
GetUpdateRect
GetActiveWindow
SystemParametersInfoW
ReleaseDC
GetDC
EnumChildWindows
SetWindowPos
FillRect
ClientToScreen
GetWindowLongW
GetDlgCtrlID
SetWindowLongW
GetClassNameW
GetNextDlgGroupItem
IsWindowEnabled
IsWindowVisible
ReleaseCapture
IntersectRect
SetWindowRgn
SetRect
IsWindow
GetMessagePos
DestroyCursor
KillTimer
SetTimer
PtInRect
DefWindowProcW

gdi32

CreateFontIndirectW
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
SetBkMode
CreateSolidBrush
GetTextExtentPoint32W
TextOutW
CombineRgn
ExtCreateRegion
CreateDIBSection
CreateRectRgn
OffsetRgn
ExcludeClipRect
GetDeviceCaps
CreateDCW
SetTextColor
CreatePatternBrush
GetTextExtentPointW
GetStockObject

shell32

ShellExecuteW

comctl32

_TrackMouseEvent
ImageList_GetImageCount
ImageList_Draw
ord17

gdiplus

GdipDrawImageI
GdipSaveImageToStream
GdipSetClipRectI
GdipDrawRectangleI
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateBitmapFromHBITMAP
GdipCloneBrush
GdipCreateFont
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipSetImageAttributesColorKeys
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateFromHDC
GdipCloneImage
GdipAlloc
GdipDrawImageRectRectI
GdipGetImageGraphicsContext
GdipFree
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown

advapi32

RegCloseKey
RegQueryValueW
RegOpenKeyExW

ole32

CreateStreamOnHGlobal

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Dance/UserInfoCenter.dll
.dll windows:4 windows x86 arch:x86

e1f67689fcf55f0a712f39e741f1c455

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

8d:3a:e7:66:b0:1a:f6:e0:d8:13:21:9a:fc:c3:e0:76:62:90:b7:a7
Signer

Actual PE Digest

8d:3a:e7:66:b0:1a:f6:e0:d8:13:21:9a:fc:c3:e0:76:62:90:b7:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc71u

ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord2856
ord4480
ord4256
ord1894
ord4119
ord4112
ord1176
ord3204
ord1925
ord3198
ord1271
ord3155
ord1270
ord5911
ord1393
ord6271
ord5210
ord602
ord1920
ord1959
ord347
ord5727
ord2255
ord3678
ord3590
ord5196
ord760
ord572
ord4347
ord774
ord709
ord326
ord501
ord2460
ord2086
ord1582
ord4234
ord6063
ord589
ord330
ord2066
ord3756
ord2121
ord6061
ord1156
ord2361
ord5710
ord3296
ord5633
ord2521
ord5607
ord6056
ord5604
ord6050
ord4155
ord6053
ord5884
ord6033
ord5723
ord5638
ord5643
ord5519
ord5584
ord5410
ord5397
ord5917
ord5715
ord3174
ord5630
ord530
ord722
ord758
ord3983
ord2225
ord5609
ord567
ord502
ord1192
ord1115
ord5829
ord416
ord651
ord1058
ord1555
ord1960
ord1921
ord1719
ord1578
ord3301
ord731
ord2985
ord3395
ord1785
ord4123
ord1784
ord1472
ord1416
ord2155
ord6232
ord4098
ord2651
ord3922
ord730
ord5989
ord5987
ord605
ord1636
ord1577
ord3298
ord6064
ord5791
ord2486
ord2013
ord391
ord2362
ord753
ord563
ord1883
ord1006
ord1939
ord5981
ord3342
ord5053
ord5618
ord899
ord658
ord4314
ord2083
ord1632
ord1562
ord4232
ord2952
ord3224
ord5862
ord3873
ord3875
ord2860
ord2364
ord5851
ord287
ord2151
ord1479
ord6111
ord282
ord2926
ord3990
ord5524
ord860
ord1182
ord1178
ord3644
ord3596
ord3471
ord4126
ord1999
ord1293
ord4125
ord4955
ord4501
ord4940
ord4643
ord4958
ord5047
ord4799
ord4704
ord4790
ord4957
ord4371
ord4370
ord4281
ord2379
ord4510
ord4965
ord4474
ord4523
ord4964
ord4840
ord4495
ord4362
ord4433
ord5043
ord4553
ord4914
ord3734
ord4438
ord4437
ord4784
ord4198
ord4775
ord4383
ord4974
ord4165
ord4172
ord4581
ord4770
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4857
ord4854
ord3968
ord5910
ord1610
ord3338
ord1351
ord1553
ord2711
ord4267
ord648
ord2132
ord410
ord4292
ord4337
ord5147
ord2809
ord777
ord5558
ord4879
ord4788
ord4194
ord4667
ord5202
ord4094
ord2085
ord3238
ord1946
ord1274
ord2413
ord2414
ord2415
ord2412
ord2411
ord4656
ord4929
ord4027
ord4668
ord1220
ord4358
ord2229
ord6140
ord5272
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord5067
ord310
ord4041
ord4042
ord578
ord1154
ord784
ord783
ord3249
ord1202
ord2254
ord5637
ord4117
ord3995
ord3560
ord2871
ord3400
ord657
ord4231
ord1561
ord4093
ord1475
ord1924
ord6262
ord1388
ord3482
ord3043
ord5485
ord6282
ord5316
ord2250
ord1172
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord1022
ord1118
ord6086
ord2366
ord1386
ord2461
ord5398
ord1079
ord2311
ord293
ord314
ord2239
ord3927
ord870
ord776
ord2895
ord265
ord3390
ord280
ord3824
ord1049
ord3629
ord566
ord3327
ord5562
ord4562
ord5222
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord2297
ord384
ord5083
ord317
ord1425
ord1430
ord584
ord629
ord6293
ord5327
ord6299
ord1027
ord5337
ord3508
ord748
ord4237
ord1585
ord1641
ord3577
ord3670
ord587
ord4226
ord1536
ord2077
ord3417
ord4882
ord6116
ord2893
ord591
ord4228
ord1538
ord4092
ord1474
ord1922
ord3424
ord620
ord3157
ord3448
ord6044
ord4755
ord1588
ord2252
ord6251
ord741
ord3570
ord4574
ord5648
ord2368
ord354
ord4032
ord757
ord3677
ord283
ord577
ord266
ord570
ord759
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord2622
ord2365
ord5563
ord5209
ord5226
ord4563
ord3942
ord5223
ord5220
ord2925
ord1911
ord2713
ord4109
ord3752
ord3435
ord3635
ord765
ord315
ord762
ord764
ord2240
ord3589
ord4942
ord1033
ord1197
ord1199
ord1093
ord371
ord1168
ord1170
ord1200
ord1087
ord1162
ord581

msvcr71

_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
memset
isalnum
isspace
_adjust_fdiv
__CppXcptFilter
_initterm
wcslen
swprintf
strncpy
__CxxFrameHandler
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_except_handler3
free
_wcsicmp
_purecall
wcscmp
memmove
wcscpy
wcsrchr
_CIpow
_endthreadex
_beginthreadex
sprintf
localtime
fclose
fprintf
fopen
printf
vsprintf
tolower
isprint
time
srand
rand
_ftime
toupper
fread
strncmp
malloc
wcsncpy
fputwc
_wfopen
_itow
_wtoi
_localtime64
wcscat
wcsstr
wcsftime
_time64
_wtoi64
_waccess
_resetstkoflw
_snprintf
fwrite
fseek

kernel32

lstrcpyW
MulDiv
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrlenA
lstrcatW
GlobalLock
GlobalUnlock
ResetEvent
SetEvent
CreateEventW
MultiByteToWideChar
WinExec
CloseHandle
WaitForSingleObject
GetLastError
GlobalAlloc
GlobalFree
lstrlenW
GetPrivateProfileIntW
WideCharToMultiByte
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
Sleep
GetProcAddress
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
FreeLibrary
GetVersionExA
GetWindowsDirectoryW
GlobalReAlloc
GlobalSize
DeviceIoControl
CreateFileW
GetVersion
ReadFile
GetDriveTypeW
SetFileAttributesW
CreateDirectoryW
WriteFile
GetFileAttributesW
GetSystemTime
DeleteFileW
LocalFree
LocalAlloc
ExitProcess
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
ResumeThread

user32

MoveWindow
DefWindowProcW
RegisterClassExW
LoadImageW
GetSystemMetrics
LoadCursorW
LoadIconW
UpdateWindow
ShowWindow
CreateWindowExW
SetTimer
KillTimer
PtInRect
IsWindowVisible
EnableWindow
SetLayeredWindowAttributes
IsWindow
GetCursorPos
InflateRect
GetParent
LoadBitmapW
GetClientRect
FillRect
InvalidateRect
ReleaseDC
GetDC
GetSysColor
SetWindowLongW
GetWindowLongW
SetRect
OffsetRect
CopyRect
ClientToScreen
GetCapture
GetMenuItemInfoW
GetMenuItemCount
IsRectEmpty
GetMenuItemID
GetSubMenu
GetMenu
GetUpdateRect
GetActiveWindow
SystemParametersInfoW
EnumChildWindows
GetWindowRect
MessageBoxW
GetWindowDC
RedrawWindow
GetWindowInfo
DestroyCursor
GetMessagePos
MessageBeep
EndPaint
BeginPaint
GetPropW
FrameRect
IsWindowEnabled
SetParent
SetPropW
FindWindowExW
RegisterClassW
GetClassNameW
GetNextDlgGroupItem
CallWindowProcW
IntersectRect
RemovePropW
GetScrollInfo
GetClassInfoExW
SetWindowRgn
SetCapture
GetFocus
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
DispatchMessageW
ReleaseCapture
GetMessageW
ScreenToClient
SetWindowPos
GetKeyState
GetDesktopWindow
CreatePopupMenu
AppendMenuW
PostMessageW
DestroyWindow
GetDlgCtrlID
PostThreadMessageW
RegisterHotKey
UnregisterHotKey
UnregisterClassW
SetCursor
SendMessageW

gdi32

SetStretchBltMode
StretchDIBits
StretchBlt
SetDIBColorTable
DeleteDC
GetTextExtentPoint32W
GetDeviceCaps
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetViewportOrgEx
CreateRectRgnIndirect
CreateCompatibleBitmap
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC
GetObjectW
CreateFontIndirectW
GetStockObject
GetTextExtentPointW
CreatePatternBrush
CreateDCW
OffsetRgn
CreateRectRgn
ExtCreateRegion
CombineRgn
ExcludeClipRect
GdiFlush
SetTextColor
CreateSolidBrush
SetBkMode
CreateDIBSection

msimg32

TransparentBlt

advapi32

RegSetValueExW
RegCloseKey
RegQueryValueW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW

shell32

SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderPathW

comctl32

ImageList_Draw
ImageList_GetImageInfo
ImageList_AddMasked
_TrackMouseEvent
ImageList_GetImageCount

shlwapi

PathFileExistsW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoInitialize
CoCreateGuid

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen

gdiplus

GdipDrawRectangleI
GdipSetClipRectI
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipCreateBitmapFromStream
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetPenMode
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdiplusShutdown
GdipMeasureString
GdipDrawString
GdipSetStringFormatFlags
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeletePen
GdipCreatePen1
GdipDrawImageRectRectI
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCloneImage
GdipCloneBrush
GdipDrawImageRectI
GdipDrawImageI
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipDeleteGraphics
GdipDeleteBrush
GdipGetImageHeight
GdipGetImageWidth
GdipFree
GdipAlloc
GdipSetImageAttributesColorKeys
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipDrawRectangle

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

ws2_32

htons
WSACleanup
WSAStartup
inet_addr
shutdown
closesocket
inet_ntoa
recv
send
connect
socket
gethostbyname

netapi32

Netbios

Exports

Exports

CreateUserInfoInterface
DestroyUserInfoInterface
SetMainPath

Sections

.text
Size: 568KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/VideoCapture.dll
.dll windows:4 windows x86 arch:x86

a8638fcc38ef377834e80577f30abd68

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:46:6d:ff:8c:a4:62:8f:dc:2b:bb:54:67:b4:89:03:73:9b:fa:1b
Signer

Actual PE Digest

b0:46:6d:ff:8c:a4:62:8f:dc:2b:bb:54:67:b4:89:03:73:9b:fa:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
lstrlenW
lstrcpynW
lstrcmpW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
ExitProcess
GetVersionExA
FreeLibrary

ole32

CoUninitialize
CoTaskMemAlloc
CoFreeUnusedLibraries
CoTaskMemFree
CoInitialize
CoCreateInstance

oleaut32

OleCreatePropertyFrame

msvcr71

_adjust_fdiv
__CppXcptFilter
__security_error_handler
malloc
_initterm
_onexit
__dllonexit
memset
swprintf
??_U@YAPAXI@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
wcscmp
strstr
wcsncpy
__CxxFrameHandler
_except_handler3
free
??_V@YAXPAX@Z

winmm

timeGetTime

Exports

Exports

CreateVideoCapture
DestroyVideoCapture

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/VideoCodec1.dll
.dll windows:4 windows x86 arch:x86

25a7dddc6585fb86545c4455570f7566

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

44:9f:fb:48:96:f4:90:e2:7c:e1:2f:5f:27:4a:2c:2f:ba:c4:98:4f
Signer

Actual PE Digest

44:9f:fb:48:96:f4:90:e2:7c:e1:2f:5f:27:4a:2c:2f:ba:c4:98:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetLastError
MoveFileA
GetModuleFileNameA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
CloseHandle
RaiseException
LoadLibraryA
ReadFile
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
InterlockedExchange
VirtualQuery
FlushFileBuffers
CreateFileA
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
VirtualProtect
GetSystemInfo
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
DeleteFileA

Exports

Exports

Mfi_Close
Mfi_Init
Mfi_InitYUV
Mfi_Interpolate_one_frame
decode_close
decoder_create
decoder_decode
encoder_close
encoder_create
encoder_encode
setframeinfo
setframequant

Sections

.text
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/VideoDecode2.dll
.dll windows:4 windows x86 arch:x86

a4bacaf55e89f395e2a6d80f0fb45bfb

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

1c:ca:76:df:d4:47:d6:0a:31:10:df:01:dd:81:96:fe:e2:98:0b:a3
Signer

Actual PE Digest

1c:ca:76:df:d4:47:d6:0a:31:10:df:01:dd:81:96:fe:e2:98:0b:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
HeapReAlloc
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
RaiseException
LCMapStringA
MultiByteToWideChar
LCMapStringW
InterlockedExchange
VirtualQuery
InitializeCriticalSection
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
SetFilePointer
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
HeapSize
SetStdHandle
ReadFile

Exports

Exports

decode_close
decoder_create
decoder_decode

Sections

.text
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/VideoEncode2.dll
.dll windows:4 windows x86 arch:x86

3b43ecc47d73f03f9ca67aaf55bcbcc1

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

99:f7:54:8d:3c:47:aa:17:3c:d0:83:a5:0e:fb:a6:08:ba:6d:36:17
Signer

Actual PE Digest

99:f7:54:8d:3c:47:aa:17:3c:d0:83:a5:0e:fb:a6:08:ba:6d:36:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetProcessHeap
SetEndOfFile
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetCurrentThreadId
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
MoveFileA
GetModuleFileNameA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
CloseHandle
SetFilePointer
ReadFile
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileA
GetTickCount
GetCurrentProcessId
DeleteFileA

Exports

Exports

encoder_close
encoder_create
encoder_encode
encoder_open
encoder_setparam
setframeinfo

Sections

.text
Size: 420KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/WebGame/Category.bmp
Dance/WebGame/Config.ini
Dance/data/IllWord.dat
Dance/data/Update.dat
Dance/data/common.dat
Dance/gdiplus.dll
.dll windows:5 windows x86 arch:x86

7941976a82dd7ff8b1a2ea069878fab3

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

86:e5:4b:90:5a:3e:6b:45:71:51:79:be:a8:3a:19:48:1b:1c:a9:1e
Signer

Actual PE Digest

86:e5:4b:90:5a:3e:6b:45:71:51:79:be:a8:3a:19:48:1b:1c:a9:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetOEMCP
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
InterlockedExchange
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
RaiseException
Sleep
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
SetEvent
lstrcmpiA
CreateThread
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleW
GetACP
GetVersionExA
VirtualQuery
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetCommandLineA
GetSystemInfo
HeapReAlloc
HeapFree
VirtualAlloc
IsValidLocale
ConvertDefaultLocale
GetLocaleInfoW
GetModuleFileNameW
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
GetProfileIntA
GetProfileStringA
lstrcmpiW
IsDBCSLeadByteEx
LocalReAlloc
MulDiv
SetLastError
LocalAlloc
LocalFree
GetFileTime
SearchPathW
SearchPathA
InterlockedIncrement
CreateSemaphoreA
lstrcpyW
lstrcatW
LoadLibraryW
lstrcpyA
lstrcatA
GetSystemDirectoryA
CreateFileMappingW
ReleaseSemaphore
GetProfileSectionA
CreateFileW
SetEndOfFile
SetFilePointer
ReadFile
UnlockFile
GetFileInformationByHandle
LockFile
FlushFileBuffers
GetLastError
VirtualFree
GlobalAlloc
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
HeapCreate
GetModuleHandleA
GetSystemDirectoryW
GetWindowsDirectoryA
FreeLibrary
HeapDestroy
LoadLibraryA

user32

ReleaseDC
LoadBitmapW
LoadBitmapA
wsprintfW
SystemParametersInfoA
GetDC
wsprintfA
GetSysColor
UnregisterClassA
DestroyWindow
GetSystemMetrics
DefWindowProcA
CreateWindowExA
RegisterClassA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageA
GetClientRect
GetDesktopWindow
GetWindowRect
WindowFromDC
CreateIconIndirect
GetIconInfo
ClientToScreen
wvsprintfA
GetDCEx
GetWindowLongA
GetClassLongA

gdi32

GetNearestPaletteIndex
GetDIBColorTable
FillRgn
SetMiterLimit
CreateSolidBrush
StrokePath
GetGraphicsMode
SetPolyFillMode
FillPath
StrokeAndFillPath
GetViewportExtEx
ExtTextOutA
GetTextCharsetInfo
TranslateCharsetInfo
PolylineTo
Polyline
LineTo
GetCurrentPositionEx
ArcTo
SetArcDirection
SelectClipPath
GetPath
CloseFigure
AbortPath
FlattenPath
WidenPath
BeginPath
Ellipse
AngleArc
PolyBezierTo
PolyBezier
RoundRect
PolyDraw
Pie
Chord
Arc
EndPath
OffsetClipRgn
GetRgnBox
CombineRgn
SetPaletteEntries
ResizePalette
ExcludeClipRect
MoveToEx
PlayEnhMetaFile
GetWinMetaFileBits
PlgBlt
BitBlt
OffsetViewportOrgEx
StretchBlt
ScaleViewportExtEx
ScaleWindowExtEx
CombineTransform
SetMapperFlags
CreatePen
CreateDIBitmap
CreatePatternBrush
ExtSelectClipRgn
GetBkMode
GetTextAlign
ModifyWorldTransform
ExtCreateRegion
CreateCompatibleBitmap
GetNearestColor
SetStretchBltMode
StretchDIBits
SetTextAlign
SetTextJustification
PolyPolygon
PlayMetaFileRecord
ExtCreatePen
GetWorldTransform
GetROP2
SetROP2
Rectangle
Polygon
IntersectClipRect
SetBrushOrgEx
GetClipRgn
SelectClipRgn
GetBkColor
GetTextColor
CreatePenIndirect
GetObjectW
DPtoLP
CreateDIBPatternBrushPt
ExtTextOutW
SetBitmapBits
CreateEnhMetaFileW
GdiComment
GetMetaFileW
GetMetaFileA
SaveDC
SetWindowOrgEx
SetViewportOrgEx
SetGraphicsMode
SetWorldTransform
GetEnhMetaFileW
GetEnhMetaFileA
GetEnhMetaFileBits
CopyEnhMetaFileA
CopyMetaFileA
DeleteMetaFile
GetEnhMetaFileHeader
SetMetaFileBitsEx
SetEnhMetaFileBits
CreateEnhMetaFileA
SetMapMode
SetViewportExtEx
SetWindowExtEx
PlayMetaFile
CloseEnhMetaFile
DeleteEnhMetaFile
SetMetaRgn
GetMetaFileBitsEx
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
RestoreDC
GetStockObject
CreateBitmap
SetTextColor
SetBkColor
SetBkMode
SetDIBits
CreatePalette
GetSystemPaletteEntries
GetSystemPaletteUse
GetDeviceCaps
ExtEscape
GetObjectType
GetPixel
SetDIBColorTable
DeleteObject
SelectPalette
GetTextFaceA
GetTextMetricsA
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExA
EnumFontFamiliesExW
SelectObject
CreateFontIndirectW
CreateFontIndirectA
GetRegionData
DeleteDC
CreateDCA
CreateICA
CreateRectRgn
GetRandomRgn
LPtoDP
GetWindowExtEx
PolyPolyline
GetWindowOrgEx
GetViewportOrgEx
GetMapMode
SetICMMode
Escape
GetDCOrgEx
GetObjectA
GetCurrentObject
GetDIBits
CreateCompatibleDC
CreateDIBSection
RealizePalette
GetPaletteEntries
GdiFlush
PatBlt
CreateBrushIndirect

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

advapi32

RegSetValueExA
RegCloseKey
RegEnumValueW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExA
RegEnumKeyExW
RegCreateKeyExA
RegQueryValueExW
RegSetValueExW
RegEnumValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix
GdipScalePathGradientTransform
GdipScalePenTransform
GdipScaleTextureTransform
GdipScaleWorldTransform
GdipSetAdjustableArrowCapFillState
GdipSetAdjustableArrowCapHeight
GdipSetAdjustableArrowCapMiddleInset
GdipSetAdjustableArrowCapWidth
GdipSetClipGraphics
GdipSetClipHrgn
GdipSetClipPath
GdipSetClipRect
GdipSetClipRectI
GdipSetClipRegion
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetCustomLineCapBaseCap
GdipSetCustomLineCapBaseInset
GdipSetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeJoin

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/msvcp71.dll
.dll windows:4 windows x86 arch:x86

5e2398adb60a70c7ab04e7cba75a7983

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:11:2f:40:98:0d:40:83:d8:e1:24:44:70:cb:24:fa:a6:7e:f3:49
Signer

Actual PE Digest

1f:11:2f:40:98:0d:40:83:d8:e1:24:44:70:cb:24:fa:a6:7e:f3:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcp71.pdb

Imports

msvcr71

setvbuf
fflush
ungetc
fgetc
fwrite
fputc
_Getdays
_Getmonths
fgetpos
fseek
fsetpos
fclose
__iob_func
fopen
atan2
cos
exp
ldexp
log
pow
sin
sqrt
tan
fgetwc
fputwc
ungetwc
strtol
_errno
_Strftime
strcspn
strtoul
_strtoi64
_strtoui64
sprintf
abort
realloc
setlocale
_CxxThrowException
??0exception@@QAE@XZ
malloc
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__uncaught_exception
towlower
towupper
strcmp
__pctype_func
___lc_codepage_func
___lc_handle_func
_unlock
_lock
___setlc_active_func
___unguarded_readlc_active_add_func
_except_handler3
_local_unwind2
__crtCompareStringA
___lc_collate_cp_func
__crtLCMapStringA
isupper
islower
__crtGetStringTypeW
__crtLCMapStringW
_callnewh
__crtCompareStringW
strtod
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__security_error_handler
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
___mb_cur_max_func
??_V@YAXPAX@Z
??3@YAXPAX@Z
_Gettnames
localeconv
free
memset
memchr
strlen
memcmp
wcslen
memmove
??1exception@@UAE@XZ
memcpy

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocaleInfoA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
DisableThreadLibraryCalls

Exports

Exports

??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??$?5GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?5MDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5MGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5NDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5NGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5ODU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5OGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AA_W@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@PA_W@Z
??$?5_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?6MDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6MGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6NDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6NGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6ODU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6OGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@_W@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8M@std@@YA_NABMABV?$complex@M@0@@Z
??$?8M@std@@YA_NABV?$complex@M@0@0@Z
??$?8M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?8N@std@@YA_NABNABV?$complex@N@0@@Z
??$?8N@std@@YA_NABV?$complex@N@0@0@Z
??$?8N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?8O@std@@YA_NABOABV?$complex@O@0@@Z
??$?8O@std@@YA_NABV?$complex@O@0@0@Z
??$?8O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?9M@std@@YA_NABMABV?$complex@M@0@@Z
??$?9M@std@@YA_NABV?$complex@M@0@0@Z
??$?9M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?9N@std@@YA_NABNABV?$complex@N@0@@Z
??$?9N@std@@YA_NABV?$complex@N@0@0@Z
??$?9N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?9O@std@@YA_NABOABV?$complex@O@0@@Z
??$?9O@std@@YA_NABV?$complex@O@0@0@Z
??$?9O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?DN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?DO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?GM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?GN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?GO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?HN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?HO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_WABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?KN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?KO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$_Fabs@M@std@@YAMABV?$complex@M@0@PAH@Z
??$_Fabs@N@std@@YANABV?$complex@N@0@PAH@Z
??$_Fabs@O@std@@YAOABV?$complex@O@0@PAH@Z
??$abs@M@std@@YAMABV?$complex@M@0@@Z
??$abs@N@std@@YANABV?$complex@N@0@@Z
??$abs@O@std@@YAOABV?$complex@O@0@@Z
??$arg@M@std@@YAMABV?$complex@M@0@@Z
??$arg@N@std@@YANABV?$complex@N@0@@Z
??$arg@O@std@@YAOABV?$complex@O@0@@Z
??$conj@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$conj@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$conj@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cos@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cos@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cos@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cosh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cosh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cosh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$exp@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$exp@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$exp@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@G@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_W@Z
??$imag@M@std@@YAMABV?$complex@M@0@@Z
??$imag@N@std@@YANABV?$complex@N@0@@Z
??$imag@O@std@@YAOABV?$complex@O@0@@Z
??$log10@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log10@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log10@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$log@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$norm@M@std@@YAMABV?$complex@M@0@@Z
??$norm@N@std@@YANABV?$complex@N@0@@Z
??$norm@O@std@@YAOABV?$complex@O@0@@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM0@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN0@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO0@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@H@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@H@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@H@Z
??$real@M@std@@YAMABV?$complex@M@0@@Z
??$real@N@std@@YANABV?$complex@N@0@@Z
??$real@O@std@@YAOABV?$complex@O@0@@Z
??$sin@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sin@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sin@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sinh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sinh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sinh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sqrt@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sqrt@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sqrt@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tan@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tan@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tan@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tanh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tanh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tanh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??0?$_Complex_base@MU_C_float_complex@@@std@@QAE@ABM0@Z
??0?$_Complex_base@NU_C_double_complex@@@std@@QAE@ABN0@Z
??0?$_Complex_base@OU_C_ldouble_complex@@@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$_Mpunct@_W@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@_W@std@@QAE@I_N@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@IAE@V?$allocator@G@1@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@QAE@ABV01@@Z
??0?$allocator@X@std@@QAE@ABV01@@Z
??0?$allocator@X@std@@QAE@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@Vconst_iterator@01@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@Vconst_iterator@01@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@IIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@Vconst_iterator@01@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$collate@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@_W@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABU_C_float_complex@@@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABU_C_double_complex@@@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$messages@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@_W@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$moneypunct@_W$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@_W$00@std@@QAE@I@Z
??0?$moneypunct@_W$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@_W$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$numpunct@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@D@std@@QAE@I@Z
??0?$numpunct@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@G@std@@QAE@I@Z
??0?$numpunct@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@_W@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Locimp@locale@std@@AAE@ABV012@@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0_Lockit@std@@QAE@XZ
??0_Mutex@std@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_UShinit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0facet@locale@std@@IAE@I@Z
??0id@locale@std@@QAE@I@Z
??0ios_base@std@@IAE@XZ
??0ios_base@std@@QAE@ABV01@@Z
??0locale@std@@AAE@PAV_Locimp@01@@Z
??0locale@std@@QAE@ABV01@0H@Z
??0locale@std@@QAE@ABV01@@Z
??0locale@std@@QAE@ABV01@PBDH@Z
??0locale@std@@QAE@PBDH@Z

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dance/msvcr71.dll
.dll windows:4 windows x86 arch:x86

7acc8c379c768a1ecd81ec502ff5f33e

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=北京八度互联科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京八度互联科技有限公司,L=海淀区,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

33:bb:cc:f6:32:62:76:b4:13:a1:ec:ed:1b:f7:84:2a:6d:1d:da:07
Signer

Actual PE Digest

33:bb:cc:f6:32:62:76:b4:13:a1:ec:ed:1b:f7:84:2a:6d:1d:da:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr71.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapAlloc
HeapFree
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
InitializeCriticalSection
RtlUnwind
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
InterlockedExchange
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapSize
VirtualProtect
GetSystemInfo
FlushFileBuffers
SetFilePointer
SetStdHandle
CompareStringA
CompareStringW
Sleep
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
IsDBCSLeadByteEx
GetConsoleCP
ReadConsoleW
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@AAE@PBQBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_Fbad_cast@@QAEXXZ
??_Fbad_typeid@@QAEXXZ
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPAGIPBGPAD@Z
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CppXcptFilter
__CxxCallUnwindDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__buffer_overrun
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__security_error_handler
__set_app_type
__set_buffer_overrun_handler
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__uncaught_exception
__unguarded_readlc_active
__wargv
__wcserror
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_realloc
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_cgetws
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_cputws
_creat
_cscanf
_ctime64
_cwait
_cwprintf
_cwscanf
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime64
_ftol
_fullpath
_futime
_futime64
_gcvt
_get_heap_handle
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwch
_getwche
_getws
_global_unwind2
_gmtime64
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_localtime64
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_mktime64
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osplatform
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putwch
_putws
_pwctype
_read
_resetstkoflw
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_scprintf
_scwprintf
_searchenv
_seh_longjmp_unwind
_set_SSE2_enable
_set_error_mode
_set_purecall_handler
_set_sbh_threshold
_set_security_error_handler
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snscanf
_snwprintf
_snwscanf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst9.exe.nsis

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

b0:92:0e:bc:db:bf:ef:69:0f:39:28:fb:60:58:83:f4Certificate

Extended Key Usages

Key Usages

7b:12:cc:68:37:9a:71:2d:9d:0d:59:50:ce:51:4d:e7:b0:bc:ba:54Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 32KB - Virtual size: 32KB

0843fc35a546e4ff989f2c0b0f345e69

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81Certificate

Extended Key Usages

Key Usages

2c:d1:34:0c:85:dc:25:53:6c:c8:40:10:d4:da:f9:1d:2b:e2:43:d8Signer

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

netapi32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 20KB - Virtual size: 18KB

.reloc Size: 8KB - Virtual size: 6KB

eedec5ce5c99c872622f21ddf098d820

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81Certificate

Extended Key Usages

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

b0:92:0e:bc:db:bf:ef:69:0f:39:28:fb:60:58:83:f4
Certificate

7b:12:cc:68:37:9a:71:2d:9d:0d:59:50:ce:51:4d:e7:b0:bc:ba:54
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 32KB - Virtual size: 32KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

2c:d1:34:0c:85:dc:25:53:6c:c8:40:10:d4:da:f9:1d:2b:e2:43:d8
Signer

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 20KB - Virtual size: 18KB

.reloc
Size: 8KB - Virtual size: 6KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

3c:6a:fe:fe:23:7d:81:37:b6:ab:b1:fc:51:88:db:81
Certificate

d3:13:10:91:50:54:32:70:c7:f3:9f:f8:08:da:bb:b9:53:0d:f0:b2
Signer

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 432B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 518B