CMD_Virus_Scanner[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

CMD_Virus_Scanner.zip
Size

10.9MB
MD5

e90493df65860c28326493cb75ba98d5
SHA1

50a1350edbac0abc39893a4aea9242989499b803
SHA256

cf14f161eb88ee51f4fbb95e6dee683f430c7986f9f83869fbe337ee826f7c57
SHA512

f36beef3286a2731b3045ae34179203ff4d1e02de56db2b597187bb1072d8456abdde8613d38e0db8bf34111e30d7f1d28ff1b7aed0c533c8e9cc826c64d1b89
SSDEEP

196608:Rjfe2bEuZMAHsD1XJTQbGQ1nT2kZY4/Rs1QbP4MoA63cDyqHENZgwhEfW:x2zWsDpJTENTS45tAMCMDNcZgRO

Score

3^/10

Malware Config

Signatures

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CMD_Virus_Scanner/Handler/clambc.exe
unpack001/CMD_Virus_Scanner/Handler/clamconf.exe
unpack001/CMD_Virus_Scanner/Handler/clamd.exe
unpack001/CMD_Virus_Scanner/Handler/clamdscan.exe
unpack001/CMD_Virus_Scanner/Handler/clamdtop.exe
unpack001/CMD_Virus_Scanner/Handler/clamscan.exe
unpack001/CMD_Virus_Scanner/Handler/clamsubmit.exe
unpack001/CMD_Virus_Scanner/Handler/freshclam.exe
unpack001/CMD_Virus_Scanner/Handler/json-c.dll
unpack001/CMD_Virus_Scanner/Handler/libbz2.dll
unpack001/CMD_Virus_Scanner/Handler/libclamav.dll
unpack001/CMD_Virus_Scanner/Handler/libclammspack.dll
unpack001/CMD_Virus_Scanner/Handler/libclamunrar.dll
unpack001/CMD_Virus_Scanner/Handler/libclamunrar_iface.dll
unpack001/CMD_Virus_Scanner/Handler/libcrypto-1_1.dll
unpack001/CMD_Virus_Scanner/Handler/libcurl.dll
unpack001/CMD_Virus_Scanner/Handler/libfreshclam.dll
unpack001/CMD_Virus_Scanner/Handler/libssh2.dll
unpack001/CMD_Virus_Scanner/Handler/libssl-1_1.dll
unpack001/CMD_Virus_Scanner/Handler/libxml2.dll
unpack001/CMD_Virus_Scanner/Handler/nghttp2.dll
unpack001/CMD_Virus_Scanner/Handler/pcre2-8.dll
unpack001/CMD_Virus_Scanner/Handler/pdcurses.dll
unpack001/CMD_Virus_Scanner/Handler/pthreadvc3.dll
unpack001/CMD_Virus_Scanner/Handler/sigtool.exe

Files

CMD_Virus_Scanner.zip
.zip
CMD_Virus_Scanner/Handler/COPYING.txt
CMD_Virus_Scanner/Handler/COPYING/COPYING.LGPL
CMD_Virus_Scanner/Handler/COPYING/COPYING.YARA
CMD_Virus_Scanner/Handler/COPYING/COPYING.bzip2
CMD_Virus_Scanner/Handler/COPYING/COPYING.curl
CMD_Virus_Scanner/Handler/COPYING/COPYING.file
CMD_Virus_Scanner/Handler/COPYING/COPYING.getopt
CMD_Virus_Scanner/Handler/COPYING/COPYING.llvm
CMD_Virus_Scanner/Handler/COPYING/COPYING.lzma
CMD_Virus_Scanner/Handler/COPYING/COPYING.pcre
CMD_Virus_Scanner/Handler/COPYING/COPYING.regex
CMD_Virus_Scanner/Handler/COPYING/COPYING.unrar
CMD_Virus_Scanner/Handler/COPYING/COPYING.zlib
CMD_Virus_Scanner/Handler/NEWS.md
CMD_Virus_Scanner/Handler/README.md
CMD_Virus_Scanner/Handler/UserManual/404.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/FontAwesome/css/font-awesome.css
CMD_Virus_Scanner/Handler/UserManual/FontAwesome/fonts/FontAwesome.ttf
CMD_Virus_Scanner/Handler/UserManual/FontAwesome/fonts/fontawesome-webfont.eot
CMD_Virus_Scanner/Handler/UserManual/FontAwesome/fonts/fontawesome-webfont.svg
.xml
CMD_Virus_Scanner/Handler/UserManual/FontAwesome/fonts/fontawesome-webfont.ttf
CMD_Virus_Scanner/Handler/UserManual/FontAwesome/fonts/fontawesome-webfont.woff
CMD_Virus_Scanner/Handler/UserManual/FontAwesome/fonts/fontawesome-webfont.woff2
CMD_Virus_Scanner/Handler/UserManual/Introduction.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/ace.js
.js
CMD_Virus_Scanner/Handler/UserManual/appendix/Appendix.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/appendix/Authenticode.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/appendix/CvdPrivateMirror.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/appendix/FileTypes.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/appendix/FunctionalityLevels.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/appendix/Terminology.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/ayu-highlight.css
CMD_Virus_Scanner/Handler/UserManual/book.js
.js
CMD_Virus_Scanner/Handler/UserManual/clipboard.min.js
.js
CMD_Virus_Scanner/Handler/UserManual/community_resources/CommunityResources.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/community_resources/CompileClamAV_AmazonLinux2.txt
CMD_Virus_Scanner/Handler/UserManual/css/chrome.css
CMD_Virus_Scanner/Handler/UserManual/css/general.css
CMD_Virus_Scanner/Handler/UserManual/css/print.css
CMD_Virus_Scanner/Handler/UserManual/css/variables.css
CMD_Virus_Scanner/Handler/UserManual/editor.js
.js
CMD_Virus_Scanner/Handler/UserManual/elasticlunr.min.js
.js
CMD_Virus_Scanner/Handler/UserManual/faq/faq-cvd.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-eol.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-freshclam.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-ignore.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-misc.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-ml.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-pua.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-rust.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-safebrowsing.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-scan-alerts.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-troubleshoot.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-uninstall.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-upgrade.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-whichversion.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq-win32.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/faq/faq.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/favicon.png
.png
CMD_Virus_Scanner/Handler/UserManual/fonts/OPEN-SANS-LICENSE.txt
CMD_Virus_Scanner/Handler/UserManual/fonts/SOURCE-CODE-PRO-LICENSE.txt
CMD_Virus_Scanner/Handler/UserManual/fonts/fonts.css
CMD_Virus_Scanner/Handler/UserManual/fonts/open-sans-v17-all-charsets-300.woff2
CMD_Virus_Scanner/Handler/UserManual/fonts/open-sans-v17-all-charsets-300italic.woff2
CMD_Virus_Scanner/Handler/UserManual/fonts/open-sans-v17-all-charsets-600.woff2
CMD_Virus_Scanner/Handler/UserManual/fonts/open-sans-v17-all-charsets-600italic.woff2
CMD_Virus_Scanner/Handler/UserManual/fonts/open-sans-v17-all-charsets-700.woff2
CMD_Virus_Scanner/Handler/UserManual/fonts/open-sans-v17-all-charsets-700italic.woff2
CMD_Virus_Scanner/Handler/UserManual/fonts/open-sans-v17-all-charsets-800.woff2
CMD_Virus_Scanner/Handler/UserManual/fonts/open-sans-v17-all-charsets-800italic.woff2
CMD_Virus_Scanner/Handler/UserManual/fonts/open-sans-v17-all-charsets-italic.woff2
CMD_Virus_Scanner/Handler/UserManual/fonts/open-sans-v17-all-charsets-regular.woff2
CMD_Virus_Scanner/Handler/UserManual/fonts/source-code-pro-v11-all-charsets-500.woff2
CMD_Virus_Scanner/Handler/UserManual/highlight.css
CMD_Virus_Scanner/Handler/UserManual/highlight.js
.js
CMD_Virus_Scanner/Handler/UserManual/images/change-fork-name.png
.png
CMD_Virus_Scanner/Handler/UserManual/images/cisco.png
.png
CMD_Virus_Scanner/Handler/UserManual/images/clone-your-fork.png
.png
CMD_Virus_Scanner/Handler/UserManual/images/create-a-fork.png
.png
CMD_Virus_Scanner/Handler/UserManual/images/demon.png
.png
CMD_Virus_Scanner/Handler/UserManual/images/flamegraph.svg
.js .xml polyglot
CMD_Virus_Scanner/Handler/UserManual/images/fork-is-behind.png
.png
CMD_Virus_Scanner/Handler/UserManual/images/logo.png
.png
CMD_Virus_Scanner/Handler/UserManual/images/new-git-workflow.png
.png
CMD_Virus_Scanner/Handler/UserManual/images/old-git-workflow.png
.png
CMD_Virus_Scanner/Handler/UserManual/index.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Development.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Development/Contribute.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Development/build-installer-packages.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Development/clamav-git-work-flow.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Development/code-coverage.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Development/development-builds.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Development/fuzzing-sanitizers.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Development/github-pr-basics.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Development/libclamav.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Development/performance-profiling.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Development/personal-forks.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Development/testing-pull-requests.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Development/tips-and-tricks.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Installing.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Installing/Add-clamav-user.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Installing/Community-projects.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Installing/Docker.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Installing/Installing-from-source-Unix-old.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Installing/Installing-from-source-Unix.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Installing/Installing-from-source-Windows.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Installing/Packages.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/OnAccess.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/AllowLists.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/AuthenticodeRules.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/BodySignatureFormat.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/BytecodeSignatures.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/ContainerMetadata.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/DatabaseInfo.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/DynamicConfig.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/EncryptedArchives.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/ExtendedSignatures.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/FileTypeMagic.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/HashSignatures.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/LogicalSignatures.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/PhishSigs.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/SignatureNames.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Signatures/YaraRules.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Usage.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Usage/Configuration.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Usage/ReportABug.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Usage/Scanning.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Usage/Services.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/manual/Usage/SignatureManagement.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/mark.min.js
.js
CMD_Virus_Scanner/Handler/UserManual/mode-rust.js
.js
CMD_Virus_Scanner/Handler/UserManual/print.html
.html .js polyglot
CMD_Virus_Scanner/Handler/UserManual/searcher.js
.js
CMD_Virus_Scanner/Handler/UserManual/searchindex.js
CMD_Virus_Scanner/Handler/UserManual/searchindex.json
CMD_Virus_Scanner/Handler/UserManual/theme-dawn.js
.js
CMD_Virus_Scanner/Handler/UserManual/theme-tomorrow_night.js
.js
CMD_Virus_Scanner/Handler/UserManual/tomorrow-night.css
CMD_Virus_Scanner/Handler/clamav.lib
CMD_Virus_Scanner/Handler/clambc.exe
.exe windows:6 windows x86 arch:x86

d3267c4121dfbe75b1ff6ec6b5f5cc23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libclamav

cli_bytecode_context_alloc
cli_bytecode_context_setfuncid
cli_bytecode_context_setparam_int
cli_bytecode_context_setfile
cli_bytecode_context_getresult_int
cli_bytecode_context_destroy
cli_bytecode_init
cli_bytecode_load
cli_bytecode_prepare2
cli_bytecode_run
cli_bytecode_destroy
cli_bytecode_done
cli_bytecode_describe
cli_bytetype_describe
cli_bytevalue_describe
cli_bytefunc_describe
cli_bytecode_debug
cli_bytecode_printversion
cli_bytecode_debug_printsrc
cli_bytecode_context_set_trace
cli_calloc
cli_regcomp
cli_regexec
cli_regfree
cl_retflevel
cl_init
fmap
cl_strerror
cl_engine_free
cl_engine_compile
cl_engine_new
cl_debug

bcrypt

BCryptGenRandom

kernel32

IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
GetFileAttributesExW
WideCharToMultiByte
GetCommandLineA
WriteConsoleW
GetConsoleMode
GetSystemTimeAsFileTime
FormatMessageW
GetModuleHandleW
FindFirstFileW
FindNextFileW
GetModuleHandleA
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
AcquireSRWLockShared
HeapReAlloc
TlsAlloc
HeapFree
HeapAlloc
lstrcmpiA
GetModuleFileNameA
CloseHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
FindClose
ReleaseSRWLockShared
GetLastError
TlsSetValue
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCommandLineW
GetStdHandle
GetCurrentProcessId
WaitForSingleObject
TerminateProcess
QueryPerformanceCounter
TlsGetValue
GetProcessHeap

advapi32

RegCloseKey
RegQueryValueExA
SystemFunction036
RegOpenKeyExA

vcruntime140

strrchr
__CxxFrameHandler3
memcmp
memmove
strchr
wcsrchr
wcsstr
_except_handler4_common
memset
_CxxThrowException
memcpy

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_exit
_errno
_crt_atexit
_register_onexit_function
_initialize_onexit_table
__p___argv
_cexit
_c_exit
_initterm_e
_initterm
exit
_register_thread_local_exe_atexit_callback
terminate
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_exe
_set_app_type
__p___argc

api-ms-win-crt-stdio-l1-1-0

_setmode
__stdio_common_vfprintf
putc
fgets
fread
fopen
_fileno
fclose
__acrt_iob_func
fseek
_set_fmode
_open
_close
__stdio_common_vsprintf
__p__commode

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_set_new_mode
free
calloc

api-ms-win-crt-convert-l1-1-0

atoi
strtoul

api-ms-win-crt-string-l1-1-0

wcsncat
wcsncpy
_strnicmp
wcsncmp
_strdup
strncmp
strpbrk
strncpy

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/clamconf.exe
.exe windows:6 windows x86 arch:x86

b21e9ce2e216c87b4d511189271525d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libclamav

cl_cvdhead
cl_retdbdir
cli_regfree
cli_regexec
cli_regcomp
have_rar
cli_printcxxver
have_clamjit
cli_detect_environment
cli_strtokenize
cli_strbcasestr
cl_retver
cl_retflevel
cl_cvdfree
cl_init

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
InitializeSListHead
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleFileNameA
lstrcmpiA
GetCurrentDirectoryW
CreateFileA
GetFileAttributesExW
CloseHandle
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCommandLineW
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

vcruntime140

_except_handler4_common
memmove
strchr
strrchr
memcpy
memset
wcsrchr
wcsstr

api-ms-win-crt-string-l1-1-0

wcsncat
_strdup
_strnicmp
wcsncpy
wcsncmp
strpbrk
strncpy
strncmp

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__acrt_iob_func
fclose
fgets
__p__commode
_fileno
__stdio_common_vfprintf
_setmode
__stdio_common_vsprintf
fopen

api-ms-win-crt-heap-l1-1-0

malloc
realloc
calloc
_set_new_mode
free

api-ms-win-crt-time-l1-1-0

_ctime64

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_errno
_controlfp_s
_register_onexit_function
_set_errno
_crt_atexit
__p___argc
_register_thread_local_exe_atexit_callback
_c_exit
_seh_filter_exe
_set_app_type
terminate
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_cexit
__p___argv

api-ms-win-crt-convert-l1-1-0

atoi
strtoul

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/clamd.exe
.exe windows:6 windows x86 arch:x86

1a7e97a0bab395e92cd911a5c478f243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libclamav

cli_get_filepath_from_filedesc
cli_realpath
cl_engine_get_num
cli_strerror
cl_engine_compile
cli_gentempfd
cli_ctime
cl_strerror
cl_engine_settings_copy
cl_engine_settings_apply
cl_engine_settings_free
cl_engine_addref
cl_scandesc_callback
cl_statfree
cli_chomp
cli_unlink
cli_writen
cl_engine_set_clcb_virus_found
cl_retver
cli_ftw
mpool_getstats
cli_regcomp
cli_regexec
cli_regfree
cl_retdbdir
cl_debug
cl_cvdhead
cl_cvdfree
cl_retflevel
cl_init
cl_statchkdir
cl_statinidir
cl_load
cl_engine_set_clcb_hash
cl_set_clcb_msg
cl_engine_new
cl_engine_set_clcb_sigload
cl_engine_set_num
cl_engine_free
cl_scanfile_callback
cl_engine_set_str

pthreadvc3

pthread_mutex_lock
pthread_mutex_unlock
pthread_attr_init
pthread_attr_destroy
pthread_attr_setdetachstate
pthread_create
pthread_join
pthread_mutex_destroy
pthread_cond_destroy
pthread_cond_wait
pthread_cond_signal
pthread_once
pthread_setspecific
pthread_cond_broadcast
pthread_cond_timedwait
pthread_cond_init
pthread_mutex_init
pthread_getspecific
pthread_key_create

wsock32

getpeername
inet_addr
listen
recv
select
inet_ntoa
setsockopt
shutdown
socket
WSAGetLastError
closesocket
bind
send
accept
ntohs
ntohl

ws2_32

getaddrinfo
WSAEventSelect
WSAEnumNetworkEvents
freeaddrinfo

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
FindClose
FindNextFileW
FindFirstFileW
GetModuleHandleW
GetFileAttributesExW
CreateFileA
GetCurrentDirectoryW
GetCommandLineW
GetCommandLineA
RegisterWaitForSingleObject
UnregisterWaitEx
WaitForMultipleObjects
Sleep
SetConsoleCtrlHandler
CreateThread
WaitForSingleObject
lstrcmpiA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
MoveFileA
GetLastError
CreateEventA
ResetEvent
SetEvent
CloseHandle
GetCurrentProcessId

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ChangeServiceConfig2A
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

vcruntime140

_except_handler4_common
wcsstr
wcsrchr
memset
memcpy
strrchr
strchr
memmove
memchr

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
__p___argc
_register_onexit_function
__p___argv
_set_app_type
_seh_filter_exe
_crt_atexit
_set_errno
_cexit
_exit
_c_exit
_register_thread_local_exe_atexit_callback
exit
_initialize_onexit_table
_configure_narrow_argv
_initterm_e
_controlfp_s
_errno

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
_close
fflush
__p__commode
_set_fmode
__acrt_iob_func
fclose
_fileno
fopen
__stdio_common_vfprintf
_chsize
fgets
_setmode

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
realloc
calloc
free

api-ms-win-crt-time-l1-1-0

_ctime64
_localtime64_s
_ftime64_s
_time64
strftime

api-ms-win-crt-string-l1-1-0

wcsncpy
strncpy
strpbrk
wcsncat
strncmp
_strdup
wcsncmp
_strnicmp

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32
_umask
_unlink

api-ms-win-crt-convert-l1-1-0

atoi
strtoul

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/clamdscan.exe
.exe windows:6 windows x86 arch:x86

5e8214cad456e909d7d1c8746d0a3915

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libclamav

cl_scandesc
cli_basename
cli_strtokenize
cli_malloc
cli_gentemp
cli_strntoul
cli_strdup
cli_realpath
cli_ftw
cli_regfree
cli_regexec
cli_regcomp
cli_ctime

pthreadvc3

pthread_mutex_lock
pthread_mutex_unlock

wsock32

connect
closesocket
bind
htonl
__WSAFDIsSet
htons
WSAGetLastError
socket
send
select
recv

ws2_32

getaddrinfo
freeaddrinfo

kernel32

GetCurrentThreadId
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
FindNextFileW
GetFileAttributesExW
GetCurrentDirectoryW
GetCommandLineW
GetCommandLineA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
K32GetModuleInformation
K32GetModuleFileNameExA
K32GetModuleBaseNameA
K32EnumProcessModules
K32EnumProcesses
Module32Next
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
IsBadWritePtr
IsBadReadPtr
FreeLibrary
ReadProcessMemory
Sleep
GetLastError
MoveFileA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrcmpiA
CopyFileA
SetFileInformationByHandle
CloseHandle
GetProcAddress
LoadLibraryA
GetFileInformationByHandleEx
ExpandEnvironmentStringsA
CreateFileA
DeleteFileA
FindClose
FindFirstFileW
WriteFile
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
CreateRemoteThread
OpenProcess

advapi32

OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey

vcruntime140

strchr
strrchr
memcpy
memchr
memmove
_except_handler4_common
wcsstr
wcsrchr
memset

api-ms-win-crt-stdio-l1-1-0

_wopen
__p__commode
fgets
fopen
fflush
fclose
__stdio_common_vsprintf
_getcwd
_setmode
__stdio_common_vfprintf
__acrt_iob_func
_close
_open
_read
_set_fmode
_open_osfhandle
_fileno

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_initialize_narrow_environment
__p___argv
_initterm
_initterm_e
_seh_filter_exe
_cexit
_controlfp_s
_exit
_crt_atexit
_register_thread_local_exe_atexit_callback
__p___argc
_register_onexit_function
_initialize_onexit_table
terminate
_errno
_configure_narrow_argv
_c_exit
exit
_get_initial_narrow_environment

api-ms-win-crt-time-l1-1-0

_localtime64_s
_ftime64_s
_time64
strftime

api-ms-win-crt-string-l1-1-0

wcsncmp
wcsncat
wcsncpy
isprint
strncat
_stricmp
_wcsdup
_strnicmp
strpbrk
strncmp
strncpy
_strdup

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
realloc
malloc
free

api-ms-win-crt-filesystem-l1-1-0

_umask
_fstat64i32

api-ms-win-crt-convert-l1-1-0

atoi
strtoul

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr
_libm_sse2_log_precise

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/clamdtop.exe
.exe windows:6 windows x86 arch:x86

b1b05c5bf2a0e697424eeccd688109a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pdcurses

getmaxx
getmaxy
getcurx
getcury
use_default_colors
stdscr
curs_set
wrefresh
wprintw
wgetch
werase
wbkgd
wattrset
wattron
wattroff
waddch
subwin
start_color
refresh
nonl
noecho
touchwin
newterm
mvwprintw
mvwaddch
move
keypad
init_pair
halfdelay
endwin
derwin
delwin
delscreen
box

libclamav

cli_regfree
cli_regexec
cli_regcomp

wsock32

socket
setsockopt
send
WSAStartup
recv
connect
closesocket
WSAGetLastError

ws2_32

getaddrinfo
freeaddrinfo

kernel32

QueryPerformanceCounter
GetModuleHandleW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcmpiA
InitializeSListHead
GetCommandLineA
FindNextFileW
FindFirstFileW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetCurrentDirectoryW
WideCharToMultiByte
GetCommandLineW
GetModuleFileNameA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

vcruntime140

strrchr
strstr
memchr
memcpy
strchr
memmove
wcsrchr
wcsstr
_except_handler4_common
memset

api-ms-win-crt-string-l1-1-0

_strdup
strncmp
strncpy
isspace
_strnicmp
tolower
strpbrk
toupper
wcsncmp
wcsncat
wcsncpy
isdigit

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_get_initial_narrow_environment
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initterm
_configure_narrow_argv
__p___argv
_c_exit
_errno
_initterm_e
terminate
_controlfp_s
_wassert
exit
perror
_exit
_initialize_narrow_environment
__p___argc
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
puts
__p__commode
fputc
_setmode
__stdio_common_vsprintf
__stdio_common_vsscanf
_fileno
__acrt_iob_func
fclose
fgets
fopen
_set_fmode

api-ms-win-crt-heap-l1-1-0

realloc
calloc
_set_new_mode
free
malloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
_ctime64
_ftime64_s

api-ms-win-crt-convert-l1-1-0

strtoul
atoi

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/clammspack.lib
CMD_Virus_Scanner/Handler/clamscan.exe
.exe windows:6 windows x86 arch:x86

c6c8f90ced0a1c42d8d6bad17e20a70d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libclamav

cli_gettmpdir
cli_gentemp
cli_realpath
cli_pcre_perf_print
cli_pcre_perf_events_destroy
cl_engine_set_clcb_engine_compile_progress
cli_regcomp
cli_regexec
cli_regfree
cli_sigperf_events_destroy
cl_cvdhead
cl_cvdfree
cl_retflevel
cli_ctime
cl_engine_set_clcb_sigload_progress
cli_strtokenize
cl_engine_set_clcb_virus_found
cl_engine_set_clcb_post_scan
cl_engine_set_clcb_pre_cache
cli_basename
cli_sigperf_print
cl_engine_set_clcb_meta
cl_strerror
cl_load
cl_retdbdir
cl_scanfile_callback
cl_scandesc_callback
cl_scandesc
cli_malloc
cl_always_gen_section_hash
cl_initialize_crypto
cl_init
cl_engine_new
cl_engine_free
cl_engine_compile
cl_engine_get_str
cl_engine_set_str
cl_engine_set_num
cl_debug

pthreadvc3

pthread_mutex_lock
pthread_mutex_unlock

wsock32

connect
closesocket
htonl
WSAGetLastError
socket
send
recv

ws2_32

getaddrinfo
freeaddrinfo

kernel32

GetCurrentThreadId
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
GetModuleHandleW
FindNextFileW
GetFileAttributesExW
GetCurrentDirectoryW
GetCommandLineW
GetCommandLineA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
K32GetModuleInformation
K32GetModuleFileNameExA
K32GetModuleBaseNameA
K32EnumProcessModules
K32EnumProcesses
Module32Next
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
IsBadWritePtr
IsBadReadPtr
FreeLibrary
ReadProcessMemory
OpenProcess
CreateRemoteThread
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
WaitForSingleObject
WriteFile
FindFirstFileW
FindClose
DeleteFileA
CreateFileA
ExpandEnvironmentStringsA
GetFileInformationByHandleEx
LoadLibraryA
GetProcAddress
CloseHandle
SetFileInformationByHandle
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiA
GetModuleFileNameA
CopyFileA
GetLastError
MoveFileA

advapi32

RegCloseKey
RegQueryValueExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegOpenKeyExA

vcruntime140

_except_handler4_common
wcsstr
memmove
memcpy
strchr
strrchr
memset
wcsrchr
memchr

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsprintf
fread
fopen
fflush
fclose
__p__commode
_close
fgets
_isatty
fwrite
_getcwd
__acrt_iob_func
_wopen
_fileno
_open
_open_osfhandle
_read
_setmode
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_seh_filter_exe
_register_onexit_function
_crt_atexit
_set_errno
exit
_set_app_type
_controlfp_s
terminate
_errno
_get_initial_narrow_environment
_initialize_onexit_table
_configure_narrow_argv
_initterm
perror

api-ms-win-crt-time-l1-1-0

strftime
_ctime64
_localtime64_s
_ftime64_s
_time64

api-ms-win-crt-string-l1-1-0

_wcsdup
strncat
wcsncmp
wcsncat
wcsncpy
_strnicmp
_stricmp
strncmp
strpbrk
_strdup
strncpy
isprint

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
calloc
realloc

api-ms-win-crt-math-l1-1-0

__setusermatherr
_libm_sse2_log_precise
_except1
round

api-ms-win-crt-convert-l1-1-0

atoi
strtoul

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_unlink
_umask

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/clamsubmit.exe
.exe windows:6 windows x86 arch:x86

2906ad89fc882f26bd4f6cd697f8322b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

json-c

json_object_get_string
json_object_object_get_ex
json_tokener_parse
json_object_put

libcurl

curl_easy_cleanup
curl_easy_perform
curl_easy_setopt
curl_easy_getinfo
curl_easy_strerror
curl_easy_init
curl_formadd
curl_slist_free_all
curl_slist_append
curl_global_cleanup
curl_global_init
curl_formfree

libclamav

cl_cvdfree
cli_ctime
cli_regfree
cli_gentemp
cl_cvdhead
cli_regcomp
cli_regexec
cl_retdbdir

pthreadvc3

pthread_mutex_lock
pthread_mutex_unlock

libssl-1_1

SSL_CTX_get_cert_store

libcrypto-1_1

X509_NAME_print_ex
d2i_X509
X509_cmp
ERR_get_error
X509_get_subject_name
X509_free
X509_dup
X509_STORE_add_cert
BIO_new
BIO_s_mem
BIO_ctrl
ERR_error_string
BIO_free

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreA
CertGetNameStringA
CertFreeCertificateContext
CertCloseStore

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
FindFirstFileW
FindClose
GetSystemTimeAsFileTime
CloseHandle
GetFileAttributesExW
CreateFileA
GetCurrentDirectoryW
GetCommandLineW
GetCommandLineA
lstrcmpiA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
MoveFileA
GetLastError
TerminateProcess
InitializeSListHead
IsDebuggerPresent
FindNextFileW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

vcruntime140

strchr
strstr
memcpy
memset
strrchr
memmove
wcsrchr
wcsstr
_except_handler4_common

api-ms-win-crt-string-l1-1-0

_strdup
wcsncpy
strpbrk
strncmp
_strnicmp
strncpy
wcsncat
wcsncmp

api-ms-win-crt-stdio-l1-1-0

fopen
__stdio_common_vfprintf
__stdio_common_vsprintf
_fileno
feof
fclose
__acrt_iob_func
_setmode
fread
fgets
_set_fmode
__p__commode
fwrite
fflush

api-ms-win-crt-filesystem-l1-1-0

_umask
remove

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
malloc
realloc
free

api-ms-win-crt-runtime-l1-1-0

_exit
_errno
terminate
_initterm_e
_seh_filter_exe
_set_app_type
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_initialize_narrow_environment
_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argc
exit
_get_initial_narrow_environment
_set_errno
__p___argv
_initterm

api-ms-win-crt-time-l1-1-0

_time64
_ctime64
_localtime64_s
strftime

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

strtoul
atoi

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/clamunrar.lib
CMD_Virus_Scanner/Handler/clamunrar_iface.lib
CMD_Virus_Scanner/Handler/concrt140.dll
.dll windows:6 windows x86 arch:x86

a7f0e297dae66d5b73188a236ad0ae0f

Code Sign

33:00:00:01:0b:bf:86:a4:4e:62:8e:e7:04:00:00:00:00:01:0b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:A240-4B82-130E,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b0:eb:3e:e7:8d:6a:d6:92:19:93:50:07:f4:f3:78:85:8b:0b:17:76:bf:6e:65:fa:61:b8:21:e3:09:0a:9d:e8
Signer

Actual PE Digest

b0:eb:3e:e7:8d:6a:d6:92:19:93:50:07:f4:f3:78:85:8b:0b:17:76:bf:6e:65:fa:61:b8:21:e3:09:0a:9d:e8

Digest Algorithm

sha256

PE Digest Matches

true

67:f9:ba:ed:ad:91:1b:1d:f2:b4:bf:db:97:6e:7b:c6:a8:d6:0d:49
Signer

Actual PE Digest

67:f9:ba:ed:ad:91:1b:1d:f2:b4:bf:db:97:6e:7b:c6:a8:d6:0d:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\binaries\x86ret\bin\i386\\concrt140.i386.pdb

Imports

msvcp140

__crtCloseThreadpoolWait
?_Xbad_function_call@std@@YAXXZ
__crtSetThreadpoolWait
__crtCreateThreadpoolWait
__crtCloseThreadpoolTimer
__crtWaitForThreadpoolTimerCallbacks
__crtCreateThreadpoolTimer
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
__crtSetThreadpoolTimer
__crtCreateSemaphoreExW
__crtGetCurrentProcessorNumber
__crtFlushProcessWriteBuffers
__crtGetTickCount64
__crtCreateEventExW
__crtInitializeCriticalSectionEx
?_Throw_C_error@std@@YAXH@Z
_Cnd_broadcast
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
__crtFreeLibraryWhenCallbackReturns

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memset
__uncaught_exception
memcpy
__RTDynamicCast
_except_handler4_common
__std_type_info_destroy_list
_purecall

api-ms-win-crt-runtime-l1-1-0

_cexit
_initialize_narrow_environment
_initterm_e
_seh_filter_dll
_initterm
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
terminate

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-math-l1-1-0

_CIsqrt
_CIexp

api-ms-win-crt-string-l1-1-0

wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
__stdio_common_vswprintf_s
fflush
__acrt_iob_func

kernel32

SetLastError
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
Sleep
GetCurrentThreadId
GetCurrentProcess
WaitForSingleObjectEx
SetEvent
GetLastError
DuplicateHandle
CloseHandle
GetCurrentThread
CreateTimerQueue
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetProcAddress
GetNumaHighestNodeNumber
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
OutputDebugStringW
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
EncodePointer
UnregisterWaitEx
ReleaseSemaphore
InitializeSListHead
SetProcessAffinityMask
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask

Exports

Exports

??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QAA@IZZ
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z
??0SchedulerPolicy@Concurrency@@QAE@XZ
??0_Cancellation_beacon@details@Concurrency@@QAE@XZ
??0_Concurrent_queue_base_v4@details@Concurrency@@IAE@I@Z
??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAE@ABV_Concurrent_queue_base_v4@12@@Z
??0_Condition_variable@details@Concurrency@@QAE@XZ
??0_Context@details@Concurrency@@QAE@PAVContext@2@@Z
??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_ReaderWriterLock@details@Concurrency@@QAE@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_ReentrantLock@details@Concurrency@@QAE@XZ
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Runtime_object@details@Concurrency@@QAE@H@Z
??0_Runtime_object@details@Concurrency@@QAE@XZ
??0_Scheduler@details@Concurrency@@QAE@PAVScheduler@2@@Z
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
??0_StructuredTaskCollection@details@Concurrency@@QAE@PAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QAE@PAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QAE@XZ
??0_Timer@details@Concurrency@@IAE@I_N@Z
??0agent@Concurrency@@QAE@AAVScheduleGroup@1@@Z
??0agent@Concurrency@@QAE@AAVScheduler@1@@Z
??0agent@Concurrency@@QAE@XZ
??0bad_target@Concurrency@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@XZ
??0context_self_unblock@Concurrency@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@XZ
??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z
??0context_unblock_unbalanced@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
??0default_scheduler_exists@Concurrency@@QAE@PBD@Z
??0default_scheduler_exists@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??0improper_lock@Concurrency@@QAE@PBD@Z
??0improper_lock@Concurrency@@QAE@XZ
??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_attach@Concurrency@@QAE@XZ
??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_detach@Concurrency@@QAE@XZ
??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z
??0improper_scheduler_reference@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0invalid_link_target@Concurrency@@QAE@XZ
??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z
??0invalid_multiple_scheduling@Concurrency@@QAE@XZ
??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
??0missing_wait@Concurrency@@QAE@PBD@Z
??0missing_wait@Concurrency@@QAE@XZ
??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ
??0operation_timed_out@Concurrency@@QAE@PBD@Z
??0operation_timed_out@Concurrency@@QAE@XZ
??0reader_writer_lock@Concurrency@@QAE@XZ
??0scheduler_not_attached@Concurrency@@QAE@PBD@Z
??0scheduler_not_attached@Concurrency@@QAE@XZ
??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z
??0scheduler_worker_creation_error@Concurrency@@QAE@J@Z
??0scheduler_worker_creation_error@Concurrency@@QAE@PBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0unsupported_os@Concurrency@@QAE@PBD@Z
??0unsupported_os@Concurrency@@QAE@XZ
??1SchedulerPolicy@Concurrency@@QAE@XZ
??1_Cancellation_beacon@details@Concurrency@@QAE@XZ
??1_Concurrent_queue_base_v4@details@Concurrency@@MAE@XZ
??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAE@XZ
??1_Concurrent_vector_base_v4@details@Concurrency@@IAE@XZ
??1_Condition_variable@details@Concurrency@@QAE@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??1_StructuredTaskCollection@details@Concurrency@@QAE@XZ
??1_TaskCollection@details@Concurrency@@QAE@XZ
??1_Timer@details@Concurrency@@MAE@XZ
??1agent@Concurrency@@UAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
??1reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@$$QAV012@@Z
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@$$QAV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z
??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z
??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ
??_F_Context@details@Concurrency@@QAEXXZ
??_F_Scheduler@details@Concurrency@@QAEXXZ
?AgentEventGuid@Concurrency@@3U_GUID@@B
?Alloc@Concurrency@@YAPAXI@Z
?Block@Context@Concurrency@@SAXXZ
?ChoreEventGuid@Concurrency@@3U_GUID@@B
?ConcRTEventGuid@Concurrency@@3U_GUID@@B
?ConcRT_ProviderGuid@Concurrency@@3U_GUID@@B
?ContextEventGuid@Concurrency@@3U_GUID@@B
?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@AAVlocation@2@@Z
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPAX@Z
?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsAvailableLocation@CurrentScheduler@Concurrency@@SA_NABVlocation@2@@Z
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?LockEventGuid@Concurrency@@3U_GUID@@B
?Log2@details@Concurrency@@YAKI@Z
?NFS_Allocate@details@Concurrency@@YAPAXIIPAX@Z
?NFS_Free@details@Concurrency@@YAXPAX@Z
?NFS_GetLineSize@details@Concurrency@@YAIXZ
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?PPLParallelForEventGuid@Concurrency@@3U_GUID@@B
?PPLParallelForeachEventGuid@Concurrency@@3U_GUID@@B
?PPLParallelInvokeEventGuid@Concurrency@@3U_GUID@@B
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ResourceManagerEventGuid@Concurrency@@3U_GUID@@B
?ScheduleGroupEventGuid@Concurrency@@3U_GUID@@B
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0AAVlocation@2@@Z
?SchedulerEventGuid@Concurrency@@3U_GUID@@B
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z
?VirtualProcessorEventGuid@Concurrency@@3U_GUID@@B
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAEXXZ
?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAEXABV123@@Z
?_Byte_reverse_table@details@Concurrency@@3QBEB
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QAE_NXZ
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
?_Current_node@location@Concurrency@@SA?AV12@XZ
?_Destroy@_AsyncTaskCollection@details@Concurrency@@EAEXXZ
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ
?_GetCombinableSize@details@Concurrency@@YAIXZ
?_GetConcRTTraceInfo@Concurrency@@YAPBU_CONCRT_TRACE_INFO@details@1@XZ
?_GetConcurrency@details@Concurrency@@YAIXZ
?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAAIXZ
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?_GetScheduler@_Scheduler@details@Concurrency@@QAEPAVScheduler@3@XZ
?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ
?_Internal_assign@_Concurrent_vector_base_v4@details@Concurrency@@IAEXABV123@IP6AXPAXI@ZP6AX1PBXI@Z4@Z
?_Internal_capacity@_Concurrent_vector_base_v4@details@Concurrency@@IBEIXZ
?_Internal_clear@_Concurrent_vector_base_v4@details@Concurrency@@IAEIP6AXPAXI@Z@Z
?_Internal_compact@_Concurrent_vector_base_v4@details@Concurrency@@IAEPAXIPAXP6AX0I@ZP6AX0PBXI@Z@Z
?_Internal_copy@_Concurrent_vector_base_v4@details@Concurrency@@IAEXABV123@IP6AXPAXPBXI@Z@Z
?_Internal_empty@_Concurrent_queue_base_v4@details@Concurrency@@IBE_NXZ
?_Internal_finish_clear@_Concurrent_queue_base_v4@details@Concurrency@@IAEXXZ
?_Internal_grow_by@_Concurrent_vector_base_v4@details@Concurrency@@IAEIIIP6AXPAXPBXI@Z1@Z
?_Internal_grow_to_at_least_with_result@_Concurrent_vector_base_v4@details@Concurrency@@IAEIIIP6AXPAXPBXI@Z1@Z
?_Internal_move_push@_Concurrent_queue_base_v4@details@Concurrency@@IAEXPAX@Z
?_Internal_pop_if_present@_Concurrent_queue_base_v4@details@Concurrency@@IAE_NPAX@Z
?_Internal_push@_Concurrent_queue_base_v4@details@Concurrency@@IAEXPBX@Z
?_Internal_push_back@_Concurrent_vector_base_v4@details@Concurrency@@IAEPAXIAAI@Z
?_Internal_reserve@_Concurrent_vector_base_v4@details@Concurrency@@IAEXIII@Z
?_Internal_resize@_Concurrent_vector_base_v4@details@Concurrency@@IAEXIIIP6AXPAXI@ZP6AX0PBXI@Z2@Z
?_Internal_size@_Concurrent_queue_base_v4@details@Concurrency@@IBEIXZ
?_Internal_swap@_Concurrent_queue_base_v4@details@Concurrency@@IAEXAAV123@@Z
?_Internal_swap@_Concurrent_vector_base_v4@details@Concurrency@@IAEXAAV123@@Z
?_Internal_throw_exception@_Concurrent_queue_base_v4@details@Concurrency@@IBEXXZ
?_Internal_throw_exception@_Concurrent_vector_base_v4@details@Concurrency@@IBEXI@Z
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QBE_NXZ
?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPAV123@PAV_CancellationTokenState@23@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ
?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z
?_Reference@_Scheduler@details@Concurrency@@QAEIXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_Scheduler@details@Concurrency@@QAEIXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@PAVlocation@3@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@PAVlocation@3@@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPAX@Z0@Z
?_Segment_index_of@_Concurrent_vector_base_v4@details@Concurrency@@KAII@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IAEXXZ
?_Stop@_Timer@details@Concurrency@@IAEXXZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?cancel@agent@Concurrency@@QAE_NXZ
?current@location@Concurrency@@SA?AV12@XZ
?done@agent@Concurrency@@IAE_NXZ
?from_numa_node@location@Concurrency@@SA?AV12@G@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ
?is_current_task_group_canceling@Concurrency@@YA_NXZ
?lock@critical_section@Concurrency@@QAEXXZ
?lock@reader_writer_lock@Concurrency@@QAEXXZ
?lock_read@reader_writer_lock@Concurrency@@QAEXXZ
?native_handle@critical_section@Concurrency@@QAEAAV12@XZ
?notify_all@_Condition_variable@details@Concurrency@@QAEXXZ
?notify_one@_Condition_variable@details@Concurrency@@QAEXXZ
?reset@event@Concurrency@@QAEXXZ
?set@event@Concurrency@@QAEXXZ
?set_task_execution_resources@Concurrency@@YAXGPAU_GROUP_AFFINITY@@@Z
?set_task_execution_resources@Concurrency@@YAXK@Z
?start@agent@Concurrency@@QAE_NXZ
?status@agent@Concurrency@@QAE?AW4agent_status@2@XZ
?status_port@agent@Concurrency@@QAEPAV?$ISource@W4agent_status@Concurrency@@@2@XZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ
?try_lock_for@critical_section@Concurrency@@QAE_NI@Z
?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ
?unlock@critical_section@Concurrency@@QAEXXZ
?unlock@reader_writer_lock@Concurrency@@QAEXXZ
?wait@Concurrency@@YAXI@Z
?wait@_Condition_variable@details@Concurrency@@QAEXAAVcritical_section@3@@Z
?wait@agent@Concurrency@@SA?AW4agent_status@2@PAV12@I@Z
?wait@event@Concurrency@@QAEII@Z
?wait_for@_Condition_variable@details@Concurrency@@QAE_NAAVcritical_section@3@I@Z
?wait_for_all@agent@Concurrency@@SAXIPAPAV12@PAW4agent_status@2@I@Z
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
?wait_for_one@agent@Concurrency@@SAXIPAPAV12@AAW4agent_status@2@AAII@Z

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/conf_examples/clamd.conf.sample
CMD_Virus_Scanner/Handler/conf_examples/freshclam.conf.sample
CMD_Virus_Scanner/Handler/freshclam.exe
.exe windows:6 windows x86 arch:x86

31a4225bb58a479b180ff41c10f025f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libfreshclam

fc_cleanup
fc_initialize
fc_download_url_databases
fc_prune_database_directory
fc_set_fccb_download_complete
fc_update_databases
fc_strerror
fc_dns_query_update_info
fc_test_database

libclamav

cli_strdup
cli_gentemp_with_prefix
cli_regcomp
cli_realloc
cli_regexec
cli_regfree
cli_ctime
cli_calloc
cl_retdbdir
cl_cvdhead
cl_cvdfree
cl_retflevel
cli_strbcasestr
cl_strerror
cli_rmdirs
cl_init
cl_set_clcb_msg

pthreadvc3

pthread_mutex_unlock
pthread_mutex_lock

wsock32

connect
closesocket
WSAGetLastError
socket
send
recv

ws2_32

getaddrinfo
freeaddrinfo

kernel32

GetModuleHandleW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
FindNextFileW
FindFirstFileW
FindClose
GetCommandLineW
GetCommandLineA
GetFileAttributesExW
CreateFileA
GetCurrentDirectoryW
CloseHandle
SetConsoleCtrlHandler
CreateThread
CreateEventA
WaitForSingleObject
SetEvent
WideCharToMultiByte
MultiByteToWideChar
MoveFileA
GetLastError
GetModuleFileNameA
lstrcmpiA
Sleep
GetCurrentProcessId

advapi32

StartServiceCtrlDispatcherA
RegOpenKeyExA
RegQueryValueExA
ChangeServiceConfig2A
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegCloseKey

vcruntime140

strchr
strstr
memset
strrchr
_except_handler4_common
wcsstr
wcsrchr
memmove
memcpy

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_initialize_onexit_table
_initterm
_register_onexit_function
_set_app_type
_seh_filter_exe
_exit
_get_initial_narrow_environment
__p___argc
_initialize_narrow_environment
_configure_narrow_argv
exit
_initterm_e
_register_thread_local_exe_atexit_callback
signal
_set_errno
system
_c_exit
_controlfp_s
terminate
_errno
__p___argv
_cexit

api-ms-win-crt-string-l1-1-0

wcsncmp
_strdup
wcsncat
wcsncpy
strpbrk
strncmp
_strnicmp
strncpy

api-ms-win-crt-stdio-l1-1-0

fgets
__stdio_common_vsscanf
_setmode
__stdio_common_vsprintf
__stdio_common_vfprintf
_set_fmode
fopen
_fileno
fclose
__acrt_iob_func
fflush
__p__commode

api-ms-win-crt-heap-l1-1-0

free
realloc
_set_new_mode
malloc
calloc

api-ms-win-crt-time-l1-1-0

_localtime64_s
strftime
_ctime64
_time64

api-ms-win-crt-convert-l1-1-0

atoi
strtoul

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_unlink
_umask
_mkdir

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/freshclam.lib
CMD_Virus_Scanner/Handler/include/clamav-types.h
CMD_Virus_Scanner/Handler/include/clamav-version.h
CMD_Virus_Scanner/Handler/include/clamav.h
CMD_Virus_Scanner/Handler/include/libfreshclam.h
CMD_Virus_Scanner/Handler/json-c.dll
.dll windows:6 windows x86 arch:x86

1469a4a15ae36e3fc9ce3ada3fe10083

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetLastError
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

vcruntime140

__std_type_info_destroy_list
memmove
strrchr
_except_handler4_common
memset
strstr
memcpy
strchr

api-ms-win-crt-heap-l1-1-0

calloc
malloc
realloc
free

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsprintf
_close
__acrt_iob_func
_write
_read
_open

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initterm
_initialize_onexit_table
_errno
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
abort
strerror
_cexit

api-ms-win-crt-math-l1-1-0

_dclass
_except1

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
strtoull
strtol

api-ms-win-crt-string-l1-1-0

_strnicmp
strncmp
_strdup

api-ms-win-crt-locale-l1-1-0

setlocale

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

_json_c_strerror
json_c_object_sizeof
json_c_set_serialization_double_format
json_c_shallow_copy_default
json_c_version
json_c_version_num
json_c_visit
json_object_array_add
json_object_array_bsearch
json_object_array_del_idx
json_object_array_get_idx
json_object_array_length
json_object_array_put_idx
json_object_array_shrink
json_object_array_sort
json_object_deep_copy
json_object_double_to_json_string
json_object_equal
json_object_free_userdata
json_object_from_fd
json_object_from_fd_ex
json_object_from_file
json_object_get
json_object_get_array
json_object_get_boolean
json_object_get_double
json_object_get_int
json_object_get_int64
json_object_get_object
json_object_get_string
json_object_get_string_len
json_object_get_type
json_object_get_uint64
json_object_get_userdata
json_object_int_inc
json_object_is_type
json_object_iter_begin
json_object_iter_end
json_object_iter_equal
json_object_iter_init_default
json_object_iter_next
json_object_iter_peek_name
json_object_iter_peek_value
json_object_new_array
json_object_new_array_ext
json_object_new_boolean
json_object_new_double
json_object_new_double_s
json_object_new_int
json_object_new_int64
json_object_new_null
json_object_new_object
json_object_new_string
json_object_new_string_len
json_object_new_uint64
json_object_object_add
json_object_object_add_ex
json_object_object_del
json_object_object_get
json_object_object_get_ex
json_object_object_length
json_object_put
json_object_set_boolean
json_object_set_double
json_object_set_int
json_object_set_int64
json_object_set_serializer
json_object_set_string
json_object_set_string_len
json_object_set_uint64
json_object_set_userdata
json_object_to_fd
json_object_to_file
json_object_to_file_ext
json_object_to_json_string
json_object_to_json_string_ext
json_object_to_json_string_length
json_object_userdata_to_json_string
json_parse_double
json_parse_int64
json_parse_uint64
json_pointer_get
json_pointer_getf
json_pointer_set
json_pointer_setf
json_tokener_error_desc
json_tokener_free
json_tokener_get_error
json_tokener_get_parse_end
json_tokener_new
json_tokener_new_ex
json_tokener_parse
json_tokener_parse_ex
json_tokener_parse_verbose
json_tokener_reset
json_tokener_set_flags
json_type_to_name
json_util_get_last_err
mc_debug
mc_error
mc_get_debug
mc_info
mc_set_debug
mc_set_syslog
printbuf_free
printbuf_memappend
printbuf_memset
printbuf_new
printbuf_reset
sprintbuf

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/libbz2.dll
.dll windows:6 windows x86 arch:x86

09ed9f11c40b59e9c3e23be267d9ffdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent

vcruntime140

memset
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

fwrite
ungetc
fopen
fgetc
ferror
fread
fclose
__stdio_common_vfprintf
_fileno
_setmode
__acrt_iob_func
fflush

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_cexit
exit
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm
_initterm_e
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

isdigit

api-ms-win-crt-math-l1-1-0

_fdopen

Exports

Exports

BZ2_bzBuffToBuffCompress
BZ2_bzBuffToBuffDecompress
BZ2_bzCompress
BZ2_bzCompressEnd
BZ2_bzCompressInit
BZ2_bzDecompress
BZ2_bzDecompressEnd
BZ2_bzDecompressInit
BZ2_bzRead
BZ2_bzReadClose
BZ2_bzReadGetUnused
BZ2_bzReadOpen
BZ2_bzWrite
BZ2_bzWriteClose
BZ2_bzWriteClose64
BZ2_bzWriteOpen
BZ2_bzclose
BZ2_bzdopen
BZ2_bzerror
BZ2_bzflush
BZ2_bzlibVersion
BZ2_bzopen
BZ2_bzread
BZ2_bzwrite

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/libclamav.dll
.dll windows:6 windows x86 arch:x86

97d2f831485a68a4df27bbfe5fc1b0e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libclammspack

mspack_destroy_chm_decompressor
mspack_create_cab_decompressor
mspack_create_chm_decompressor
mspack_destroy_cab_decompressor

libcrypto-1_1

BIO_read
BIO_write
BIO_ctrl
BIO_push
BIO_free_all
BIO_s_mem
BIO_new_mem_buf
BIO_f_base64
BIO_s_file
EVP_MD_size
EVP_MD_block_size
EVP_MD_CTX_md
EVP_MD_CTX_new
EVP_MD_CTX_set_flags
EVP_DigestInit_ex
EVP_DigestUpdate
EVP_DigestFinal_ex
EVP_SignFinal
EVP_VerifyFinal
EVP_get_digestbyname
EVP_PKEY_size
EVP_PKEY_free
X509_STORE_new
X509_STORE_free
X509_STORE_set_flags
X509_STORE_set1_param
X509_STORE_CTX_new
X509_STORE_CTX_free
X509_STORE_CTX_init
X509_STORE_add_lookup
X509_LOOKUP_hash_dir
X509_LOOKUP_file
X509_STORE_add_crl
X509_LOOKUP_ctrl
X509_VERIFY_PARAM_new
X509_VERIFY_PARAM_free
X509_VERIFY_PARAM_set_flags
X509_cmp_current_time
X509_free
X509_CRL_free
X509_get_pubkey
X509_CRL_get0_nextUpdate
X509_verify_cert
PEM_read_bio_X509
PEM_read_X509
PEM_read_bio_X509_AUX
PEM_read_X509_CRL
PEM_read_PrivateKey
BIO_free
BIO_set_flags
BIO_new
EVP_MD_CTX_free

libbz2

BZ2_bzDecompressInit
BZ2_bzDecompressEnd
BZ2_bzDecompress

pcre2-8

pcre2_get_error_message_8
pcre2_get_ovector_pointer_8
pcre2_match_data_free_8
pcre2_match_8
pcre2_match_data_create_from_pattern_8
pcre2_compile_context_create_8
pcre2_code_free_8
pcre2_compile_8
pcre2_set_recursion_limit_8
pcre2_set_match_limit_8
pcre2_match_context_free_8
pcre2_match_context_create_8
pcre2_compile_context_free_8
pcre2_general_context_create_8
pcre2_general_context_free_8
pcre2_pattern_info_8

libxml2

xmlTextReaderGetAttribute
xmlStrEqual
xmlStrcasecmp
xmlStrdup
xmlTextReaderValue
xmlTextReaderLocalName
xmlTextReaderDepth
xmlFree
xmlTextReaderReadInnerXml
htmlGetMetaEncoding
htmlReadMemory
xmlReaderForMemory
xmlFreeDoc
xmlInitParser
xmlFreeTextReader
xmlTextReaderClose
xmlReaderForIO
xmlStrcmp
xmlStrlen
xmlTextReaderRead
xmlTextReaderHasAttributes
xmlTextReaderIsEmptyElement
xmlTextReaderNodeType
xmlTextReaderConstLocalName
xmlTextReaderConstValue
xmlTextReaderMoveToFirstAttribute
xmlTextReaderMoveToNextAttribute
xmlTextReaderMoveToElement
xmlTextReaderNext
xmlTextReaderLocatorLineNumber
xmlTextReaderLocatorBaseURI
xmlTextReaderSetErrorHandler
xmlReaderForFd
xmlReaderWalker
xmlGetDocCompressMode

json-c

json_object_new_array
json_object_array_add
json_object_array_put_idx
json_object_array_get_idx
json_object_new_object
json_object_new_int
json_object_object_get_ex
json_object_new_double
json_object_new_string
json_object_new_string_len
json_object_put
json_object_to_json_string_ext
json_object_get_string
json_object_array_length
json_object_object_del
json_object_new_int64
json_object_get_type
json_object_is_type
json_object_object_add
json_object_get
json_object_new_boolean
json_object_get_int
json_object_get_boolean

pthreadvc3

pthread_win32_process_attach_np
pthread_key_delete
pthread_mutex_init
pthread_mutex_destroy
pthread_win32_process_detach_np
pthread_mutex_lock
pthread_getspecific
pthread_win32_thread_detach_np
pthread_once
pthread_mutex_unlock
pthread_setspecific
pthread_key_create
pthread_win32_thread_attach_np

wsock32

select
connect
socket
closesocket
inet_ntoa
send
recv
getsockopt
WSAGetLastError
WSACleanup
ioctlsocket
htons
WSAStartup
__WSAFDIsSet

ws2_32

getaddrinfo
freeaddrinfo

bcrypt

BCryptGenRandom

kernel32

SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
UnhandledExceptionFilter
GetFileAttributesExW
WriteConsoleW
GetConsoleMode
GetSystemTimeAsFileTime
CreateThread
GetFullPathNameW
FormatMessageW
GetModuleHandleW
FindFirstFileW
FindNextFileW
GetModuleHandleA
CreateMutexA
WaitForSingleObjectEx
AcquireSRWLockShared
HeapReAlloc
TlsAlloc
HeapFree
HeapAlloc
GetProcessHeap
QueryPerformanceFrequency
TlsGetValue
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
TerminateProcess
WaitForSingleObject
GetStdHandle
InitializeSListHead
GetEnvironmentVariableW
GetCurrentDirectoryW
SetLastError
RtlCaptureContext
GetCurrentProcess
Sleep
SwitchToThread
TlsSetValue
SetThreadStackGuarantee
ReleaseSRWLockShared
FindClose
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WriteFile
SetFilePointer
ReadFile
CreateFileA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadTimes
GetCurrentThread
FormatMessageA
LocalFree
LoadLibraryA
GetProcAddress
GetCurrentProcessId
VirtualFree
VirtualAlloc
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetModuleFileNameA
lstrcmpiA
CopyFileA
GetLastError
CloseHandle
GetFinalPathNameByHandleW
CreateFileW
GetSystemInfo

advapi32

RegOpenKeyExA
RegQueryValueExA
GetCurrentHwProfileA
SystemFunction036
RegCloseKey

vcruntime140

strstr
strchr
strrchr
memset
longjmp
_setjmp3
__CxxFrameHandler3
memcmp
_CxxThrowException
wcsrchr
__std_type_info_destroy_list
memchr
memmove
memcpy
_except_handler4_common
wcsstr

api-ms-win-crt-stdio-l1-1-0

_close
__stdio_common_vsprintf
getc
clearerr
_lseek
_wopen
putc
fputs
fread
__acrt_iob_func
_lseeki64
fgets
__stdio_common_vfprintf
_open
fseek
fputc
ftell
__stdio_common_vfscanf
puts
_write
_fileno
_dup
fflush
fclose
_chsize
__stdio_common_vsscanf
_isatty
feof
ferror
_get_osfhandle
fopen
fgetc
_read
fwrite

api-ms-win-crt-heap-l1-1-0

realloc
free
calloc
malloc

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32
_mkdir
_unlink
_access_s
_chmod
_rmdir

api-ms-win-crt-runtime-l1-1-0

abort
_set_errno
_wassert
strerror
_seh_filter_dll
_errno
perror
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

wcsncmp
isprint
strncpy
_strdup
strncat
strncmp
strtok_s
islower
strpbrk
_strnicmp
strlen
wcsncpy
isalnum
strnlen
isalpha
strcspn
tolower
toupper
isspace
isxdigit
isdigit
isupper
wcsncat

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

clock
_ftime64_s
_difftime64
_mktime64
strftime
_ctime64
_localtime64
_time64
_localtime64_s

api-ms-win-crt-convert-l1-1-0

atoi
atol
atof
strtoll
strtoul
wcstombs
strtol

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise
_libm_sse2_pow_precise
_libm_sse2_log_precise
_fdopen
roundf
_libm_sse2_exp_precise
floor
pow
truncf
cos
sin
exp2f
exp
_libm_sse2_sin_precise
_libm_sse2_cos_precise
_except1
ceil

Exports

Exports

@Crc64Calc@8
@Crc64GenerateTable@0
@Crc64Update@16
@CrcCalc@8
@CrcUpdate@12
ARMT_Convert
ARM_Convert
Bcj2_Decode
BraState_Free
BraState_Init
BraState_SetFromMethod
BraState_SetProps
Buf_Create
Buf_Free
Buf_Init
Delta_Decode
Delta_Encode
Delta_Init
DllMain
DynBuf_Construct
DynBuf_Free
DynBuf_SeekToBeg
DynBuf_Write
EXTENDED_FUNCTIONS
FUNCTIONS
FileInStream_CreateVTable
FileOutStream_CreateVTable
FileSeqInStream_CreateVTable
File_Close
File_Construct
File_Read
File_Seek
File_Write
IA64_Convert
InFile_Open
InFile_OpenW
LookInStream_LookRead
LookInStream_Read
LookInStream_Read2
LookInStream_SeekTo
LookToRead_CreateVTable
LookToRead_Init
Lzma2Dec_Allocate
Lzma2Dec_AllocateProbs
Lzma2Dec_DecodeToBuf
Lzma2Dec_DecodeToDic
Lzma2Dec_Init
Lzma2Decode
LzmaDec_Allocate
LzmaDec_AllocateProbs
LzmaDec_DecodeToBuf
LzmaDec_DecodeToDic
LzmaDec_Free
LzmaDec_FreeProbs
LzmaDec_Init
LzmaDec_InitDicAndState
LzmaDecode
LzmaProps_Decode
MixCoder_Code
MixCoder_Construct
MixCoder_Free
MixCoder_Init
MixCoder_SetFromMethod
OPCODE_NAMES
OutFile_Open
OutFile_OpenW
PPC_Convert
Ppmd7_Alloc
Ppmd7_Construct
Ppmd7_DecodeSymbol
Ppmd7_Free
Ppmd7_Init
Ppmd7_MakeEscFreq
Ppmd7_Update1
Ppmd7_Update1_0
Ppmd7_Update2
Ppmd7_UpdateBin
Ppmd7z_RangeDec_CreateVTable
Ppmd7z_RangeDec_Init
SPARC_Convert
SecToLook_CreateVTable
SecToRead_CreateVTable
SeqInStream_Read
SeqInStream_Read2
SeqInStream_ReadByte
SzAlloc
SzAllocTemp
SzArEx_Extract
SzArEx_Free
SzArEx_GetFileNameUtf16
SzArEx_GetFolderFullPackSize
SzArEx_GetFolderStreamPos
SzArEx_Init
SzArEx_Open
SzAr_Free
SzAr_Init
SzCoderInfo_Free
SzCoderInfo_Init
SzFile_Init
SzFolder_Decode
SzFolder_FindBindPairForInStream
SzFolder_FindBindPairForOutStream
SzFolder_Free
SzFolder_GetNumOutStreams
SzFolder_GetUnpackSize
SzFolder_Init
SzFree
SzFreeTemp
TOKENS
XZ_FOOTER_SIG
XZ_SIG
XzBlock_Parse
XzBlock_ReadHeader
XzCheck_Final
XzCheck_Init
XzCheck_Update
XzDec_Init
XzFlags_GetCheckSize
XzUnpacker_Code
XzUnpacker_Create
XzUnpacker_Free
XzUnpacker_IsStreamWasFinished
Xz_Construct
Xz_Free
Xz_GetPackSize
Xz_GetUnpackSize
Xz_ParseHeader
Xz_ReadHeader
Xz_ReadVarInt
Xz_WriteVarInt
Xzs_Construct
Xzs_Free
Xzs_GetNumBlocks
Xzs_GetUnpackSize
Xzs_ReadBackward
__cli_strcasestr
__cli_strndup
__cli_strnlen
__cli_strnstr
__local_stdio_printf_options
__local_stdio_scanf_options
__lzma_wrap_alloc
__lzma_wrap_free
__xz_wrap_alloc
__xz_wrap_free
_snprintf
_yr_arena_make_relocatable
_yr_arena_new_page
_yr_arena_page_for_address
_yr_compiler_pop_file
_yr_compiler_pop_file_name
_yr_compiler_push_file
_yr_compiler_push_file_name
_yr_parser_write_string
adc_decompress
adc_decompressEnd
adc_decompressInit
allow_list_done
allow_list_match
arc4_apply
arc4_init
asn1_check_mscat
asn1_load_mscat
autoit_functions
autoit_keywords
base64Flush
bc_opstr
bc_tystr
binhexBegin
blank_key
blobAddData
blobArrayDestroy
blobClose
blobCreate
blobDestroy
blobGetData
blobGetDataSize
blobGrow
blobSetFilename
blobToMem
blobcmp
bounceBegin
byte_to_int32
bytecode_init
cdn_ctn_is_valid
cdn_eft_is_valid
cl_ASN1_GetTimeT
cl_always_gen_section_hash
cl_base64_decode
cl_base64_encode
cl_cleanup_crypto
cl_countsigs
cl_cvdfree
cl_cvdhead
cl_cvdparse
cl_cvdunpack
cl_cvdverify
cl_debug
cl_engine_addref
cl_engine_compile
cl_engine_free
cl_engine_get_num
cl_engine_get_str
cl_engine_new
cl_engine_set_clcb_engine_compile_progress
cl_engine_set_clcb_engine_free_progress
cl_engine_set_clcb_file_inspection
cl_engine_set_clcb_file_props
cl_engine_set_clcb_hash
cl_engine_set_clcb_meta
cl_engine_set_clcb_post_scan
cl_engine_set_clcb_pre_cache
cl_engine_set_clcb_pre_scan
cl_engine_set_clcb_sigload
cl_engine_set_clcb_sigload_progress
cl_engine_set_clcb_stats_add_sample
cl_engine_set_clcb_stats_decrement_count
cl_engine_set_clcb_stats_flush
cl_engine_set_clcb_stats_get_hostid
cl_engine_set_clcb_stats_get_num
cl_engine_set_clcb_stats_get_size
cl_engine_set_clcb_stats_remove_sample
cl_engine_set_clcb_stats_submit
cl_engine_set_clcb_virus_found
cl_engine_set_num
cl_engine_set_stats_set_cbdata
cl_engine_set_str
cl_engine_settings_apply
cl_engine_settings_copy
cl_engine_settings_free
cl_engine_stats_enable
cl_finish_hash
cl_fmap_close
cl_fmap_open_handle
cl_fmap_open_memory
cl_get_pkey_file
cl_get_x509_from_mem
cl_hash_data
cl_hash_destroy
cl_hash_file_fd
cl_hash_file_fd_ctx
cl_hash_file_fp
cl_hash_init
cl_init
cl_initialize_crypto
cl_load
cl_load_cert
cl_load_crl
cl_retdbdir
cl_retflevel
cl_retver
cl_scandesc
cl_scandesc_callback
cl_scanfile
cl_scanfile_callback
cl_scanmap_callback
cl_set_clcb_msg
cl_sha1
cl_sha256
cl_sha384
cl_sha512
cl_sign_data
cl_sign_data_keyfile
cl_sign_file_fd
cl_sign_file_fp
cl_statchkdir
cl_statfree
cl_statinidir
cl_strerror
cl_update_hash
cl_validate_certificate_chain
cl_validate_certificate_chain_ts_dir
cl_verify_signature
cl_verify_signature_fd
cl_verify_signature_fd_x509
cl_verify_signature_fd_x509_keyfile
cl_verify_signature_hash
cl_verify_signature_hash_x509
cl_verify_signature_hash_x509_keyfile
cl_verify_signature_x509
cl_verify_signature_x509_keyfile
clamav_stats_add_sample
clamav_stats_decrement_count
clamav_stats_flush
clamav_stats_get_hostid
clamav_stats_get_num
clamav_stats_get_size
clamav_stats_remove_sample
clamav_stats_submit
clean_cache_add
clean_cache_check
clean_cache_destroy
clean_cache_init
clean_cache_remove
cli_7unz
cli_LzmaDecode
cli_LzmaInit
cli_LzmaShutdown
cli_XzDecode
cli_XzInit
cli_XzShutdown
cli_ac_addpatt
cli_ac_addsig
cli_ac_buildtrie
cli_ac_caloff
cli_ac_chklsig
cli_ac_chkmacro
cli_ac_free
cli_ac_freedata
cli_ac_init
cli_ac_initdata
cli_ac_scanbuff
cli_add_content_match_pattern
cli_always_gen_section_hash
cli_append_potentially_unwanted
cli_append_potentially_unwanted_if_heur_exceedsmax
cli_append_virus
cli_basename
cli_bcapi_atoi
cli_bcapi_buffer_pipe_done
cli_bcapi_buffer_pipe_new
cli_bcapi_buffer_pipe_new_fromfile
cli_bcapi_buffer_pipe_read_avail
cli_bcapi_buffer_pipe_read_get
cli_bcapi_buffer_pipe_read_stopped
cli_bcapi_buffer_pipe_write_avail
cli_bcapi_buffer_pipe_write_get
cli_bcapi_buffer_pipe_write_stopped
cli_bcapi_bytecode_rt_error
cli_bcapi_bzip2_done
cli_bcapi_bzip2_init
cli_bcapi_bzip2_process
cli_bcapi_check_platform
cli_bcapi_debug_print_str
cli_bcapi_debug_print_str_nonl
cli_bcapi_debug_print_str_start
cli_bcapi_debug_print_uint
cli_bcapi_disable_bytecode_if
cli_bcapi_disable_jit_if
cli_bcapi_disasm_x86
cli_bcapi_engine_db_options
cli_bcapi_engine_dconf_level
cli_bcapi_engine_functionality_level
cli_bcapi_engine_scan_options
cli_bcapi_engine_scan_options_ex
cli_bcapi_entropy_buffer
cli_bcapi_extract_new
cli_bcapi_extract_set_container
cli_bcapi_file_byteat
cli_bcapi_file_find
cli_bcapi_file_find_limit
cli_bcapi_fill_buffer
cli_bcapi_get_environment
cli_bcapi_get_file_reliability
cli_bcapi_get_pe_section
cli_bcapi_hashset_add
cli_bcapi_hashset_contains
cli_bcapi_hashset_done
cli_bcapi_hashset_empty
cli_bcapi_hashset_new
cli_bcapi_hashset_remove
cli_bcapi_hex2ui
cli_bcapi_icos
cli_bcapi_iexp
cli_bcapi_ilog2
cli_bcapi_inflate_done
cli_bcapi_inflate_init
cli_bcapi_inflate_process
cli_bcapi_input_switch
cli_bcapi_ipow
cli_bcapi_isin
cli_bcapi_jsnorm_done
cli_bcapi_jsnorm_init
cli_bcapi_jsnorm_process
cli_bcapi_json_get_array_idx
cli_bcapi_json_get_array_length
cli_bcapi_json_get_boolean
cli_bcapi_json_get_int
cli_bcapi_json_get_object
cli_bcapi_json_get_string
cli_bcapi_json_get_string_length
cli_bcapi_json_get_type
cli_bcapi_json_is_active
cli_bcapi_lzma_done
cli_bcapi_lzma_init
cli_bcapi_lzma_process
cli_bcapi_malloc
cli_bcapi_map_addkey
cli_bcapi_map_done
cli_bcapi_map_find
cli_bcapi_map_getvalue
cli_bcapi_map_getvaluesize
cli_bcapi_map_new
cli_bcapi_map_remove
cli_bcapi_map_setvalue
cli_bcapi_matchicon
cli_bcapi_memstr
cli_bcapi_pdf_get_dumpedobjid
cli_bcapi_pdf_get_flags
cli_bcapi_pdf_get_obj_num
cli_bcapi_pdf_get_offset
cli_bcapi_pdf_get_phase
cli_bcapi_pdf_getobj
cli_bcapi_pdf_getobjflags
cli_bcapi_pdf_getobjid
cli_bcapi_pdf_getobjsize
cli_bcapi_pdf_lookupobj
cli_bcapi_pdf_set_flags
cli_bcapi_pdf_setobjflags
cli_bcapi_pe_rawaddr
cli_bcapi_read
cli_bcapi_read_number
cli_bcapi_running_on_jit
cli_bcapi_seek
cli_bcapi_setvirusname
cli_bcapi_test1
cli_bcapi_test2
cli_bcapi_trace_directory
cli_bcapi_trace_op
cli_bcapi_trace_ptr
cli_bcapi_trace_scope
cli_bcapi_trace_source
cli_bcapi_trace_value
cli_bcapi_version_compare
cli_bcapi_write
cli_bcomp_addpatt
cli_bcomp_chk_hex
cli_bcomp_compare_check
cli_bcomp_freemeta
cli_bcomp_normalize_buffer
cli_bcomp_scanbuf
cli_binhex
cli_bitset_free
cli_bitset_init
cli_bitset_set
cli_bitset_test
cli_bm_addpatt
cli_bm_free
cli_bm_freeoff
cli_bm_init
cli_bm_initoff
cli_bm_scanbuff
cli_build_regex_list
cli_bytecode_context_alloc
cli_bytecode_context_destroy
cli_bytecode_context_getresult_file
cli_bytecode_context_getresult_int
cli_bytecode_context_set_trace
cli_bytecode_context_setctx
cli_bytecode_context_setfile
cli_bytecode_context_setfuncid
cli_bytecode_context_setparam_int
cli_bytecode_context_setparam_ptr
cli_bytecode_context_setpdf
cli_bytecode_context_setpe
cli_bytecode_debug
cli_bytecode_debug_printsrc
cli_bytecode_describe
cli_bytecode_destroy
cli_bytecode_done
cli_bytecode_done_jit
cli_bytecode_init
cli_bytecode_init_jit
cli_bytecode_load
cli_bytecode_prepare2
cli_bytecode_prepare_jit
cli_bytecode_printversion
cli_bytecode_run
cli_bytecode_runhook
cli_bytecode_runlsig
cli_bytefunc_describe
cli_byteinst_describe
cli_bytetype_describe
cli_bytevalue_describe
cli_calloc
cli_caloff
cli_check_auth_header
cli_check_fp
cli_check_mydoom_log
cli_check_riff_exploit
cli_checklimits
cli_checktimelimit
cli_chomp
cli_codepage_to_utf8
cli_compare_ftm_file
cli_compare_ftm_partition
cli_crt_clear
cli_crt_init
cli_ctime
cli_cvdload
cli_dbgets
cli_dbgmsg
cli_dbgmsg_no_inline
cli_dconf_init
cli_dconf_load
cli_dconf_print
cli_debug_flag
cli_detect_env_jit
cli_detect_environment
cli_detect_swizz

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 933KB - Virtual size: 933KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/libclammspack.dll
.dll windows:6 windows x86 arch:x86

ff7fce729fb22a3f43b9ac6a5dd75914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

memcpy
__std_type_info_destroy_list
_except_handler4_common
memset

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-stdio-l1-1-0

ftell
fseek
fread
fputc
fopen
fflush
ferror
fclose
__acrt_iob_func
__stdio_common_vfprintf
fwrite

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_cexit
_initterm_e
_execute_onexit_table
_initterm

kernel32

GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
UnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent

Exports

Exports

__local_stdio_printf_options
fprintf
lzss_decompress
lzxd_decompress
lzxd_free
lzxd_init
lzxd_set_output_length
lzxd_set_reference_data
mspack_create_cab_compressor
mspack_create_cab_decompressor
mspack_create_chm_compressor
mspack_create_chm_decompressor
mspack_create_hlp_compressor
mspack_create_hlp_decompressor
mspack_create_kwaj_compressor
mspack_create_kwaj_decompressor
mspack_create_lit_compressor
mspack_create_lit_decompressor
mspack_create_oab_compressor
mspack_create_oab_decompressor
mspack_create_szdd_compressor
mspack_create_szdd_decompressor
mspack_default_system
mspack_destroy_cab_compressor
mspack_destroy_cab_decompressor
mspack_destroy_chm_compressor
mspack_destroy_chm_decompressor
mspack_destroy_hlp_compressor
mspack_destroy_hlp_decompressor
mspack_destroy_kwaj_compressor
mspack_destroy_kwaj_decompressor
mspack_destroy_lit_compressor
mspack_destroy_lit_decompressor
mspack_destroy_oab_compressor
mspack_destroy_oab_decompressor
mspack_destroy_szdd_compressor
mspack_destroy_szdd_decompressor
mspack_sys_filelen
mspack_sys_selftest_internal
mspack_valid_system
mspack_version
mszipd_decompress
mszipd_decompress_kwaj
mszipd_free
mszipd_init
qtmd_decompress
qtmd_free
qtmd_init

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/libclamunrar.dll
.dll windows:6 windows x86 arch:x86

ed3c435869e75629520a1e1e71ae8ca4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
GetCurrentProcess
CreateHardLinkW
GetLongPathNameW
GetShortPathNameW
MoveFileW
FlushFileBuffers
GetFileTime
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileAttributesW
SetFileAttributesW
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
GetCurrentDirectoryW
GetFullPathNameW
GetModuleFileNameW
FoldStringW
GetCurrentProcessId
FreeLibrary
GetProcAddress
CompareStringA
CreateEventW
GetCurrentThread
SetThreadPriority
SetPriorityClass
GetSystemDirectoryW
LoadLibraryW
SetThreadExecutionState
InitializeCriticalSection
SetFileTime
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
CreateThread
GetProcessAffinityMask
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
IsDBCSLeadByte
GetVersionExW
SetUnhandledExceptionFilter
TerminateProcess
CloseHandle
RemoveDirectoryW
DeleteFileW
LocalFree
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
GetModuleHandleW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
CreateFileW
CreateDirectoryW
SetConsoleCtrlHandler
IsProcessorFeaturePresent
Sleep
SetLastError
GetLastError
AreFileApisANSI
GetConsoleMode
GetFileType
EnterCriticalSection
GetStdHandle
UnhandledExceptionFilter

user32

CharToOemBuffW
CharLowerW
CharUpperW
ExitWindowsEx
OemToCharBuffA
OemToCharA
CharToOemA

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

SysAllocString
SysFreeString
VariantClear

advapi32

RegCloseKey
SetFileSecurityW
AdjustTokenPrivileges
OpenProcessToken
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupPrivilegeValueW

powrprof

SetSuspendState

vcruntime140

_except_handler4_common
__std_exception_destroy
__std_exception_copy
__std_type_info_destroy_list
memset
wcsstr
memmove
wcsrchr
strchr
memcpy
__CxxFrameHandler3
_CxxThrowException
__std_terminate
wcschr

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
free
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__acrt_iob_func
__stdio_common_vswprintf
setbuf
_fileno
_setmode

api-ms-win-crt-convert-l1-1-0

wcstol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

wcspbrk
wcsncpy
wcsncmp
strnlen

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initterm
_initterm_e
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_dll
terminate
_configure_narrow_argv
exit
_cexit
_initialize_narrow_environment

Exports

Exports

??$uiMsg@$$T@@YAXW4UIMESSAGE_CODE@@$$T@Z
??$uiMsg@$$TPA_WPA_W@@YAXW4UIMESSAGE_CODE@@$$TPA_W2@Z
??$uiMsg@H@@YAXW4UIMESSAGE_CODE@@H@Z
??$uiMsg@I@@YAXW4UIMESSAGE_CODE@@I@Z
??$uiMsg@PA_W@@YAXW4UIMESSAGE_CODE@@PA_W@Z
??$uiMsg@PA_WPA_W@@YAXW4UIMESSAGE_CODE@@PA_W1@Z
??$uiMsg@PA_WPA_WPA_W@@YAXW4UIMESSAGE_CODE@@PA_W11@Z
??$uiMsg@PA_WPB_W@@YAXW4UIMESSAGE_CODE@@PA_WPB_W@Z
??$uiMsg@PA_WPB_WPA_W@@YAXW4UIMESSAGE_CODE@@PA_WPB_W1@Z
??$uiMsg@PA_WPB_WPB_W@@YAXW4UIMESSAGE_CODE@@PA_WPB_W2@Z
??$uiMsg@PB_W@@YAXW4UIMESSAGE_CODE@@PB_W@Z
??$uiMsg@PB_WH@@YAXW4UIMESSAGE_CODE@@PB_WH@Z
??$uiMsg@PB_WPB_W@@YAXW4UIMESSAGE_CODE@@PB_W1@Z
??0?$Array@D@@QAE@I@Z
??0?$Array@D@@QAE@XZ
??0?$Array@E@@QAE@I@Z
??0?$Array@E@@QAE@XZ
??0?$Array@H@@QAE@XZ
??0?$Array@PAUUnpackFilter30@@@@QAE@XZ
??0?$Array@URecVolItem@@@@QAE@XZ
??0?$Array@UUnpackFilter@@@@QAE@XZ
??0?$Array@_J@@QAE@XZ
??0?$Array@_W@@QAE@I@Z
??0?$Array@_W@@QAE@XZ
??0Archive@@QAE@PAVRAROptions@@@Z
??0BitInput@@QAE@_N@Z
??0CmdExtract@@QAE@PAVCommandData@@@Z
??0CommandData@@QAE@XZ
??0ComprDataIO@@QAE@XZ
??0CryptData@@QAE@XZ
??0DataHash@@QAE@XZ
??0EncodeFileName@@QAE@XZ
??0ErrorHandler@@QAE@XZ
??0File@@QAE@XZ
??0FindFile@@QAE@XZ
??0FragmentedWindow@@QAE@XZ
??0KDF3CacheItem@CryptData@@QAE@XZ
??0KDF5CacheItem@CryptData@@QAE@XZ
??0ModelPPM@@QAE@XZ
??0QuickOpen@@QAE@XZ
??0RAROptions@@QAE@XZ
??0RSCoder16@@QAE@XZ
??0RarVM@@QAE@XZ
??0RawRead@@QAE@PAVFile@@@Z
??0RawRead@@QAE@XZ
??0RecVolumes3@@QAE@PAVRAROptions@@_N@Z
??0RecVolumes5@@QAE@PAVRAROptions@@_N@Z
??0Rijndael@@QAE@XZ
??0ScanTree@@QAE@PAVStringList@@W4RECURSE_MODE@@_NW4SCAN_DIRS@@@Z
??0SecPassword@@QAE@XZ
??0StringList@@QAE@XZ
??0SubAllocator@@QAE@XZ
??0SupportDBCS@@QAE@XZ
??0ThreadPool@@QAE@I@Z
??0Unpack@@QAE@PAVComprDataIO@@@Z
??0UnpackThreadData@@QAE@XZ
??0_bstr_t@@QAE@PBD@Z
??0bad_alloc@std@@QAE@ABV01@@Z
??0bad_alloc@std@@QAE@XZ
??0blake2s_state@@QAE@AAU0@@Z
??0blake2s_state@@QAE@XZ
??0blake2sp_state@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??1?$Array@D@@QAE@XZ
??1?$Array@E@@QAE@XZ
??1?$Array@H@@QAE@XZ
??1?$Array@PAUUnpackFilter30@@@@QAE@XZ
??1?$Array@URecVolItem@@@@QAE@XZ
??1?$Array@UUnpackFilter@@@@QAE@XZ
??1?$Array@_J@@QAE@XZ
??1?$Array@_W@@QAE@XZ
??1Archive@@UAE@XZ
??1BitInput@@QAE@XZ
??1CmdExtract@@QAE@XZ
??1CommandData@@QAE@XZ
??1ComprDataIO@@QAE@XZ
??1CryptData@@QAE@XZ
??1DataHash@@QAE@XZ
??1File@@UAE@XZ
??1FileHeader@@QAE@XZ
??1FindFile@@QAE@XZ
??1FragmentedWindow@@QAE@XZ
??1KDF3CacheItem@CryptData@@QAE@XZ
??1KDF5CacheItem@CryptData@@QAE@XZ
??1ModelPPM@@QAE@XZ
??1QuickOpen@@QAE@XZ
??1RAROptions@@QAE@XZ
??1RSCoder16@@QAE@XZ
??1RarVM@@QAE@XZ
??1RawRead@@QAE@XZ
??1RecVolumes3@@QAE@XZ
??1RecVolumes5@@QAE@XZ
??1ScanTree@@QAE@XZ
??1SecPassword@@QAE@XZ
??1StringList@@QAE@XZ
??1ThreadPool@@QAE@XZ
??1Unpack@@QAE@XZ
??1UnpackThreadData@@QAE@XZ
??1_bstr_t@@QAE@XZ
??1bad_alloc@std@@UAE@XZ
??1exception@std@@UAE@XZ
??4?$Array@E@@QAEXAAV0@@Z
??4File@@QAEXAAV0@@Z
??4FileHeader@@QAEAAU0@AAU0@@Z
??8HashValue@@QAE_NABU0@@Z
??8SecPassword@@QAE_NAAV0@@Z
??AFragmentedWindow@@QAEAAEI@Z
??_H@YGXPAXIIP6EPAX0@Z@Z
??_R0?AVArchive@@@8
??_R0?AVFile@@@8
??_R0?AVbad_alloc@std@@@8
??_R0?AVexception@std@@@8
??_R0?AW4RAR_EXIT@@@8
??__G@YGXPAX0IIP6EPAX00@Z@Z
?Add@?$Array@D@@QAEXI@Z
?Add@?$Array@E@@QAEXI@Z
?Add@?$Array@H@@QAEXI@Z
?Add@?$Array@I@@QAEXI@Z
?Add@?$Array@PAUUnpackFilter30@@@@QAEXI@Z
?Add@?$Array@URecVolItem@@@@QAEXI@Z
?Add@?$Array@UUnpackFilter@@@@QAEXI@Z
?Add@?$Array@_W@@QAEXI@Z
?AddArcName@CommandData@@QAEXPB_W@Z
?AddEndSlash@@YAXPA_WI@Z
?AddFilter@Unpack@@AAE_NAAUUnpackFilter@@@Z
?AddString@StringList@@QAEXPB_W@Z
?AddStringA@StringList@@QAEXPBD@Z
?AddTask@ThreadPool@@QAEXP6AXPAX@Z0@Z
?AddVMCode@Unpack@@AAE_NIPAEI@Z
?Adjust@RarTime@@QAEX_J@Z
?AdjustTotalArcSize@ComprDataIO@@QAEXPAVArchive@@@Z
?Alloc@?$Array@D@@QAEXI@Z
?Alloc@?$Array@E@@QAEXI@Z
?Alloc@?$Array@URecVolItem@@@@QAEXI@Z
?Alloc@?$Array@UUnpackFilter@@@@QAEXI@Z
?Alloc@?$Array@_W@@QAEXI@Z
?AllocUnits@SubAllocator@@QAEPAXH@Z
?AllocUnitsRare@SubAllocator@@AAEPAXH@Z
?ApplyFilter@Unpack@@AAEPAEPAEIPAUUnpackFilter@@@Z
?ArcBrokenMsg@ErrorHandler@@QAEXPB_W@Z
?ArcCharToWide@@YAXPBDPA_WIW4ACTW_ENCODING@@@Z
?AskRepeatRead@ErrorHandler@@QAEXPB_WAA_N11@Z
?AskRepeatWrite@ErrorHandler@@QAE_NPB_W_N@Z
?BadSwitch@CommandData@@AAEXPB_W@Z
?BinToHex@@YAXPBEIPADPA_WI@Z
?Blake2Thread@@YAXPAX@Z
?BrokenHeaderMsg@Archive@@AAEXXZ
?CRC32@@YAIIPBXI@Z
?CalcFileSum@@YAXPAVFile@@PAIPAEI_JI@Z
?CharToWide@@YA_NPBDPA_WI@Z
?CheckArc@Archive@@QAEX_N@Z
?CheckArgs@CommandData@@SA_NPAVStringList@@_NPB_W1H@Z
?CheckOpen@Archive@@QAEXPB_W@Z
?CheckUnpVer@CmdExtract@@AAE_NAAVArchive@@PB_W@Z
?CheckWinSize@CommandData@@QAE_NXZ
?Checksum14@@YAGGPBXI@Z
?ChecksumFailedMsg@ErrorHandler@@QAEXPB_W0@Z
?Clean@ErrorHandler@@QAEXXZ
?Clean@SecPassword@@QAEXXZ
?Clean@SubAllocator@@QAEXXZ
?CleanUp@ModelPPM@@QAEXXZ
?Close@File@@UAE_NXZ
?Close@QuickOpen@@AAEXXZ
?CloseError@ErrorHandler@@QAEXPB_W@Z
?Cmp@DataHash@@QAE_NPAUHashValue@@PAE@Z
?CmpExt@@YA_NPB_W0@Z
?CmpName@@YA_NPB_W0H@Z
?CmpName@FileHeader@@QAE_NPB_W@Z
?ConvertAttributes@Archive@@QAEXXZ
?ConvertDosPassword@CmdExtract@@AAEXAAVArchive@@AAVSecPassword@@@Z
?ConvertFileHeader@Archive@@AAEXPAUFileHeader@@@Z
?ConvertHashToMAC@@YAXPAUHashValue@@PAE@Z
?ConvertNameCase@Archive@@AAEXPA_W@Z
?ConvertNameToFull@@YAXPB_WPA_WI@Z
?ConvertPath@@YAPA_WPB_WPA_WI@Z
?ConvertToPrecomposed@@YAXPA_WI@Z
?Copy@File@@QAE_JAAV1@_J@Z
?CopyData@FragmentedWindow@@QAEXPAEII@Z
?CopyString15@Unpack@@AAEXII@Z
?CopyString20@Unpack@@AAEXII@Z
?CopyString@FragmentedWindow@@QAEXIIAAII@Z
?CorrHuff@Unpack@@AAEXPAGPAE@Z
?Create@File@@QAE_NPB_WI@Z
?CreateErrorMsg@ErrorHandler@@QAEXPB_W0@Z
?CreateErrorMsg@ErrorHandler@@QAEXPB_W@Z
?CreatePath@@YA_NPB_W_N1@Z
?CreateReparsePoint@@YA_NPAVCommandData@@PB_WPAUFileHeader@@@Z
?CreateSuccessors@ModelPPM@@AAEPAURARPPM_CONTEXT@@_NPAURARPPM_STATE@@@Z
?CreateThreads@ThreadPool@@AAEXXZ
?Crypt15@CryptData@@AAEXPAEI@Z
?Decode@EncodeFileName@@QAEXPADIPAEIPA_WI@Z
?Decode@RSCoder@@QAE_NPAEHPAHH@Z
?DecodeAudio@Unpack@@AAEEH@Z
?DecodeBuf@RSEncode@@QAEXXZ
?DecodeChar@ModelPPM@@QAEHXZ
?DecodeInit@ModelPPM@@QAE_NPAVUnpack@@AAH@Z
?DecodeNum@Unpack@@AAEIIIPAI0@Z
?Decrypt13@CryptData@@AAEXPAEI@Z
?DecryptBlock20@CryptData@@AAEXPAE@Z
?DecryptBlock@CryptData@@QAEXPAEI@Z
?DelDir@@YA_NPB_W@Z
?DelFile@@YA_NPB_W@Z
?Delete@File@@QAE_NXZ
?DetectStartVolume@CmdExtract@@AAE_NPB_W_N@Z
?DetectTextEncoding@@YA?AW4RAR_CHARSET@@PBEI@Z
?DirectRead@File@@QAEHPAXI@Z
?DoExtract@CmdExtract@@QAEXXZ
?DoGetComment@Archive@@AAE_NPAV?$Array@_W@@@Z
?DoUnpack@Unpack@@QAEXI_N@Z
?DosSlashToUnix@@YAXPBDPADI@Z
?DosSlashToUnix@@YAXPB_WPA_WI@Z
?Encode@RSCoder@@QAEXPAEH0@Z
?EncodeBuf@RSEncode@@QAEXXZ
?EncryptBlock20@CryptData@@AAEXPAE@Z
?EnumConfigPaths@@YA_NIPA_WI_N@Z
?ErrHandler@@3VErrorHandler@@A
?ExclCheck@CommandData@@QAE_NPB_W_N11@Z
?ExclDirByAttr@CommandData@@QAE_NI@Z
?Execute@RarVM@@QAEXPAUVM_PreparedProgram@@@Z
?ExecuteCode@Unpack@@AAEXPAUVM_PreparedProgram@@@Z
?ExecuteStandardFilter@RarVM@@AAE_NW4VM_StandardFilters@@@Z
?Exit@ErrorHandler@@QAEXW4RAR_EXIT@@@Z
?ExpandFolderMask@ScanTree@@AAE_NXZ
?ExtrCreateDir@CmdExtract@@AAEXAAVArchive@@PB_W@Z
?ExtrCreateFile@CmdExtract@@AAE_NAAVArchive@@AAVFile@@@Z
?ExtrDllGetPassword@CmdExtract@@AAE_NXZ
?ExtrPrepareName@CmdExtract@@AAEXAAVArchive@@PB_WPA_WI@Z
?ExtractACL20@@YAXAAVArchive@@PB_W@Z
?ExtractACL@@YAXAAVArchive@@PB_W@Z
?ExtractArchive@CmdExtract@@AAE?AW4EXTRACT_ARC_CODE@@XZ
?ExtractArchiveInit@CmdExtract@@QAEXAAVArchive@@@Z
?ExtractCurrentFile@CmdExtract@@QAE_NAAVArchive@@IAA_N@Z
?ExtractFileCopy@CmdExtract@@AAE_NAAVFile@@PA_W11I@Z
?ExtractHardlink@@YA_NPAVCommandData@@PA_W1I@Z
?ExtractStreams20@@YAXAAVArchive@@PB_W@Z
?ExtractStreams@@YAXAAVArchive@@PB_W_N@Z
?ExtractSymlink@@YA_NPAVCommandData@@AAVComprDataIO@@AAVArchive@@PB_W@Z
?FastFind@FindFile@@SA_NPB_WPAUFindData@@_N@Z
?FileCreate@@YA_NPAVRAROptions@@PAVFile@@PA_WIPA_N_JPAVRarTime@@_N@Z
?FileExist@@YA_NPB_W@Z
?FileLength@File@@QAE_JXZ
?FilterItanium_GetBits@RarVM@@AAEIPAEII@Z
?FilterItanium_SetBits@RarVM@@AAEXPAEIII@Z
?FindProc@ScanTree@@AAE?AW4SCAN_CODE@@PAUFindData@@@Z
?Flush@File@@QAEXXZ
?FullHeaderSize@Archive@@QAEII@Z
?GeneralErrMsg@ErrorHandler@@QAAXPB_WZZ
?GenerateArchiveName@@YAXPA_WIPB_W_N@Z
?GenerateTables@Rijndael@@AAEXXZ
?Get1@RawRead@@QAEEXZ
?Get2@RawRead@@QAEGXZ
?Get4@RawRead@@QAEIXZ
?Get8@RawRead@@QAE_KXZ
?Get@SecPassword@@QAEXPA_WI@Z
?GetAppDataPath@@YA_NPA_WI_N@Z
?GetArcName@CommandData@@QAE_NPA_WH@Z
?GetAutoRenamedName@@YA_NPA_WI@Z
?GetB@RawRead@@QAEIPAXI@Z
?GetBlockSize@FragmentedWindow@@QAEIII@Z
?GetByte@File@@QAEEXZ
?GetCRC15@RawRead@@QAEI_N@Z
?GetCRC32@DataHash@@QAEIXZ
?GetCRC50@RawRead@@QAEIXZ
?GetCmdParam@@YAPB_WPB_WPA_WI@Z
?GetComment@Archive@@QAE_NPAV?$Array@_W@@@Z
?GetConfigName@@YAXPB_WPA_WI_N2@Z
?GetDigits@@YAII@Z
?GetDos@RarTime@@QAEIXZ
?GetExclAttr@CommandData@@AAEIPB_WAA_N@Z
?GetExt@@YAPA_WPB_W@Z
?GetFileAttr@@YAIPB_W@Z
?GetFilePath@@YAXPB_WPA_WI@Z
?GetFilteredMask@ScanTree@@AAE_NXZ
?GetFirstVolIfFullSet@CmdExtract@@AAEXPB_W_NPA_WI@Z
?GetFlagsBuf@Unpack@@AAEXXZ
?GetFreeDisk@@YA_JPB_W@Z
?GetLocal@RarTime@@QAEXPAURarLocalTime@@@Z
?GetMonthName@@YAPB_WH@Z
?GetNext@ScanTree@@QAE?AW4SCAN_CODE@@PAUFindData@@@Z
?GetNextMask@ScanTree@@AAE_NXZ
?GetNumberOfCPU@@YAIXZ
?GetNumberOfThreads@@YAIXZ
?GetOpenFileTime@File@@QAEXPAVRarTime@@@Z
?GetPathDisk@@YAHPB_W@Z
?GetPathRoot@@YAXPB_WPA_WI@Z
?GetQueuedTask@ThreadPool@@AAE_NPAUQueueEntry@1@@Z
?GetRarDataPath@@YAXPA_WI_N@Z
?GetRnd@@YAXPAEI@Z
?GetSSEVersion@@YA?AW4SSE_VERSION@@XZ
?GetStartPos@Archive@@QAE_JXZ
?GetStreamNameNTFS@@YAXAAVArchive@@PA_WI@Z
?GetString@StringList@@QAEPA_WXZ
?GetString@StringList@@QAE_NPAPA_W@Z
?GetString@StringList@@QAE_NPA_WI@Z
?GetString@StringList@@QAE_NPA_WIH@Z
?GetStringA@StringList@@QAE_NPADI@Z
?GetSysErrMsg@ErrorHandler@@QAE_NPA_WI@Z
?GetSystemErrorCode@ErrorHandler@@QAEHXZ
?GetText@RarTime@@QAEXPA_WI_N@Z
?GetUnix@RarTime@@QAE_JXZ
?GetUnixNS@RarTime@@QAE_KXZ
?GetUnpackedData@ComprDataIO@@QAEXPAPAEPAI@Z
?GetV@RawRead@@QAE_KXZ
?GetVSize@RawRead@@QAEII@Z
?GetVolNumPart@@YAPA_WPB_W@Z
?GetW@RawRead@@QAEXPA_WI@Z
?GetWide@@YAPB_WPBD@Z
?GetWideName@@YAPA_WPBDPB_WPA_WI@Z
?GetWin@RarTime@@QAE_KXZ
?GetWinFT@RarTime@@QAEXPAU_FILETIME@@@Z
?GetWinLongPath@@YA_NPB_WPA_WI@Z
?GlueFreeBlocks@SubAllocator@@AAEXXZ
?HuffDecode@Unpack@@AAEXXZ
?Init@CommandData@@QAEXXZ
?Init@ComprDataIO@@QAEXXZ
?Init@DataHash@@QAEXW4HASH_TYPE@@I@Z
?Init@FragmentedWindow@@QAEXI@Z
?Init@HashValue@@QAEXW4HASH_TYPE@@@Z
?Init@QuickOpen@@QAEXPAVArchive@@_N@Z
?Init@RAROptions@@QAEXXZ
?Init@RSCoder16@@QAE_NIIPA_N@Z
?Init@RSCoder@@QAEXH@Z
?Init@RarVM@@QAEXXZ
?Init@Rijndael@@QAEX_NPBEI1@Z
?Init@SupportDBCS@@QAEXXZ
?Init@Unpack@@QAEXI_N@Z
?InitCRC32@@YAXPAI@Z
?InitConsole@@YAXXZ
?InitDecoder@RangeCoder@@QAEXPAVUnpack@@@Z
?InitFilters30@Unpack@@AAEX_N@Z
?InitFilters@Unpack@@AAEXXZ
?InitHuff@Unpack@@AAEXXZ
?InitLogOptions@@YAXPB_WW4RAR_CHARSET@@@Z
?InitMT@Unpack@@AAEXXZ
?InitSubAllocator@SubAllocator@@QAEXXZ
?InitSystemOptions@@YAXH@Z
?IntToExt@@YAXPBDPADI@Z
?InvertDecoderMatrix@RSCoder16@@AAEXXZ
?IsAlpha@@YA_NH@Z
?IsArcDir@Archive@@QAE_NXZ
?IsArchive@Archive@@QAE_N_N@Z
?IsDeleteAllowed@@YA_NI@Z
?IsDevice@File@@QAE_NXZ
?IsDigit@@YA_NH@Z
?IsDir@@YA_NI@Z
?IsDriveDiv@@YA_NH@Z
?IsDriveLetter@@YA_NPB_W@Z
?IsFullPath@@YA_NPB_W@Z
?IsFullRootPath@@YA_NPB_W@Z
?IsLeapYear@@YA_NH@Z
?IsLink@@YA_NI@Z
?IsNameUsable@@YA_NPB_W@Z
?IsOpened@File@@UAE_NXZ
?IsPathDiv@@YA_NH@Z
?IsProcessFile@CommandData@@QAEHAAUFileHeader@@PA_NH_NPA_WI@Z
?IsRelativeSymlinkSafe@@YA_NPAVCommandData@@PB_W11@Z
?IsRemovable@@YA_NPB_W@Z
?IsSignature@Archive@@SA?AW4RARFORMAT@@PBEI@Z
?IsSpace@@YA_NH@Z
?IsSwitch@CommandData@@QAE_NH@Z
?IsTextUtf8@@YA_NPBE@Z
?IsTextUtf8@@YA_NPBEI@Z
?IsUnreadable@@YA_NI@Z
?IsUserAdmin@@YA_NXZ
?IsWildcard@@YA_NPB_W@Z
?IsWindows11OrGreater@@YA_NXZ
?Length@SecPassword@@QAEIXZ
?ListArchive@@YAXPAVCommandData@@@Z
?Load@QuickOpen@@QAEX_K@Z
?LoadSysLibrary@@YGPAUHINSTANCE__@@PB_W@Z
?LongLZ@Unpack@@AAEXXZ
?LowAscii@@YA_NPBD@Z
?LowAscii@@YA_NPB_W@Z
?MakeDecodeTables@Unpack@@AAEXPAEPAUDecodeTable@@I@Z
?MakeDecoderMatrix@RSCoder16@@AAEXXZ
?MakeDir@@YA?AW4MKDIR_CODE@@PB_W_NI@Z
?MakeEncoderMatrix@RSCoder16@@AAEXXZ
?MakeName@@YAXPB_W0PA_WI@Z
?MakeNameCompatible@@YAXPA_WI@Z
?MakeNameUsable@@YAXPAD_N@Z
?MakeNameUsable@@YAXPA_W_N@Z
?MemoryError@ErrorHandler@@QAEXXZ
?MemoryErrorMsg@ErrorHandler@@QAEXXZ
?MergeArchive@@YA_NAAVArchive@@PAVComprDataIO@@_N_W@Z
?MonoClock@@YAJXZ
?Msg@uiMsgStore@@QAEXXZ
?Next@FindFile@@QAE_NPAUFindData@@_N@Z
?NextVolumeName@@YAXPA_WI_N@Z
?NullToEmpty@@YAPBDPBD@Z
?NullToEmpty@@YAPB_WPB_W@Z
?Open@Archive@@UAE_NPB_WI@Z
?Open@File@@UAE_NPB_WI@Z
?OpenError@ErrorHandler@@QAEXPB_W@Z
?OpenErrorMsg@ErrorHandler@@QAEXPB_W0@Z
?OpenErrorMsg@ErrorHandler@@QAEXPB_W@Z
?OutComment@@YAXPB_WI@Z
?OutHelp@CommandData@@QAEXW4RAR_EXIT@@@Z
?OutTitle@CommandData@@QAEXXZ
?ParseArg@CommandData@@QAEXPA_W@Z
?ParseCommandLine@CommandData@@QAEX_NHQAPAD@Z
?ParseDone@CommandData@@QAEXXZ
?ParseEnvVar@CommandData@@QAEXXZ
?ParseVersionFileName@@YAHPA_W_N@Z
?PointToLastChar@@YAPA_WPB_W@Z
?PointToName@@YAPA_WPB_W@Z
?PoolThread@ThreadPool@@CGKPAX@Z
?PoolThreadLoop@ThreadPool@@AAEXXZ
?Prealloc@File@@QAEX_J@Z
?Prepare@RarVM@@QAEXPAEIPAUVM_PreparedProgram@@@Z
?PrepareToDelete@@YAXPB_W@Z
?PreprocessArg@CommandData@@QAEXPB_W@Z
?Process@SecPassword@@AAEXPB_WIPA_WI_N@Z
?ProcessAreaRS@RecVolumes5@@QAEXPAURecRSThreadData@@@Z
?ProcessCommand@CommandData@@QAEXXZ
?ProcessDecoded@Unpack@@AAE_NAAUUnpackThreadData@@@Z
?ProcessExtra50@Archive@@AAEXPAVRawRead@@IPAUBaseBlock@@@Z
?ProcessFile@@YGHPAXHPAD1PA_W2@Z
?ProcessRS@RecVolumes5@@AAEXPAVRAROptions@@IPBEI_N@Z
?ProcessSignal@@YGHK@Z
?ProcessSwitch@CommandData@@AAEXPB_W@Z
?ProcessSwitchesString@CommandData@@QAEXPB_W@Z
?ProhibitConsoleInput@@YAXXZ
?Push@?$Array@E@@QAEXE@Z
?Push@?$Array@H@@QAEXH@Z
?Push@?$Array@I@@QAEXI@Z
?Push@?$Array@UUnpackFilter@@@@QAEXUUnpackFilter@@@Z
?Push@?$Array@_W@@QAEX_W@Z
?PutByte@File@@QAEXE@Z
?RSDecodeThread@@YAXPAX@Z
?RSEncodeThread@@YAXPAX@Z
?RawGetV@@YA_KPBEAAIIAA_N@Z
?RawSeek@File@@QAE_N_JH@Z
?RawToWide@@YAPA_WPBEPA_WI@Z
?Read@Archive@@UAEHPAXI@Z
?Read@File@@UAEHPAXI@Z
?Read@QuickOpen@@QAE_NPAXIAAI@Z
?Read@RawRead@@QAEII@Z
?Read@RawRead@@QAEXPAEI@Z
?ReadBlockHeader@Unpack@@AAE_NAAVBitInput@@AAUUnpackBlockHeader@@@Z
?ReadBuffer@QuickOpen@@AAEIXZ
?ReadCommentData@Archive@@AAE_NPAV?$Array@_W@@@Z
?ReadConfig@CommandData@@QAEXXZ
?ReadData@RarVM@@SAIAAVBitInput@@@Z
?ReadEndOfBlock@Unpack@@AAE_NXZ
?ReadError@ErrorHandler@@QAEXPB_W@Z
?ReadErrorMsg@ErrorHandler@@QAEXPB_W0@Z
?ReadErrorMsg@ErrorHandler@@QAEXPB_W@Z
?ReadFilter@Unpack@@AAE_NAAVBitInput@@AAUUnpackFilter@@@Z
?ReadFilterData@Unpack@@AAEIAAVBitInput@@@Z
?ReadHeader14@Archive@@AAEIXZ
?ReadHeader15@Archive@@AAEIXZ
?ReadHeader50@Archive@@AAEIXZ
?ReadHeader@Archive@@QAEIXZ
?ReadHeader@RecVolumes5@@AAEIPAVFile@@_N@Z
?ReadLastTables@Unpack@@AAEXXZ
?ReadNext@QuickOpen@@AAE_NXZ
?ReadRaw@QuickOpen@@AAE_NAAVRawRead@@@Z
?ReadSubData@Archive@@QAE_NPAV?$Array@E@@PAVFile@@_N@Z
?ReadTables20@Unpack@@AAE_NXZ
?ReadTables30@Unpack@@AAE_NXZ
?ReadTables@Unpack@@AAE_NAAVBitInput@@AAUUnpackBlockHeader@@AAUUnpackBlockTables@@@Z
?ReadTextFile@@YA_NPB_WPAVStringList@@_N2W4RAR_CHARSET@@222@Z
?ReadVMCode@Unpack@@AAE_NXZ
?ReadVMCodePPM@Unpack@@AAE_NXZ
?RecThreadRS@@YAXPAX@Z
?RecVolumesRestore@@YA_NPAVRAROptions@@PB_W_N@Z
?RecVolumesTest@@YAXPAVRAROptions@@PAVArchive@@PB_W@Z
?RemoveEOL@@YAPA_WPA_W@Z
?RemoveLF@@YAPA_WPA_W@Z
?RemoveNameFromPath@@YAXPA_W@Z
?Rename@File@@QAE_NPB_W@Z
?RenameFile@@YA_NPB_W0@Z
?ReportWrongSwitches@CommandData@@QAEXW4RARFORMAT@@@Z
?RequestArcPassword@Archive@@AAEXXZ
?Reset@?$Array@E@@QAEXXZ
?Reset@?$Array@_J@@QAEXXZ
?Reset@?$Array@_W@@QAEXXZ
?Reset@FileHeader@@QAEXI@Z
?Reset@FragmentedWindow@@AAEXXZ
?Reset@MainHeader@@QAEXXZ
?Reset@RawRead@@QAEXXZ
?Reset@StringList@@QAEXXZ
?ResetFileCache@@YAXPB_W@Z
?RestartModelRare@ModelPPM@@AAEXXZ
?Restore@RecVolumes3@@QAE_NPAVRAROptions@@PB_W_N@Z
?Restore@RecVolumes5@@QAE_NPAVRAROptions@@PB_W_N@Z
?RestorePosition@StringList@@QAEXXZ
?Result@DataHash@@QAEXPAUHashValue@@@Z
?Rewind@StringList@@QAEXXZ
?SHA1Transform@@YAXQAI0QBE_N@Z
?SSE_UpdateECC@RSCoder16@@AAE_NIIPBEPAEI@Z
?SafeAdd@@YA_J_J00@Z
?SafePPMDecodeChar@Unpack@@AAEHXZ
?SavePosition@StringList@@QAEXXZ
?ScanError@ScanTree@@AAEXAA_N@Z
?Search@StringList@@QAE_NPB_W_N@Z
?SearchBlock@Archive@@QAEIW4HEADER_TYPE@@@Z
?SearchRR@Archive@@QAEIXZ
?SearchSubBlock@Archive@@QAEIPB_W@Z
?SecHideData@@YAXPAXI_N1@Z

Sections

.text
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/libclamunrar_iface.dll
.dll windows:6 windows x86 arch:x86

f5895fb68dd298fde6f4bbf378186b8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libclamunrar

RARCloseArchive
RARSetCallback
RARProcessFile
RARReadHeaderEx
RAROpenArchiveEx

vcruntime140

memset
__std_type_info_destroy_list
_except_handler4_common
memcpy

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_initterm
_seh_filter_dll

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

Exports

Exports

?_OptionsStorage@?1??__local_stdio_printf_options@@9@4_KA
CallbackProc
__local_stdio_printf_options
libclamunrar_iface_LTX_unrar_close
libclamunrar_iface_LTX_unrar_extract_file
libclamunrar_iface_LTX_unrar_open
libclamunrar_iface_LTX_unrar_peek_file_header
libclamunrar_iface_LTX_unrar_skip_file
unrar_debug

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/libcrypto-1_1.dll
.dll windows:6 windows x86 arch:x86

c3fb65ad889fca89c1c8427ecfffe4ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\build\.mussels\cache\work\x86\openssl-1.1.1q\libcrypto-1_1.pdb

Imports

ws2_32

connect
closesocket
bind
accept
setsockopt
WSACleanup
WSAStartup
gethostbyname
getsockopt
getsockname
ioctlsocket
getnameinfo
freeaddrinfo
getaddrinfo
ntohs
socket
shutdown
recv
send
WSASetLastError
recvfrom
sendto
listen
WSAGetLastError

advapi32

RegisterEventSourceW
DeregisterEventSource
ReportEventW

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

bcrypt

BCryptGenRandom

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
TlsFree
TlsSetValue
IsProcessorFeaturePresent
TlsAlloc
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
WideCharToMultiByte
IsDebuggerPresent
GetStartupInfoW
TlsGetValue
InitializeSListHead
FindNextFileW
FindFirstFileW
FindClose
GetModuleHandleExW
LoadLibraryW
LoadLibraryA
ConvertFiberToThread
ConvertThreadToFiber
SwitchToFiber
DeleteFiber
CreateFiber
FormatMessageW
GetSystemTime
SystemTimeToFileTime
GetLastError
SetLastError
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
CloseHandle
FreeLibrary

vcruntime140

__std_type_info_destroy_list
strstr
wcsstr
memmove
strchr
strrchr
memset
memcpy
_except_handler4_common
memchr

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
feof
__stdio_common_vsprintf
fputs
_wfopen
fopen
__stdio_common_vswprintf
fclose
ferror
fflush
clearerr
setbuf
__acrt_iob_func
fgets
fwrite
__stdio_common_vsscanf
_setmode
ftell
fseek
fread
_fileno

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
strtol

api-ms-win-crt-string-l1-1-0

_stricmp
strspn
strcspn
strncmp
strcmp
strncpy
isspace
_strnicmp
_strdup

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

perror
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_errno
_register_onexit_function
signal
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_exit
strerror_s
_initterm
raise
_initialize_onexit_table
_initterm_e

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32
_chmod
_stat64i32

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

_except1

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
ADMISSIONS_free
ADMISSIONS_get0_admissionAuthority
ADMISSIONS_get0_namingAuthority
ADMISSIONS_get0_professionInfos
ADMISSIONS_it
ADMISSIONS_new
ADMISSIONS_set0_admissionAuthority
ADMISSIONS_set0_namingAuthority
ADMISSIONS_set0_professionInfos
ADMISSION_SYNTAX_free
ADMISSION_SYNTAX_get0_admissionAuthority
ADMISSION_SYNTAX_get0_contentsOfAdmissions
ADMISSION_SYNTAX_it
ADMISSION_SYNTAX_new
ADMISSION_SYNTAX_set0_admissionAuthority
ADMISSION_SYNTAX_set0_contentsOfAdmissions
AES_bi_ige_encrypt
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ige_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
AES_unwrap_key
AES_wrap_key
ASIdOrRange_free
ASIdOrRange_it
ASIdOrRange_new
ASIdentifierChoice_free
ASIdentifierChoice_it
ASIdentifierChoice_new
ASIdentifiers_free
ASIdentifiers_it
ASIdentifiers_new
ASN1_ANY_it
ASN1_BIT_STRING_check
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_get_int64
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_set_int64
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_adj
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_get_int64
ASN1_INTEGER_get_uint64
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_set_int64
ASN1_INTEGER_set_uint64
ASN1_INTEGER_to_BN
ASN1_ITEM_get
ASN1_ITEM_lookup
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PCTX_free
ASN1_PCTX_get_cert_flags
ASN1_PCTX_get_flags
ASN1_PCTX_get_nm_flags
ASN1_PCTX_get_oid_flags
ASN1_PCTX_get_str_flags
ASN1_PCTX_new
ASN1_PCTX_set_cert_flags
ASN1_PCTX_set_flags
ASN1_PCTX_set_nm_flags
ASN1_PCTX_set_oid_flags
ASN1_PCTX_set_str_flags
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SCTX_free
ASN1_SCTX_get_app_data
ASN1_SCTX_get_flags
ASN1_SCTX_get_item
ASN1_SCTX_get_template
ASN1_SCTX_new
ASN1_SCTX_set_app_data
ASN1_SEQUENCE_ANY_it
ASN1_SEQUENCE_it
ASN1_SET_ANY_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_clear_free
ASN1_STRING_cmp
ASN1_STRING_copy
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get0_data
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_adj
ASN1_TIME_check
ASN1_TIME_cmp_time_t
ASN1_TIME_compare
ASN1_TIME_diff
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_normalize
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_set_string
ASN1_TIME_set_string_X509
ASN1_TIME_to_generalizedtime
ASN1_TIME_to_tm
ASN1_TYPE_cmp
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_pack_sequence
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_TYPE_unpack_sequence
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_adj
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_add_stable_module
ASN1_bn_print
ASN1_buf_print
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_print
ASN1_item_sign
ASN1_item_sign_ctx
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_parse
ASN1_parse_dump
ASN1_put_eoc
ASN1_put_object
ASN1_sign
ASN1_str2mask
ASN1_tag2bit
ASN1_tag2str
ASN1_verify
ASRange_free
ASRange_it
ASRange_new
ASYNC_WAIT_CTX_clear_fd
ASYNC_WAIT_CTX_free
ASYNC_WAIT_CTX_get_all_fds
ASYNC_WAIT_CTX_get_changed_fds
ASYNC_WAIT_CTX_get_fd
ASYNC_WAIT_CTX_new
ASYNC_WAIT_CTX_set_wait_fd
ASYNC_block_pause
ASYNC_cleanup_thread
ASYNC_get_current_job
ASYNC_get_wait_ctx
ASYNC_init_thread
ASYNC_is_capable
ASYNC_pause_job
ASYNC_start_job
ASYNC_unblock_pause
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_ADDRINFO_address
BIO_ADDRINFO_family
BIO_ADDRINFO_free
BIO_ADDRINFO_next
BIO_ADDRINFO_protocol
BIO_ADDRINFO_socktype
BIO_ADDR_clear
BIO_ADDR_family
BIO_ADDR_free
BIO_ADDR_hostname_string
BIO_ADDR_new
BIO_ADDR_path_string
BIO_ADDR_rawaddress
BIO_ADDR_rawmake
BIO_ADDR_rawport
BIO_ADDR_service_string
BIO_accept
BIO_accept_ex
BIO_asn1_get_prefix
BIO_asn1_get_suffix
BIO_asn1_set_prefix
BIO_asn1_set_suffix
BIO_bind
BIO_callback_ctrl
BIO_clear_flags
BIO_closesocket
BIO_connect
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_asn1
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_linebuffer
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_f_zlib
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_callback_ex
BIO_get_data
BIO_get_ex_data
BIO_get_host_ip
BIO_get_init
BIO_get_new_index
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_get_shutdown
BIO_gethostbyname
BIO_gets
BIO_hex_string
BIO_indent
BIO_int_ctrl
BIO_listen
BIO_lookup
BIO_lookup_ex
BIO_meth_free
BIO_meth_get_callback_ctrl
BIO_meth_get_create
BIO_meth_get_ctrl
BIO_meth_get_destroy
BIO_meth_get_gets
BIO_meth_get_puts
BIO_meth_get_read
BIO_meth_get_read_ex
BIO_meth_get_write
BIO_meth_get_write_ex
BIO_meth_new
BIO_meth_set_callback_ctrl
BIO_meth_set_create
BIO_meth_set_ctrl
BIO_meth_set_destroy
BIO_meth_set_gets
BIO_meth_set_puts
BIO_meth_set_read
BIO_meth_set_read_ex
BIO_meth_set_write
BIO_meth_set_write_ex
BIO_method_name
BIO_method_type
BIO_new
BIO_new_CMS
BIO_new_NDEF
BIO_new_PKCS7
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_parse_hostserv
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_read_ex
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_log
BIO_s_mem
BIO_s_null
BIO_s_secmem
BIO_s_socket
BIO_set_callback
BIO_set_callback_arg
BIO_set_callback_ex
BIO_set_cipher
BIO_set_data
BIO_set_ex_data
BIO_set_flags
BIO_set_init
BIO_set_next
BIO_set_retry_reason
BIO_set_shutdown
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_error
BIO_sock_info
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket
BIO_socket_ioctl
BIO_socket_nbio
BIO_test_flags
BIO_up_ref
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BIO_write_ex
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_is_current_thread
BN_BLINDING_lock
BN_BLINDING_new
BN_BLINDING_set_current_thread
BN_BLINDING_set_flags
BN_BLINDING_unlock
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_new
BN_CTX_secure_new
BN_CTX_start
BN_GENCB_call
BN_GENCB_free
BN_GENCB_get_arg
BN_GENCB_new
BN_GENCB_set
BN_GENCB_set_old
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 590KB - Virtual size: 589KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/libcurl.dll
.dll windows:6 windows x86 arch:x86

21fb3efd5fef4e071705328e51494005

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wldap32

ord200
ord301
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord30
ord143

ws2_32

send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
sendto
recvfrom
WSACleanup
WSAStartup
htonl
select
__WSAFDIsSet
ioctlsocket
WSAWaitForMultipleEvents
WSASetEvent
closesocket
WSAEventSelect
recv
setsockopt
socket
WSASetLastError
WSAIoctl
inet_pton
WSAResetEvent
getaddrinfo
freeaddrinfo
gethostname
accept
listen
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents

libssl-1_1

SSL_get_ex_data
SSL_set_ex_data
SSL_get_verify_result
SSL_CTX_load_verify_locations
SSL_get_shutdown
SSL_CTX_set_msg_callback
SSL_CTX_sess_set_new_cb
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_alpn_protos
SSL_get_privatekey
SSL_get_certificate
SSL_get0_alpn_selected
SSL_CTX_set_keylog_callback
BIO_f_ssl
SSL_CTX_set_cipher_list
SSL_CTX_new
SSL_CTX_free
SSL_set_connect_state
SSL_CTX_get_cert_store
SSL_CTX_add_client_CA
SSL_alert_desc_string_long
SSL_CTX_set_post_handshake_auth
SSL_get_current_cipher
OPENSSL_init_ssl
SSL_shutdown
TLS_client_method
SSL_get_version
SSL_pending
SSL_get_error
SSL_set_fd
SSL_set_bio
SSL_CTX_set_ciphersuites
SSL_CTX_ctrl
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_file
SSL_CTX_use_certificate_chain_file
SSL_SESSION_free
SSL_set_session
SSL_get_peer_certificate
SSL_get_peer_cert_chain
SSL_CTX_use_PrivateKey
SSL_ctrl
SSL_write
SSL_read
SSL_connect
SSL_free
SSL_new
SSL_CTX_check_private_key
SSL_CIPHER_get_name
SSL_CTX_set_verify
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_passwd_cb
SSL_CTX_use_certificate
SSL_CTX_set_options

libcrypto-1_1

X509_EXTENSION_get_object
X509_EXTENSION_get_data
X509_PUBKEY_get0_param
PEM_X509_INFO_read_bio
PEM_read_bio_X509
PEM_write_bio_X509
PEM_read_bio_X509_AUX
PEM_read_bio_PrivateKey
RAND_bytes
RAND_status
GENERAL_NAMES_free
X509V3_EXT_print
X509_check_issued
ERR_get_error
ERR_peek_error
ERR_peek_last_error
ERR_clear_error
ERR_error_string_n
PKCS12_free
PKCS12_PBE_add
PKCS12_parse
d2i_PKCS12_bio
OCSP_cert_to_id
OCSP_response_status
OCSP_response_get1_basic
OCSP_resp_find_status
OCSP_check_validity
OCSP_BASICRESP_free
OCSP_RESPONSE_free
d2i_OCSP_RESPONSE
OCSP_CERTID_free
OCSP_response_status_str
OCSP_cert_status_str
OCSP_crl_reason_str
OCSP_basic_verify
UI_get0_user_data
UI_OpenSSL
UI_create_method
UI_destroy_method
UI_method_set_opener
UI_method_set_writer
UI_method_set_reader
UI_method_set_closer
UI_method_get_opener
UI_method_get_writer
UI_method_get_reader
UI_method_get_closer
UI_get_string_type
UI_get_input_flags
UI_set_result
ENGINE_get_first
ENGINE_get_next
ENGINE_by_id
X509_NAME_ENTRY_get_data
ENGINE_ctrl_cmd
ENGINE_free
ENGINE_get_id
ENGINE_init
ENGINE_finish
ENGINE_load_private_key
ENGINE_set_default
X509_NAME_get_entry
EVP_PKEY_get0_DSA
EVP_PKEY_get1_RSA
EVP_PKEY_get0_RSA
EVP_PKEY_id
EVP_sha1
EVP_DigestInit
ASN1_STRING_print
ASN1_TIME_print
ASN1_STRING_to_UTF8
i2t_ASN1_OBJECT
i2a_ASN1_OBJECT
ASN1_STRING_get0_data
ASN1_STRING_type
ASN1_STRING_length
X509_NAME_get_index_by_NID
X509_NAME_print_ex
X509_get_pubkey
BN_print
X509_get0_extensions
X509_get_X509_PUBKEY
X509_get0_notAfter
X509_get0_notBefore
BN_num_bits
X509_get_subject_name
X509_get_issuer_name
BIO_printf
BIO_new_mem_buf
BIO_s_mem
BIO_ctrl
BIO_puts
BIO_free
X509_get_serialNumber
BIO_new
BIO_s_file
CRYPTO_free
CRYPTO_malloc
X509_get_version
X509_INFO_free
X509_get0_signature
d2i_X509
X509_free
i2d_X509_PUBKEY
d2i_PrivateKey_bio
d2i_X509_bio
X509_verify_cert_error_string
X509_load_crl_file
X509_STORE_add_crl
X509_STORE_add_cert
X509_LOOKUP_file
X509_STORE_add_lookup
ENGINE_ctrl
X509_STORE_set_flags
DSA_get0_key
DSA_get0_pqg
DH_get0_key
DH_get0_pqg
RSA_flags
RSA_free
RSA_get0_key
EVP_PKEY_copy_parameters
EVP_PKEY_free
DES_ecb_encrypt
DES_set_odd_parity
DES_set_key_unchecked
MD4_Init
MD4_Update
MD4_Final
MD5_Init
MD5_Update
MD5_Final
EVP_MD_CTX_new
EVP_MD_CTX_free
EVP_DigestInit_ex
EVP_DigestUpdate
EVP_DigestFinal_ex
EVP_sha256
OPENSSL_sk_num
OPENSSL_sk_value
OPENSSL_sk_pop_free
OPENSSL_sk_pop
OpenSSL_version_num
CRYPTO_get_ex_new_index
X509_get_ext_d2i
EVP_PKEY_get0_DH

nghttp2

nghttp2_is_fatal
nghttp2_version
nghttp2_session_set_local_window_size
nghttp2_submit_ping
nghttp2_submit_settings
nghttp2_submit_rst_stream
nghttp2_submit_priority
nghttp2_submit_request
nghttp2_priority_spec_init
nghttp2_http2_strerror
nghttp2_strerror
nghttp2_pack_settings_payload
nghttp2_session_upgrade2
nghttp2_session_get_remote_settings
nghttp2_session_get_remote_window_size
nghttp2_session_get_stream_remote_window_size
nghttp2_session_set_stream_user_data
nghttp2_session_check_request_allowed
nghttp2_session_want_write
nghttp2_session_want_read
nghttp2_session_resume_data
nghttp2_session_mem_recv
nghttp2_session_send
nghttp2_session_del
nghttp2_session_client_new
nghttp2_session_callbacks_set_error_callback
nghttp2_session_callbacks_set_on_header_callback
nghttp2_session_callbacks_set_on_begin_headers_callback
nghttp2_session_callbacks_set_on_stream_close_callback
nghttp2_session_callbacks_set_on_data_chunk_recv_callback
nghttp2_session_callbacks_set_on_frame_recv_callback
nghttp2_session_callbacks_set_send_callback
nghttp2_session_callbacks_del
nghttp2_session_callbacks_new
nghttp2_session_get_stream_user_data

libssh2

libssh2_sftp_read
libssh2_sftp_readdir_ex
libssh2_sftp_write
libssh2_sftp_close_handle
libssh2_sftp_seek64
libssh2_sftp_rename_ex
libssh2_sftp_unlink_ex
libssh2_sftp_statvfs
libssh2_sftp_mkdir_ex
libssh2_sftp_rmdir_ex
libssh2_sftp_stat_ex
libssh2_sftp_symlink_ex
libssh2_sftp_open_ex
libssh2_init
libssh2_exit
libssh2_session_init_ex
libssh2_session_abstract
libssh2_session_callback_set
libssh2_session_handshake
libssh2_session_disconnect_ex
libssh2_sftp_last_error
libssh2_sftp_shutdown
libssh2_session_free
libssh2_hostkey_hash
libssh2_session_hostkey
libssh2_session_method_pref
libssh2_session_last_error
libssh2_session_last_errno
libssh2_session_block_directions
libssh2_userauth_list
libssh2_userauth_authenticated
libssh2_userauth_password_ex
libssh2_userauth_publickey_fromfile_ex
libssh2_userauth_keyboard_interactive_ex
libssh2_channel_read_ex
libssh2_channel_write_ex
libssh2_session_set_blocking
libssh2_channel_send_eof
libssh2_channel_wait_eof
libssh2_channel_wait_closed
libssh2_sftp_init
libssh2_agent_free
libssh2_agent_disconnect
libssh2_agent_userauth
libssh2_agent_get_identity
libssh2_agent_list_identities
libssh2_agent_connect
libssh2_agent_init
libssh2_knownhost_get
libssh2_knownhost_writefile
libssh2_knownhost_readfile
libssh2_knownhost_free
libssh2_knownhost_del
libssh2_knownhost_checkp
libssh2_knownhost_add
libssh2_knownhost_init
libssh2_version
libssh2_scp_send64
libssh2_scp_recv2
libssh2_channel_free
libssh2_session_flag

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertCloseStore

bcrypt

BCryptGenRandom

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
CloseHandle
WaitForSingleObjectEx
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetEnvironmentVariableA
Sleep
MoveFileExA
GetLastError
SetLastError
FormatMessageW
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetSystemTimeAsFileTime
CompareFileTime
VerifyVersionInfoW
VerSetConditionMask
GetTickCount
QueryPerformanceCounter
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
LoadLibraryA
GetProcAddress
GetModuleHandleA

vcruntime140

memset
strchr
strrchr
memmove
strstr
memchr
__std_type_info_destroy_list
_except_handler4_common
memcpy

api-ms-win-crt-stdio-l1-1-0

fputs
__stdio_common_vsscanf
fclose
ftell
_write
__acrt_iob_func
_read
_close
fgets
fopen
_open
fwrite
fflush
_lseeki64
fread
fseek
__stdio_common_vsprintf
setvbuf
fputc
feof

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime

api-ms-win-crt-convert-l1-1-0

atoi
wcstombs
strtoll
strtoul
strtol

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_execute_onexit_table
__sys_errlist
__sys_nerr
_getpid
_beginthreadex
_cexit
_errno
_seh_filter_dll
_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

strncpy
strcspn
strspn
strpbrk
_strdup
strncmp
tolower

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_unlink
_fstat64
_access
_stat64

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc
realloc

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk

api-ms-win-crt-math-l1-1-0

_fdopen
_except1

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/libfreshclam.dll
.dll windows:6 windows x86 arch:x86

863ee1eb193cf13bfaec4f7c51a89dbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libcurl

curl_slist_append
curl_easy_perform
curl_easy_strerror
curl_easy_init
curl_easy_setopt
curl_global_cleanup
curl_easy_getinfo
curl_easy_cleanup
curl_slist_free_all
curl_global_init

libssl-1_1

SSL_CTX_get_cert_store

libcrypto-1_1

ERR_get_error
ERR_error_string
d2i_X509
X509_NAME_print_ex
X509_cmp
X509_get_subject_name
X509_free
X509_dup
X509_STORE_add_cert
BIO_s_mem
BIO_ctrl
BIO_free
BIO_new
RAND_bytes

libclamav

cl_cvdparse
cli_versig2
cli_ctime
cli_strerror
cli_filecopy
cli_gentemp
cli_rmdirs
cli_isnumber
cli_strbcasestr
cl_retflevel
cl_cvdunpack
cl_cvdfree
cl_cvdverify
cl_cvdhead
cli_hashset_destroy
cli_strdup
cli_malloc
cl_debug
cl_engine_new
cl_engine_free
cl_engine_set_clcb_stats_submit
cl_load
cl_strerror
cli_bytecode_prepare2
cli_strtok
cli_get_debug_flag

pthreadvc3

pthread_mutex_unlock
pthread_win32_process_attach_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
pthread_win32_process_detach_np
pthread_mutex_lock

dnsapi

DnsFree
DnsQuery_A

wsock32

WSAStartup
ntohs
getservbyname
WSACleanup

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetNameStringA
CertOpenSystemStoreA

kernel32

GetFileAttributesA
DeleteFileA
CreateFileA
WriteConsoleW
GetConsoleMode
GetSystemTimeAsFileTime
GetFullPathNameW
FormatMessageW
GetFileAttributesExW
GetFinalPathNameByHandleW
MoveFileExW
DeleteFileW
FindFirstFileW
SetUnhandledExceptionFilter
DeviceIoControl
GetFileInformationByHandle
CreateFileW
FindNextFileW
GetModuleHandleA
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
AcquireSRWLockShared
HeapReAlloc
HeapFree
SetFileAttributesA
GetModuleHandleW
UnhandledExceptionFilter
HeapAlloc
GetProcessHeap
QueryPerformanceFrequency
TlsGetValue
QueryPerformanceCounter
TerminateProcess
WaitForSingleObject
GetCurrentProcessId
GetStdHandle
SetFilePointerEx
GetEnvironmentVariableW
GetCurrentDirectoryW
SetLastError
GetProcAddress
RtlCaptureContext
GetCurrentThread
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
TlsAlloc
Sleep
GetLastError
MoveFileA
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
FindClose
ReleaseSRWLockShared
TlsSetValue
GetCurrentProcess

vcruntime140

memcpy
_CxxThrowException
wcsrchr
memset
memmove
memcmp
wcsstr
strrchr
strchr
__std_type_info_destroy_list
_except_handler4_common
strstr
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

strncmp
strncpy
_strnicmp
strnlen
isprint
_strdup
wcsncpy
wcsncmp
wcsncat

api-ms-win-crt-stdio-l1-1-0

_close
_read
_write
fgets
_getcwd
fopen
fclose
_lseeki64
_wopen
_lseek
fflush
_get_osfhandle
_open
__stdio_common_vsprintf
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
calloc

api-ms-win-crt-convert-l1-1-0

wcstombs
atoi

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_localtime64_s
_time64

api-ms-win-crt-runtime-l1-1-0

strerror
_initterm
_execute_onexit_table
_seh_filter_dll
_cexit
_configure_narrow_argv
_errno
_initialize_narrow_environment
_initialize_onexit_table
_set_errno
_initterm_e

api-ms-win-crt-math-l1-1-0

_except1
_CIfmod
trunc
round

api-ms-win-crt-filesystem-l1-1-0

_unlink
_chdir
_umask
rename
_mkdir
_fstat64i32

Exports

Exports

DllMain
__local_stdio_printf_options
dnsquery
fc_cleanup
fc_dns_query_update_info
fc_download_url_database
fc_download_url_databases
fc_initialize
fc_prune_database_directory
fc_set_fccb_download_complete
fc_strerror
fc_test_database
fc_update_database
fc_update_databases
fprintf
g_bCompressLocalDatabase
g_cb_download_complete
g_connectTimeout
g_databaseDirectory
g_freshclamDat
g_localIP
g_maxAttempts
g_proxyPassword
g_proxyPort
g_proxyServer
g_proxyUsername
g_requestTimeout
g_tempDirectory
g_userAgent
load_freshclam_dat
new_freshclam_dat
printf
save_freshclam_dat
snprintf
updatecustomdb
updatedb
version_string_compare

Sections

.text
Size: 434KB - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/libssh2.dll
.dll windows:6 windows x86 arch:x86

14667eb06dbd02baa975ecbc495f85ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libcrypto-1_1

EVP_PKEY_derive_init
EVP_PKEY_derive_set_peer
EVP_PKEY_derive
EVP_PKEY_keygen_init
EVP_PKEY_keygen
PEM_read_bio_RSAPrivateKey
PEM_read_bio_DSAPrivateKey
PEM_read_bio_ECPrivateKey
PEM_read_bio_PrivateKey
ENGINE_load_builtin_engines
ENGINE_register_all_complete
RAND_bytes
EVP_des_ede3_cbc
EVP_rc4
EVP_bf_cbc
EVP_cast5_cbc
DSA_SIG_free
EVP_aes_128_ctr
EVP_aes_192_cbc
EVP_aes_192_ctr
EVP_aes_256_cbc
EVP_aes_256_ctr
EVP_CIPHER_CTX_free
BN_set_word
EVP_sha1
EVP_PKEY_id
HMAC_CTX_free
HMAC_Init_ex
HMAC_Update
HMAC_Final
EVP_md5
EVP_sha256
EVP_sha512
EVP_ripemd160
DSA_SIG_new
EVP_get_digestbyname
EVP_CIPHER_CTX_new
EVP_DigestVerifyInit
EVP_DigestSignInit
EVP_DigestVerify
EVP_DigestSign
EVP_CipherInit
EVP_DigestFinal
RSA_verify
RSA_sign
EVP_PKEY_get_raw_public_key
RSA_get0_factors
RSA_get0_key
RSA_set0_crt_params
RSA_set0_factors
RSA_set0_key
RSA_size
RSA_new
BN_mod_exp
BN_div
BN_sub
BN_bn2bin
BN_bin2bn
BN_clear_free
EVP_DigestInit
EVP_DigestUpdate
EVP_MD_CTX_free
EVP_MD_CTX_new
EVP_Cipher
ECDSA_do_verify
ECDSA_do_sign
ECDSA_SIG_set0
ECDSA_SIG_get0
ECDSA_SIG_free
ECDSA_SIG_new
ECDH_compute_key
EC_KEY_generate_key
EVP_PKEY_get_raw_private_key
EVP_PKEY_new_raw_public_key
EC_KEY_set_public_key
EC_KEY_get0_public_key
EVP_PKEY_new_raw_private_key
EVP_PKEY_CTX_free
EC_KEY_set_private_key
EC_KEY_get0_group
EVP_PKEY_CTX_new_id
EVP_PKEY_CTX_new
EVP_PKEY_free
EC_KEY_free
EC_KEY_new_by_curve_name
EVP_PKEY_new
EC_POINT_oct2point
EVP_PKEY_get1_EC_KEY
EVP_PKEY_set1_EC_KEY
EVP_PKEY_get1_DSA
EVP_PKEY_set1_DSA
EC_POINT_point2oct
EC_POINT_free
EC_POINT_new
EC_GROUP_get_degree
EC_GROUP_get_curve_name
DSA_set0_key
DSA_get0_key
DSA_set0_pqg
DSA_get0_pqg
DSA_free
DSA_new
DSA_do_verify
EVP_PKEY_get1_RSA
DSA_do_sign
RSA_free
DSA_SIG_set0
EVP_PKEY_set1_RSA
HMAC_CTX_new
DSA_SIG_get0
BN_new
BN_num_bits
BN_rand
BN_CTX_free
BN_CTX_new
BN_value_one
BIO_new_mem_buf
BIO_ctrl
BIO_free
EVP_aes_128_cbc
BIO_new_file

ws2_32

getsockopt
ioctlsocket
select
__WSAFDIsSet
send
recv
WSAGetLastError

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
WaitNamedPipeA
CreateEventA
SleepEx
CancelIo
GetOverlappedResult
GetLastError
SetHandleInformation
WriteFile
ReadFile
CreateFileA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetCurrentThreadId
CloseHandle
IsDebuggerPresent

user32

SendMessageA
FindWindowA

vcruntime140

memset
memmove
_except_handler4_common
strrchr
__std_type_info_destroy_list
strchr
memchr
memcpy

api-ms-win-crt-stdio-l1-1-0

fwrite
fopen
rewind
fread
feof
__stdio_common_vsprintf
fgets
fclose

api-ms-win-crt-heap-l1-1-0

realloc
calloc
malloc
free

api-ms-win-crt-time-l1-1-0

_time64
_difftime64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

strncmp
isspace

api-ms-win-crt-convert-l1-1-0

strtoll
strtol

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initterm_e
_execute_onexit_table
_cexit
_seh_filter_dll
_initterm
_initialize_onexit_table

Exports

Exports

libssh2_agent_connect
libssh2_agent_disconnect
libssh2_agent_free
libssh2_agent_get_identity
libssh2_agent_get_identity_path
libssh2_agent_init
libssh2_agent_list_identities
libssh2_agent_set_identity_path
libssh2_agent_userauth
libssh2_banner_set
libssh2_base64_decode
libssh2_channel_close
libssh2_channel_direct_tcpip_ex
libssh2_channel_eof
libssh2_channel_flush_ex
libssh2_channel_forward_accept
libssh2_channel_forward_cancel
libssh2_channel_forward_listen_ex
libssh2_channel_free
libssh2_channel_get_exit_signal
libssh2_channel_get_exit_status
libssh2_channel_handle_extended_data
libssh2_channel_handle_extended_data2
libssh2_channel_open_ex
libssh2_channel_process_startup
libssh2_channel_read_ex
libssh2_channel_receive_window_adjust
libssh2_channel_receive_window_adjust2
libssh2_channel_request_auth_agent
libssh2_channel_request_pty_ex
libssh2_channel_request_pty_size_ex
libssh2_channel_send_eof
libssh2_channel_set_blocking
libssh2_channel_setenv_ex
libssh2_channel_wait_closed
libssh2_channel_wait_eof
libssh2_channel_window_read_ex
libssh2_channel_window_write_ex
libssh2_channel_write_ex
libssh2_channel_x11_req_ex
libssh2_exit
libssh2_free
libssh2_hostkey_hash
libssh2_init
libssh2_keepalive_config
libssh2_keepalive_send
libssh2_knownhost_add
libssh2_knownhost_addc
libssh2_knownhost_check
libssh2_knownhost_checkp
libssh2_knownhost_del
libssh2_knownhost_free
libssh2_knownhost_get
libssh2_knownhost_init
libssh2_knownhost_readfile
libssh2_knownhost_readline
libssh2_knownhost_writefile
libssh2_knownhost_writeline
libssh2_poll
libssh2_poll_channel_read
libssh2_publickey_add_ex
libssh2_publickey_init
libssh2_publickey_list_fetch
libssh2_publickey_list_free
libssh2_publickey_remove_ex
libssh2_publickey_shutdown
libssh2_scp_recv
libssh2_scp_recv2
libssh2_scp_send64
libssh2_scp_send_ex
libssh2_session_abstract
libssh2_session_banner_get
libssh2_session_banner_set
libssh2_session_block_directions
libssh2_session_callback_set
libssh2_session_disconnect_ex
libssh2_session_flag
libssh2_session_free
libssh2_session_get_blocking
libssh2_session_get_timeout
libssh2_session_handshake
libssh2_session_hostkey
libssh2_session_init_ex
libssh2_session_last_errno
libssh2_session_last_error
libssh2_session_method_pref
libssh2_session_methods
libssh2_session_set_blocking
libssh2_session_set_last_error
libssh2_session_set_timeout
libssh2_session_startup
libssh2_session_supported_algs
libssh2_sftp_close_handle
libssh2_sftp_fstat_ex
libssh2_sftp_fstatvfs
libssh2_sftp_fsync
libssh2_sftp_get_channel
libssh2_sftp_init
libssh2_sftp_last_error
libssh2_sftp_mkdir_ex
libssh2_sftp_open_ex
libssh2_sftp_read
libssh2_sftp_readdir_ex
libssh2_sftp_rename_ex
libssh2_sftp_rmdir_ex
libssh2_sftp_seek
libssh2_sftp_seek64
libssh2_sftp_shutdown
libssh2_sftp_stat_ex
libssh2_sftp_statvfs
libssh2_sftp_symlink_ex
libssh2_sftp_tell
libssh2_sftp_tell64
libssh2_sftp_unlink_ex
libssh2_sftp_write
libssh2_trace
libssh2_trace_sethandler
libssh2_userauth_authenticated
libssh2_userauth_hostbased_fromfile_ex
libssh2_userauth_keyboard_interactive_ex
libssh2_userauth_list
libssh2_userauth_password_ex
libssh2_userauth_publickey
libssh2_userauth_publickey_fromfile_ex
libssh2_userauth_publickey_frommemory
libssh2_version

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/libssl-1_1.dll
.dll windows:6 windows x86 arch:x86

337ba39ed4a7e698181f87870bd15a8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\build\.mussels\cache\work\x86\openssl-1.1.1q\libssl-1_1.pdb

Imports

libcrypto-1_1

EVP_MD_CTX_new
EVP_MD_CTX_free
EVP_MD_CTX_copy_ex
EVP_DigestUpdate
EVP_DigestFinal_ex
EVP_MD_CTX_copy
EVP_DigestSignFinal
EVP_CIPHER_CTX_ctrl
RAND_bytes
EVP_CipherInit_ex
EVP_CipherUpdate
EVP_CipherFinal_ex
EVP_MD_type
EVP_DigestInit_ex
EVP_DigestFinal
SHA1_Init
SHA1_Transform
SHA224_Init
SHA256_Init
SHA256_Transform
SHA384_Init
SHA512_Init
SHA512_Transform
MD5_Init
MD5_Transform
CRYPTO_clear_free
OPENSSL_cleanse
COMP_CTX_new
COMP_CTX_free
BIO_s_mem
EVP_CIPHER_key_length
EVP_MD_CTX_ctrl
EVP_MD_CTX_set_flags
EVP_CIPHER_CTX_new
EVP_CIPHER_CTX_reset
EVP_md5
EVP_sha1
OPENSSL_sk_num
OPENSSL_sk_value
OPENSSL_sk_new_reserve
OPENSSL_sk_pop_free
CRYPTO_memdup
CRYPTO_strdup
EVP_sha256
EVP_PKEY_security_bits
EVP_PKEY_set_type
EVP_PKEY_set1_DH
EVP_PKEY_new
EVP_PKEY_up_ref
EVP_PKEY_free
EVP_PKEY_CTX_new
EVP_PKEY_CTX_new_id
EVP_PKEY_CTX_free
EVP_PKEY_CTX_ctrl
EVP_PKEY_derive_init
EVP_PKEY_derive_set_peer
EVP_PKEY_derive
EVP_PKEY_paramgen_init
EVP_PKEY_paramgen
EVP_PKEY_keygen_init
EVP_PKEY_keygen
EC_GROUP_get_curve_name
EC_KEY_get0_group
X509_NAME_free
X509_free
X509_it
ASN1_OCTET_STRING_it
INT32_it
ZINT32_it
UINT32_it
ZUINT32_it
ZINT64_it
ZUINT64_it
CRYPTO_strndup
ASN1_item_free
ASN1_item_d2i
ASN1_item_i2d
OPENSSL_DIR_read
OPENSSL_DIR_end
OPENSSL_sk_shift
OPENSSL_sk_pop
OPENSSL_sk_set_cmp_func
CRYPTO_THREAD_lock_new
CRYPTO_THREAD_lock_free
CRYPTO_get_ex_new_index
CRYPTO_THREAD_run_once
BIO_s_file
EVP_PKEY_id
OPENSSL_LH_new
OPENSSL_LH_free
OPENSSL_LH_insert
OPENSSL_LH_retrieve
X509_STORE_new
X509_STORE_free
X509_STORE_up_ref
X509_STORE_CTX_new
X509_STORE_CTX_free
X509_STORE_CTX_init
X509_STORE_CTX_set_verify_cb
X509_STORE_add_cert
X509_STORE_CTX_set_ex_data
X509_STORE_CTX_get_error
X509_STORE_CTX_get0_chain
X509_STORE_CTX_get1_chain
X509_STORE_CTX_set_flags
X509_STORE_CTX_get0_param
X509_STORE_CTX_set_default
X509_STORE_CTX_set0_dane
X509_VERIFY_PARAM_set1
X509_VERIFY_PARAM_set_auth_level
X509_VERIFY_PARAM_move_peername
X509_verify_cert_error_string
X509_NAME_dup
i2d_X509_NAME
X509_get_subject_name
X509_up_ref
X509_chain_up_ref
X509_cmp
X509_NAME_hash
X509_verify_cert
PEM_read_bio_X509
X509_get_extension_flags
OPENSSL_sk_new
OPENSSL_sk_insert
OPENSSL_sk_delete
OPENSSL_sk_dup
OPENSSL_sk_sort
CRYPTO_mem_ctrl
OBJ_nid2sn
COMP_get_type
COMP_get_name
COMP_zlib
EVP_enc_null
EVP_get_cipherbyname
EVP_get_digestbyname
EVP_PKEY_asn1_find_str
EVP_PKEY_asn1_get0_info
ENGINE_finish
CONF_parse_list
DH_free
OBJ_sn2nid
EC_curve_nist2nid
EC_KEY_new_by_curve_name
EC_KEY_free
X509_STORE_load_locations
PEM_read_bio_DHparams
ERR_func_error_string
ERR_load_strings_const
OPENSSL_init_crypto
OPENSSL_atexit
OBJ_NAME_add
EVP_md5_sha1
EVP_sha224
EVP_sha384
EVP_sha512
EVP_des_cbc
EVP_des_ede3_cbc
EVP_rc4
EVP_rc4_hmac_md5
EVP_idea_cbc
EVP_rc2_cbc
EVP_rc2_40_cbc
EVP_aes_128_cbc
EVP_aes_128_ccm
EVP_aes_128_gcm
EVP_aes_192_cbc
EVP_aes_256_cbc
EVP_aes_256_ccm
EVP_aes_256_gcm
EVP_aes_128_cbc_hmac_sha1
EVP_aes_256_cbc_hmac_sha1
EVP_aes_128_cbc_hmac_sha256
EVP_aes_256_cbc_hmac_sha256
EVP_aria_128_gcm
EVP_aria_256_gcm
EVP_camellia_128_cbc
EVP_camellia_256_cbc
EVP_chacha20_poly1305
EVP_seed_cbc
EVP_add_cipher
EVP_add_digest
CRYPTO_THREAD_read_lock
CRYPTO_THREAD_write_lock
CRYPTO_THREAD_unlock
CRYPTO_new_ex_data
CRYPTO_dup_ex_data
CRYPTO_free_ex_data
CRYPTO_set_ex_data
CRYPTO_get_ex_data
CRYPTO_realloc
EVP_CIPHER_CTX_cipher
CRYPTO_secure_free
BUF_MEM_free
COMP_CTX_get_method
BIO_int_ctrl
BIO_pop
BIO_free_all
BIO_s_socket
OPENSSL_LH_num_items
ERR_peek_error
OBJ_bsearch_
EVP_CIPHER_CTX_free
X509_STORE_add_lookup
X509_LOOKUP_hash_dir
X509_LOOKUP_file
X509_LOOKUP_ctrl
X509_STORE_set_default_paths
X509_VERIFY_PARAM_new
X509_VERIFY_PARAM_free
X509_VERIFY_PARAM_inherit
X509_VERIFY_PARAM_set_purpose
X509_VERIFY_PARAM_set_trust
EVP_Cipher
X509_VERIFY_PARAM_set1_host
X509_VERIFY_PARAM_add1_host
X509_VERIFY_PARAM_set_hostflags
X509_VERIFY_PARAM_get0_peername
X509_VERIFY_PARAM_get_depth
d2i_PUBKEY
X509_EXTENSION_free
d2i_X509
X509_get0_pubkey
X509_check_private_key
X509_get_ext_d2i
ASYNC_WAIT_CTX_new
ASYNC_WAIT_CTX_free
ASYNC_WAIT_CTX_get_all_fds
ASYNC_WAIT_CTX_get_changed_fds
ASYNC_start_job
ASYNC_get_current_job
CT_POLICY_EVAL_CTX_new
CT_POLICY_EVAL_CTX_free
CT_POLICY_EVAL_CTX_set1_cert
CT_POLICY_EVAL_CTX_set1_issuer
CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE
CT_POLICY_EVAL_CTX_set_time
SCT_LIST_free
SCT_set_source
SCT_get_validation_status
SCT_LIST_validate
o2i_SCT_LIST
CTLOG_STORE_new
CTLOG_STORE_free
CTLOG_STORE_load_file
CTLOG_STORE_load_default_file
X509_get_key_usage
RAND_priv_bytes
OCSP_response_get1_basic
OCSP_resp_count
OCSP_resp_get0
OCSP_SINGLERESP_get1_ext_d2i
OCSP_BASICRESP_free
OCSP_RESPID_free
OCSP_RESPONSE_free
d2i_OCSP_RESPONSE
conf_ssl_get
conf_ssl_name_find
conf_ssl_get_cmd
RSA_free
RSA_up_ref
d2i_RSAPrivateKey
ERR_peek_last_error
EVP_PKEY_assign
EVP_PKEY_get0_EC_KEY
d2i_PrivateKey
EVP_PKEY_copy_parameters
EVP_PKEY_missing_parameters
EVP_PKEY_cmp
EC_KEY_can_sign
d2i_X509_bio
d2i_RSAPrivateKey_bio
d2i_PrivateKey_bio
X509_get_pubkey
PEM_read_bio
PEM_read_bio_X509_AUX
PEM_read_bio_RSAPrivateKey
PEM_read_bio_PrivateKey
OPENSSL_LH_delete
OPENSSL_LH_doall_arg
OPENSSL_LH_get_down_load
OPENSSL_LH_set_down_load
PEM_ASN1_read_bio
PEM_ASN1_write_bio
PEM_ASN1_read
PEM_ASN1_write
ENGINE_get_ssl_client_cert_function
ENGINE_init
BIO_puts
BIO_dump_indent
BIO_printf
EVP_DigestSignInit
EVP_PKEY_new_raw_private_key
EVP_PKEY_set1_tls_encodedpoint
EVP_PKEY_get1_tls_encodedpoint
i2d_X509_EXTENSIONS
i2d_OCSP_RESPID
EVP_DigestSign
d2i_X509_EXTENSIONS
d2i_OCSP_RESPID
BUF_MEM_new
BUF_MEM_grow_clean
BN_is_zero
BN_num_bits
BN_bin2bn
BN_bn2bin
BN_free
RSA_pkey_ctx_ctrl
DH_new
DH_check_params
DH_set0_pqg
DH_get0_key
DH_set0_key
EVP_Digest
EVP_DigestInit
EVP_DigestVerify
EVP_DigestVerifyInit
EVP_PKEY_size
EVP_PKEY_get0_RSA
EVP_PKEY_get0_DH
EVP_PKEY_encrypt_init
EVP_PKEY_encrypt
ENGINE_load_ssl_client_cert
BUF_reverse
EVP_DigestVerifyFinal
d2i_X509_NAME
i2d_X509
X509_NAME_cmp
ASN1_ANY_it
BN_ucmp
ASN1_TYPE_get
ASN1_item_new
RSA_size
RSA_private_decrypt
DH_get0_pqg
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_EncryptFinal
EVP_PKEY_decrypt_init
EVP_PKEY_decrypt
HMAC_CTX_new
HMAC_CTX_free
HMAC_Init_ex
HMAC_Update
HMAC_Final
EVP_PKEY_new_mac_key
BN_new
BN_set_word
BN_get_rfc2409_prime_1024
BN_get_rfc3526_prime_2048
BN_get_rfc3526_prime_3072
BN_get_rfc3526_prime_4096
BN_get_rfc3526_prime_8192
OBJ_ln2nid
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_DecryptFinal
EVP_PKEY_get0
EVP_PKEY_get_default_digest_nid
HMAC_size
EC_GROUP_method_of
EC_METHOD_get_field_type
EC_KEY_get_conv_form
X509_get_signature_info
X509_get_signature_nid
X509_get_issuer_name
X509_chain_check_suiteb
ERR_set_mark
ERR_pop_to_mark
BN_clear_free
BN_copy
BN_dup
SRP_create_verifier_BN
SRP_check_known_gN_param
SRP_get_default_gN
SRP_Calc_server_key
SRP_Calc_B
SRP_Verify_A_mod_N
SRP_Calc_u
SRP_Calc_x
SRP_Calc_A
SRP_Calc_client_key
SRP_Verify_B_mod_N
EVP_CIPHER_flags
EVP_MD_CTX_md
EVP_MD_size
ERR_add_error_data
BIO_snprintf
CRYPTO_malloc
BUF_MEM_grow
OPENSSL_sk_push
OPENSSL_sk_find
OPENSSL_sk_free
OPENSSL_sk_new_null
ERR_clear_error
BIO_ADDR_clear
BIO_ADDR_free
BIO_ADDR_new
BIO_read
BIO_test_flags
ERR_put_error
BIO_copy_next_retry
BIO_f_buffer
BIO_s_connect
BIO_set_retry_reason
BIO_get_retry_reason
BIO_set_next
BIO_next
BIO_find_type
BIO_push
BIO_callback_ctrl
EVP_CIPHER_CTX_block_size
EVP_CIPHER_iv_length
EVP_CIPHER_block_size
BIO_ctrl
BIO_write
COMP_expand_block
COMP_compress_block
BIO_up_ref
BIO_get_shutdown
BIO_set_shutdown
BIO_get_init
BIO_set_init
BIO_get_data
BIO_set_data
BIO_free
BIO_new
BIO_method_type
BIO_clear_flags
BIO_set_flags
CRYPTO_free
CRYPTO_memcmp
X509_VERIFY_PARAM_set_depth
EVP_CIPHER_CTX_iv_length
CRYPTO_secure_zalloc
CRYPTO_zalloc

kernel32

InitializeSListHead
SetLastError
GetSystemTime
SystemTimeToFileTime
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetStartupInfoW
DisableThreadLibraryCalls
IsDebuggerPresent
GetModuleHandleW

vcruntime140

memmove
strchr
memset
memcpy
memchr
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

strncmp
_strnicmp
_stricmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

_errno
terminate
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLS_client_method
DTLS_get_data_mtu
DTLS_method
DTLS_server_method
DTLS_set_timer_cb
DTLSv1_2_client_method
DTLSv1_2_method
DTLSv1_2_server_method
DTLSv1_client_method
DTLSv1_listen
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
OPENSSL_cipher_name
OPENSSL_init_ssl
PEM_read_SSL_SESSION
PEM_read_bio_SSL_SESSION
PEM_write_SSL_SESSION
PEM_write_bio_SSL_SESSION
SRP_Calc_A_param
SSL_CIPHER_description
SSL_CIPHER_find
SSL_CIPHER_get_auth_nid
SSL_CIPHER_get_bits
SSL_CIPHER_get_cipher_nid
SSL_CIPHER_get_digest_nid
SSL_CIPHER_get_handshake_digest
SSL_CIPHER_get_id
SSL_CIPHER_get_kx_nid
SSL_CIPHER_get_name
SSL_CIPHER_get_protocol_id
SSL_CIPHER_get_version
SSL_CIPHER_is_aead
SSL_CIPHER_standard_name
SSL_COMP_add_compression_method
SSL_COMP_get0_name
SSL_COMP_get_compression_methods
SSL_COMP_get_id
SSL_COMP_get_name
SSL_COMP_set0_compression_methods
SSL_CONF_CTX_clear_flags
SSL_CONF_CTX_finish
SSL_CONF_CTX_free
SSL_CONF_CTX_new
SSL_CONF_CTX_set1_prefix
SSL_CONF_CTX_set_flags
SSL_CONF_CTX_set_ssl
SSL_CONF_CTX_set_ssl_ctx
SSL_CONF_cmd
SSL_CONF_cmd_argv
SSL_CONF_cmd_value_type
SSL_CTX_SRP_CTX_free
SSL_CTX_SRP_CTX_init
SSL_CTX_add1_to_CA_list
SSL_CTX_add_client_CA
SSL_CTX_add_client_custom_ext
SSL_CTX_add_custom_ext
SSL_CTX_add_server_custom_ext
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_clear_options
SSL_CTX_config
SSL_CTX_ct_is_enabled
SSL_CTX_ctrl
SSL_CTX_dane_clear_flags
SSL_CTX_dane_enable
SSL_CTX_dane_mtype_set
SSL_CTX_dane_set_flags
SSL_CTX_enable_ct
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get0_CA_list
SSL_CTX_get0_certificate
SSL_CTX_get0_ctlog_store
SSL_CTX_get0_param
SSL_CTX_get0_privatekey
SSL_CTX_get0_security_ex_data
SSL_CTX_get_cert_store
SSL_CTX_get_ciphers
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_default_passwd_cb
SSL_CTX_get_default_passwd_cb_userdata
SSL_CTX_get_ex_data
SSL_CTX_get_info_callback
SSL_CTX_get_keylog_callback
SSL_CTX_get_max_early_data
SSL_CTX_get_num_tickets
SSL_CTX_get_options
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_record_padding_callback_arg
SSL_CTX_get_recv_max_early_data
SSL_CTX_get_security_callback
SSL_CTX_get_security_level
SSL_CTX_get_ssl_method
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_has_client_custom_ext
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set0_CA_list
SSL_CTX_set0_ctlog_store
SSL_CTX_set0_security_ex_data
SSL_CTX_set1_cert_store
SSL_CTX_set1_param
SSL_CTX_set_allow_early_data_cb
SSL_CTX_set_alpn_protos
SSL_CTX_set_alpn_select_cb
SSL_CTX_set_block_padding
SSL_CTX_set_cert_cb
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_ciphersuites
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_client_hello_cb
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_ct_validation_callback
SSL_CTX_set_ctlog_list_file
SSL_CTX_set_default_ctlog_list_file
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_read_buffer_len
SSL_CTX_set_default_verify_dir
SSL_CTX_set_default_verify_file
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_keylog_callback
SSL_CTX_set_max_early_data
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_not_resumable_session_callback
SSL_CTX_set_num_tickets
SSL_CTX_set_options
SSL_CTX_set_post_handshake_auth
SSL_CTX_set_psk_client_callback
SSL_CTX_set_psk_find_session_callback
SSL_CTX_set_psk_server_callback
SSL_CTX_set_psk_use_session_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_record_padding_callback
SSL_CTX_set_record_padding_callback_arg
SSL_CTX_set_recv_max_early_data
SSL_CTX_set_security_callback
SSL_CTX_set_security_level
SSL_CTX_set_session_id_context
SSL_CTX_set_session_ticket_cb
SSL_CTX_set_srp_cb_arg
SSL_CTX_set_srp_client_pwd_callback
SSL_CTX_set_srp_password
SSL_CTX_set_srp_strength
SSL_CTX_set_srp_username
SSL_CTX_set_srp_username_callback
SSL_CTX_set_srp_verify_param_callback
SSL_CTX_set_ssl_version
SSL_CTX_set_stateless_cookie_generate_cb
SSL_CTX_set_stateless_cookie_verify_cb
SSL_CTX_set_timeout
SSL_CTX_set_tlsext_max_fragment_length
SSL_CTX_set_tlsext_use_srtp
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_up_ref
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_cert_and_key
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_CTX_use_psk_identity_hint
SSL_CTX_use_serverinfo
SSL_CTX_use_serverinfo_ex
SSL_CTX_use_serverinfo_file
SSL_SESSION_dup
SSL_SESSION_free
SSL_SESSION_get0_alpn_selected
SSL_SESSION_get0_cipher
SSL_SESSION_get0_hostname
SSL_SESSION_get0_id_context
SSL_SESSION_get0_peer
SSL_SESSION_get0_ticket
SSL_SESSION_get0_ticket_appdata
SSL_SESSION_get_compress_id
SSL_SESSION_get_ex_data
SSL_SESSION_get_id
SSL_SESSION_get_master_key
SSL_SESSION_get_max_early_data
SSL_SESSION_get_max_fragment_length
SSL_SESSION_get_protocol_version
SSL_SESSION_get_ticket_lifetime_hint
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_has_ticket
SSL_SESSION_is_resumable
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_print_keylog
SSL_SESSION_set1_alpn_selected
SSL_SESSION_set1_hostname
SSL_SESSION_set1_id
SSL_SESSION_set1_id_context
SSL_SESSION_set1_master_key
SSL_SESSION_set1_ticket_appdata
SSL_SESSION_set_cipher
SSL_SESSION_set_ex_data
SSL_SESSION_set_max_early_data
SSL_SESSION_set_protocol_version
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_SESSION_up_ref
SSL_SRP_CTX_free
SSL_SRP_CTX_init
SSL_accept
SSL_add1_host
SSL_add1_to_CA_list
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_add_ssl_module
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_alloc_buffers
SSL_bytes_to_cipher_list
SSL_callback_ctrl
SSL_certs_clear
SSL_check_chain
SSL_check_private_key
SSL_clear
SSL_clear_options
SSL_client_hello_get0_ciphers
SSL_client_hello_get0_compression_methods
SSL_client_hello_get0_ext
SSL_client_hello_get0_legacy_version
SSL_client_hello_get0_random
SSL_client_hello_get0_session_id
SSL_client_hello_get1_extensions_present
SSL_client_hello_isv2
SSL_client_version
SSL_config
SSL_connect
SSL_copy_session_id
SSL_ct_is_enabled
SSL_ctrl
SSL_dane_clear_flags
SSL_dane_enable
SSL_dane_set_flags
SSL_dane_tlsa_add
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_enable_ct
SSL_export_keying_material
SSL_export_keying_material_early
SSL_extension_supported
SSL_free
SSL_free_buffers
SSL_get0_CA_list
SSL_get0_alpn_selected
SSL_get0_dane
SSL_get0_dane_authority
SSL_get0_dane_tlsa
SSL_get0_next_proto_negotiated
SSL_get0_param
SSL_get0_peer_CA_list
SSL_get0_peer_scts
SSL_get0_peername
SSL_get0_security_ex_data
SSL_get0_verified_chain
SSL_get1_session
SSL_get1_supported_ciphers
SSL_get_SSL_CTX
SSL_get_all_async_fds
SSL_get_certificate
SSL_get_changed_async_fds
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_client_ciphers
SSL_get_client_random
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_passwd_cb
SSL_get_default_passwd_cb_userdata
SSL_get_default_timeout
SSL_get_early_data_status
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_key_update_type
SSL_get_max_early_data
SSL_get_num_tickets
SSL_get_options
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_peer_signature_type_nid
SSL_get_pending_cipher
SSL_get_privatekey
SSL_get_psk_identity
SSL_get_psk_identity_hint
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_record_padding_callback_arg
SSL_get_recv_max_early_data
SSL_get_rfd
SSL_get_security_callback
SSL_get_security_level
SSL_get_selected_srtp_profile
SSL_get_server_random
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shared_sigalgs
SSL_get_shutdown
SSL_get_sigalgs
SSL_get_signature_type_nid
SSL_get_srp_N
SSL_get_srp_g
SSL_get_srp_userinfo
SSL_get_srp_username
SSL_get_srtp_profiles
SSL_get_ssl_method
SSL_get_state
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_has_pending
SSL_in_before
SSL_in_init
SSL_is_dtls
SSL_is_init_finished
SSL_is_server
SSL_key_update
SSL_load_client_CA_file
SSL_new
SSL_peek
SSL_peek_ex
SSL_pending
SSL_read
SSL_read_early_data
SSL_read_ex
SSL_renegotiate
SSL_renegotiate_abbreviated
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_select_next_proto
SSL_session_reused
SSL_set0_CA_list
SSL_set0_rbio
SSL_set0_security_ex_data
SSL_set0_wbio
SSL_set1_host
SSL_set1_param
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_allow_early_data_cb
SSL_set_alpn_protos
SSL_set_bio
SSL_set_block_padding
SSL_set_cert_cb
SSL_set_cipher_list
SSL_set_ciphersuites
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_ct_validation_callback
SSL_set_debug
SSL_set_default_passwd_cb
SSL_set_default_passwd_cb_userdata
SSL_set_default_read_buffer_len
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_hostflags
SSL_set_info_callback
SSL_set_max_early_data
SSL_set_msg_callback
SSL_set_not_resumable_session_callback
SSL_set_num_tickets
SSL_set_options
SSL_set_post_handshake_auth
SSL_set_psk_client_callback
SSL_set_psk_find_session_callback
SSL_set_psk_server_callback
SSL_set_psk_use_session_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_record_padding_callback
SSL_set_record_padding_callback_arg
SSL_set_recv_max_early_data
SSL_set_rfd
SSL_set_security_callback
SSL_set_security_level
SSL_set_session
SSL_set_session_id_context
SSL_set_session_secret_cb
SSL_set_session_ticket_ext
SSL_set_session_ticket_ext_cb
SSL_set_shutdown
SSL_set_srp_server_param
SSL_set_srp_server_param_pw
SSL_set_ssl_method
SSL_set_tlsext_max_fragment_length
SSL_set_tlsext_use_srtp
SSL_set_tmp_dh_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_srp_server_param_with_username
SSL_state_string
SSL_state_string_long
SSL_stateless
SSL_up_ref
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_cert_and_key
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_chain_file
SSL_use_certificate_file
SSL_use_psk_identity_hint
SSL_verify_client_post_handshake
SSL_version
SSL_waiting_for_async
SSL_want
SSL_write
SSL_write_early_data
SSL_write_ex
TLS_client_method
TLS_method
TLS_server_method
TLSv1_1_client_method
TLSv1_1_method
TLSv1_1_server_method
TLSv1_2_client_method
TLSv1_2_method
TLSv1_2_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION

Sections

.text
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/libxml2.dll
.dll windows:6 windows x86 arch:x86

7b762ec005dd22e5756dde4ce9289def

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

recv
send
socket
gethostbyaddr
gethostbyname
getservbyport
getservbyname
WSAStartup
WSACleanup
WSASetLastError
select
ntohs
inet_ntoa
inet_addr
htons
htonl
getsockopt
ioctlsocket
connect
closesocket
WSAGetLastError
__WSAFDIsSet

kernel32

SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
MultiByteToWideChar
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
Sleep
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
DuplicateHandle
InitializeCriticalSection
EnterCriticalSection
UnhandledExceptionFilter

vcruntime140

strstr
memchr
_except_handler4_common
memset
memmove
memcpy
strchr
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

_lseeki64
_wopen
__acrt_iob_func
fread
fflush
ferror
_wfopen
_open
_close
_read
_write
_fileno
_dup
_getcwd
fwrite
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
fclose
fopen
fputc
__stdio_common_vsprintf_s

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

strcpy_s
strncpy_s
toupper
strcat_s
strncmp
strncpy

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32
_stat64i32

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
calloc

api-ms-win-crt-utility-l1-1-0

rand
srand
bsearch

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_seh_filter_dll
_cexit
exit
_endthread
_beginthread
_errno
_initialize_onexit_table
strerror
_initterm
_initterm_e
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

strtol
wcstombs
strtoul

api-ms-win-crt-math-l1-1-0

ceil
floor
_libm_sse2_pow_precise
_libm_sse2_log10_precise
_CIfmod
_dclass
_except1

Exports

Exports

UTF8ToHtml
UTF8Toisolat1
__htmlDefaultSAXHandler
__oldXMLWDcompatibility
__xmlBufferAllocScheme
__xmlDefaultBufferSize
__xmlDefaultSAXHandler
__xmlDefaultSAXLocator
__xmlDeregisterNodeDefaultValue
__xmlDoValidityCheckingDefaultValue
__xmlErrEncoding
__xmlGenericError
__xmlGenericErrorContext
__xmlGetWarningsDefaultValue
__xmlIndentTreeOutput
__xmlKeepBlanksDefaultValue
__xmlLastError
__xmlLineNumbersDefaultValue
__xmlLoadExtDtdDefaultValue
__xmlOutputBufferCreateFilenameValue
__xmlParserDebugEntities
__xmlParserInputBufferCreateFilenameValue
__xmlParserVersion
__xmlPedanticParserDefaultValue
__xmlRaiseError
__xmlRegisterNodeDefaultValue
__xmlSaveNoEmptyTags
__xmlSimpleError
__xmlStructuredError
__xmlStructuredErrorContext
__xmlSubstituteEntitiesDefaultValue
__xmlTreeIndentString
htmlAttrAllowed
htmlAutoCloseTag
htmlCreateFileParserCtxt
htmlCreateMemoryParserCtxt
htmlCreatePushParserCtxt
htmlCtxtReadDoc
htmlCtxtReadFd
htmlCtxtReadFile
htmlCtxtReadIO
htmlCtxtReadMemory
htmlCtxtReset
htmlCtxtUseOptions
htmlDefaultSAXHandlerInit
htmlDocContentDumpFormatOutput
htmlDocContentDumpOutput
htmlDocDump
htmlDocDumpMemory
htmlDocDumpMemoryFormat
htmlElementAllowedHere
htmlElementStatusHere
htmlEncodeEntities
htmlEntityLookup
htmlEntityValueLookup
htmlFreeParserCtxt
htmlGetMetaEncoding
htmlHandleOmittedElem
htmlInitAutoClose
htmlIsAutoClosed
htmlIsBooleanAttr
htmlIsScriptAttribute
htmlNewDoc
htmlNewDocNoDtD
htmlNewParserCtxt
htmlNodeDump
htmlNodeDumpFile
htmlNodeDumpFileFormat
htmlNodeDumpFormatOutput
htmlNodeDumpOutput
htmlNodeStatus
htmlParseCharRef
htmlParseChunk
htmlParseDoc
htmlParseDocument
htmlParseElement
htmlParseEntityRef
htmlParseFile
htmlReadDoc
htmlReadFd
htmlReadFile
htmlReadIO
htmlReadMemory
htmlSAXParseDoc
htmlSAXParseFile
htmlSaveFile
htmlSaveFileEnc
htmlSaveFileFormat
htmlSetMetaEncoding
htmlTagLookup
initGenericErrorDefaultFunc
inputPop
inputPush
isolat1ToUTF8
namePop
namePush
nodePop
nodePush
valuePop
valuePush
xlinkGetDefaultDetect
xlinkGetDefaultHandler
xlinkIsLink
xlinkSetDefaultDetect
xlinkSetDefaultHandler
xmlACatalogAdd
xmlACatalogDump
xmlACatalogRemove
xmlACatalogResolve
xmlACatalogResolvePublic
xmlACatalogResolveSystem
xmlACatalogResolveURI
xmlAddAttributeDecl
xmlAddChild
xmlAddChildList
xmlAddDocEntity
xmlAddDtdEntity
xmlAddElementDecl
xmlAddEncodingAlias
xmlAddID
xmlAddNextSibling
xmlAddNotationDecl
xmlAddPrevSibling
xmlAddRef
xmlAddSibling
xmlAllocOutputBuffer
xmlAllocParserInputBuffer
xmlAttrSerializeTxtContent
xmlAutomataCompile
xmlAutomataGetInitState
xmlAutomataIsDeterminist
xmlAutomataNewAllTrans
xmlAutomataNewCountTrans
xmlAutomataNewCountTrans2
xmlAutomataNewCountedTrans
xmlAutomataNewCounter
xmlAutomataNewCounterTrans
xmlAutomataNewEpsilon
xmlAutomataNewNegTrans
xmlAutomataNewOnceTrans
xmlAutomataNewOnceTrans2
xmlAutomataNewState
xmlAutomataNewTransition
xmlAutomataNewTransition2
xmlAutomataSetFinalState
xmlBoolToText
xmlBufContent
xmlBufEnd
xmlBufGetNodeContent
xmlBufNodeDump
xmlBufShrink
xmlBufUse
xmlBufferAdd
xmlBufferAddHead
xmlBufferCCat
xmlBufferCat
xmlBufferContent
xmlBufferCreate
xmlBufferCreateSize
xmlBufferCreateStatic
xmlBufferDetach
xmlBufferDump
xmlBufferEmpty
xmlBufferFree
xmlBufferGrow
xmlBufferLength
xmlBufferResize
xmlBufferSetAllocationScheme
xmlBufferShrink
xmlBufferWriteCHAR
xmlBufferWriteChar
xmlBufferWriteQuotedString
xmlBuildQName
xmlBuildRelativeURI
xmlBuildURI
xmlByteConsumed
xmlC14NDocDumpMemory
xmlC14NDocSave
xmlC14NDocSaveTo
xmlC14NExecute
xmlCanonicPath
xmlCatalogAdd
xmlCatalogAddLocal
xmlCatalogCleanup
xmlCatalogConvert
xmlCatalogDump
xmlCatalogFreeLocal
xmlCatalogGetDefaults
xmlCatalogGetPublic
xmlCatalogGetSystem
xmlCatalogIsEmpty
xmlCatalogLocalResolve
xmlCatalogLocalResolveURI
xmlCatalogRemove
xmlCatalogResolve
xmlCatalogResolvePublic
xmlCatalogResolveSystem
xmlCatalogResolveURI
xmlCatalogSetDebug
xmlCatalogSetDefaultPrefer
xmlCatalogSetDefaults
xmlCharEncCloseFunc
xmlCharEncFirstLine
xmlCharEncInFunc
xmlCharEncOutFunc
xmlCharInRange
xmlCharStrdup
xmlCharStrndup
xmlCheckFilename
xmlCheckHTTPInput
xmlCheckLanguageID
xmlCheckUTF8
xmlCheckVersion
xmlChildElementCount
xmlCleanupCharEncodingHandlers
xmlCleanupEncodingAliases
xmlCleanupGlobals
xmlCleanupInputCallbacks
xmlCleanupMemory
xmlCleanupOutputCallbacks
xmlCleanupParser
xmlCleanupThreads
xmlClearNodeInfoSeq
xmlClearParserCtxt
xmlConvertSGMLCatalog
xmlCopyAttributeTable
xmlCopyChar
xmlCopyCharMultiByte
xmlCopyDoc
xmlCopyDocElementContent
xmlCopyDtd
xmlCopyElementContent
xmlCopyElementTable
xmlCopyEntitiesTable
xmlCopyEnumeration
xmlCopyError
xmlCopyNamespace
xmlCopyNamespaceList
xmlCopyNode
xmlCopyNodeList
xmlCopyNotationTable
xmlCopyProp
xmlCopyPropList
xmlCreateDocParserCtxt
xmlCreateEntitiesTable
xmlCreateEntityParserCtxt
xmlCreateEnumeration
xmlCreateFileParserCtxt
xmlCreateIOParserCtxt
xmlCreateIntSubset
xmlCreateMemoryParserCtxt
xmlCreatePushParserCtxt
xmlCreateURI
xmlCreateURLParserCtxt
xmlCtxtGetLastError
xmlCtxtReadDoc
xmlCtxtReadFd
xmlCtxtReadFile
xmlCtxtReadIO
xmlCtxtReadMemory
xmlCtxtReset
xmlCtxtResetLastError
xmlCtxtResetPush
xmlCtxtUseOptions
xmlCurrentChar
xmlDOMWrapAdoptNode
xmlDOMWrapCloneNode
xmlDOMWrapFreeCtxt
xmlDOMWrapNewCtxt
xmlDOMWrapReconcileNamespaces
xmlDOMWrapRemoveNode
xmlDebugCheckDocument
xmlDebugDumpAttr
xmlDebugDumpAttrList
xmlDebugDumpDTD
xmlDebugDumpDocument
xmlDebugDumpDocumentHead
xmlDebugDumpEntities
xmlDebugDumpNode
xmlDebugDumpNodeList
xmlDebugDumpOneNode
xmlDebugDumpString
xmlDefaultSAXHandlerInit
xmlDelEncodingAlias
xmlDeregisterNodeDefault
xmlDetectCharEncoding
xmlDictCleanup
xmlDictCreate
xmlDictCreateSub
xmlDictExists
xmlDictFree
xmlDictGetUsage
xmlDictLookup
xmlDictOwns
xmlDictQLookup
xmlDictReference
xmlDictSetLimit
xmlDictSize
xmlDocCopyNode
xmlDocCopyNodeList
xmlDocDump
xmlDocDumpFormatMemory
xmlDocDumpFormatMemoryEnc
xmlDocDumpMemory
xmlDocDumpMemoryEnc
xmlDocFormatDump
xmlDocGetRootElement
xmlDocSetRootElement
xmlDumpAttributeDecl
xmlDumpAttributeTable
xmlDumpElementDecl
xmlDumpElementTable
xmlDumpEntitiesTable
xmlDumpEntityDecl
xmlDumpNotationDecl
xmlDumpNotationTable
xmlElemDump
xmlEncodeEntitiesReentrant
xmlEncodeSpecialChars
xmlErrMemory
xmlEscapeFormatString
xmlFileClose
xmlFileMatch
xmlFileOpen
xmlFileRead
xmlFindCharEncodingHandler
xmlFirstElementChild
xmlFree
xmlFreeAttributeTable
xmlFreeAutomata
xmlFreeCatalog
xmlFreeDoc
xmlFreeDocElementContent
xmlFreeDtd
xmlFreeElementContent
xmlFreeElementTable
xmlFreeEntitiesTable
xmlFreeEnumeration
xmlFreeIDTable
xmlFreeInputStream
xmlFreeMutex
xmlFreeNode
xmlFreeNodeList
xmlFreeNotationTable
xmlFreeNs
xmlFreeNsList
xmlFreeParserCtxt
xmlFreeParserInputBuffer
xmlFreePattern
xmlFreePatternList
xmlFreeProp
xmlFreePropList
xmlFreeRMutex
xmlFreeRefTable
xmlFreeStreamCtxt
xmlFreeTextReader
xmlFreeTextWriter
xmlFreeURI
xmlFreeValidCtxt
xmlGcMemGet
xmlGcMemSetup
xmlGetBufferAllocationScheme
xmlGetCharEncodingHandler
xmlGetCharEncodingName
xmlGetCompressMode
xmlGetDocCompressMode
xmlGetDocEntity
xmlGetDtdAttrDesc
xmlGetDtdElementDesc
xmlGetDtdEntity
xmlGetDtdNotationDesc
xmlGetDtdQAttrDesc
xmlGetDtdQElementDesc
xmlGetEncodingAlias
xmlGetExternalEntityLoader
xmlGetGlobalState
xmlGetID
xmlGetIntSubset
xmlGetLastChild
xmlGetLastError
xmlGetLineNo
xmlGetNoNsProp
xmlGetNodePath
xmlGetNsList
xmlGetNsProp
xmlGetParameterEntity
xmlGetPredefinedEntity
xmlGetProp
xmlGetRefs
xmlGetThreadId
xmlGetUTF8Char
xmlHasFeature
xmlHasNsProp
xmlHasProp
xmlHashAddEntry
xmlHashAddEntry2
xmlHashAddEntry3
xmlHashCopy
xmlHashCreate
xmlHashCreateDict
xmlHashDefaultDeallocator
xmlHashFree
xmlHashLookup
xmlHashLookup2
xmlHashLookup3
xmlHashQLookup
xmlHashQLookup2
xmlHashQLookup3
xmlHashRemoveEntry
xmlHashRemoveEntry2
xmlHashRemoveEntry3
xmlHashScan
xmlHashScan3
xmlHashScanFull
xmlHashScanFull3
xmlHashSize
xmlHashUpdateEntry
xmlHashUpdateEntry2
xmlHashUpdateEntry3
xmlIOHTTPClose
xmlIOHTTPMatch
xmlIOHTTPOpen
xmlIOHTTPOpenW
xmlIOHTTPRead
xmlIOParseDTD
xmlInitCharEncodingHandlers
xmlInitGlobals
xmlInitMemory
xmlInitNodeInfoSeq
xmlInitParser
xmlInitParserCtxt
xmlInitThreads
xmlInitializeCatalog
xmlInitializeDict
xmlInitializeGlobalState
xmlIsBaseChar
xmlIsBaseCharGroup
xmlIsBlank
xmlIsBlankNode
xmlIsChar
xmlIsCharGroup
xmlIsCombining
xmlIsCombiningGroup
xmlIsDigit
xmlIsDigitGroup
xmlIsExtender
xmlIsExtenderGroup
xmlIsID
xmlIsIdeographic
xmlIsIdeographicGroup
xmlIsLetter
xmlIsMainThread
xmlIsMixedElement
xmlIsPubidChar
xmlIsPubidChar_tab
xmlIsRef
xmlIsXHTML
xmlKeepBlanksDefault
xmlLastElementChild
xmlLineNumbersDefault
xmlLinkGetData
xmlListAppend
xmlListClear
xmlListCopy
xmlListCreate
xmlListDelete
xmlListDup
xmlListEmpty
xmlListEnd
xmlListFront
xmlListInsert
xmlListMerge
xmlListPopBack
xmlListPopFront
xmlListPushBack
xmlListPushFront
xmlListRemoveAll
xmlListRemoveFirst
xmlListRemoveLast
xmlListReverse
xmlListReverseSearch
xmlListReverseWalk
xmlListSearch
xmlListSize
xmlListSort
xmlListWalk
xmlLoadACatalog
xmlLoadCatalog
xmlLoadCatalogs
xmlLoadExternalEntity
xmlLoadSGMLSuperCatalog
xmlLockLibrary
xmlLsCountNode
xmlLsOneNode
xmlMalloc
xmlMallocAtomic
xmlMallocAtomicLoc
xmlMallocLoc
xmlMemBlocks
xmlMemDisplay

Sections

.text
Size: 765KB - Virtual size: 765KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/msvcp140.dll
.dll windows:6 windows x86 arch:x86

6dbd7763e94344402d4206b7bab40e1f

Code Sign

33:00:00:00:f3:67:3d:83:61:98:0f:1c:a6:00:00:00:00:00:f3
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:19

Not After

23/11/2019, 20:19

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:F6FF-2DA7-BB75,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:10:da:22:0d:a5:13:d1:15:42:f3:81:b9:b7:fd:51:49:e7:ed:ae:02:29:2e:ad:81:b7:c2:b1:1e:b7:45:5d
Signer

Actual PE Digest

52:10:da:22:0d:a5:13:d1:15:42:f3:81:b9:b7:fd:51:49:e7:ed:ae:02:29:2e:ad:81:b7:c2:b1:1e:b7:45:5d

Digest Algorithm

sha256

PE Digest Matches

true

11:97:14:5a:0a:50:e7:57:e3:ec:f6:60:3b:cf:a9:e5:7e:b3:02:8b
Signer

Actual PE Digest

11:97:14:5a:0a:50:e7:57:e3:ec:f6:60:3b:cf:a9:e5:7e:b3:02:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb

Imports

vcruntime140

_except_handler4_common
__uncaught_exceptions
__uncaught_exception
memmove
__std_terminate
_purecall
__CxxFrameHandler3
_CxxThrowException
__AdjustPointer
__processing_throw
__current_exception
__std_exception_destroy
__std_exception_copy
memset
memcmp
memchr
__std_type_info_destroy_list
memcpy

api-ms-win-crt-heap-l1-1-0

_callnewh
free
calloc
malloc
realloc

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
___lc_locale_name_func
___lc_collate_cp_func
localeconv
___lc_codepage_func
_lock_locales
_unlock_locales
setlocale
__pctype_func

api-ms-win-crt-string-l1-1-0

__strncnt
tolower
isalnum
isxdigit
isspace
wcsnlen
isdigit
wcscpy_s
_wcsdup
islower
isupper
iswctype
strcspn

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_register_onexit_function
_set_new_handler
terminate
_crt_atexit
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
abort
_initterm
_initterm_e
_initialize_onexit_table
_beginthreadex
_endthreadex
_errno

api-ms-win-crt-stdio-l1-1-0

fputwc
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputs
fgetc
fflush
fclose
_get_stream_buffer_pointers
_wfsopen
_fsopen
__acrt_iob_func
fgetpos
fseek
fputc
__stdio_common_vsprintf_s
fgetwc
ungetwc

api-ms-win-crt-math-l1-1-0

ldexp
_CIpow
_CIlog
frexp

api-ms-win-crt-convert-l1-1-0

btowc
strtod
strtof

api-ms-win-crt-filesystem-l1-1-0

_wchdir
_wrmdir
_unlock_file
_wremove
_lock_file
_wrename

api-ms-win-crt-time-l1-1-0

_W_Getdays
_Getmonths
_Strftime
_Wcsftime
_Getdays
_Gettnames
_W_Gettnames
_W_Getmonths

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-utility-l1-1-0

rand_s

kernel32

RtlCaptureStackBackTrace
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
GetModuleHandleExW
QueueUserWorkItem
IsProcessorFeaturePresent
CloseHandle
TryEnterCriticalSection
FormatMessageW
CreateHardLinkW
CopyFileW
GetLastError
AreFileApisANSI
GetTempPathW
SetFileTime
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
CreateDirectoryW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
RaiseException
DecodePointer
EncodePointer

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QAE@ABV01@@Z
??0?$_Yarn@D@std@@QAE@PBD@Z
??0?$_Yarn@D@std@@QAE@XZ
??0?$_Yarn@G@std@@QAE@ABV01@@Z
??0?$_Yarn@G@std@@QAE@PBG@Z
??0?$_Yarn@G@std@@QAE@XZ
??0?$_Yarn@_W@std@@QAE@ABV01@@Z
??0?$_Yarn@_W@std@@QAE@PB_W@Z
??0?$_Yarn@_W@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@KW4_Codecvt_mode@1@I@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@KW4_Codecvt_mode@1@I@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QAE@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Facet_base@std@@QAE@ABV01@@Z
??0_Facet_base@std@@QAE@XZ
??0_Init_locks@std@@QAE@XZ
??0_Locimp@locale@std@@AAE@ABV012@@Z
??0_Locimp@locale@std@@AAE@_N@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0_Lockit@std@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_UShinit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0facet@locale@std@@IAE@I@Z
??0id@locale@std@@QAE@I@Z
??0ios_base@std@@IAE@XZ
??0task_continuation_context@Concurrency@@AAE@XZ
??0time_base@std@@QAE@I@Z
??1?$_Yarn@D@std@@QAE@XZ
??1?$_Yarn@G@std@@QAE@XZ
??1?$_Yarn@_W@std@@QAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MAE@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??1?$ctype@D@std@@MAE@XZ
??1?$ctype@G@std@@MAE@XZ
??1?$ctype@_W@std@@MAE@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Facet_base@std@@UAE@XZ
??1_Init_locks@std@@QAE@XZ
??1_Locimp@locale@std@@MAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Timevec@std@@QAE@XZ
??1_UShinit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1codecvt_base@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??1facet@locale@std@@MAE@XZ
??1ios_base@std@@UAE@XZ
??1time_base@std@@UAE@XZ
??4?$_Iosb@H@std@@QAEAAV01@$$QAV01@@Z
??4?$_Iosb@H@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??4?$_Yarn@G@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@G@std@@QAEAAV01@PBG@Z
??4?$_Yarn@_W@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@_W@std@@QAEAAV01@PB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEAAV01@ABV01@@Z
??4Init@ios_base@std@@QAEAAV012@ABV012@@Z
??4_Crt_new_delete@std@@QAEAAU01@$$QAU01@@Z
??4_Crt_new_delete@std@@QAEAAU01@ABU01@@Z
??4_Facet_base@std@@QAEAAV01@ABV01@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??4_Timevec@std@@QAEAAV01@ABV01@@Z
??4_UShinit@std@@QAEAAV01@ABV01@@Z
??4_Winit@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??7ios_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??Bios_base@std@@QBE_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QAEXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QAEXXZ
??_F?$ctype@D@std@@QAEXXZ
??_F?$ctype@G@std@@QAEXXZ
??_F?$ctype@_W@std@@QAEXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F_Locinfo@std@@QAEXXZ
??_F_Timevec@std@@QAEXXZ
??_Fcodecvt_base@std@@QAEXXZ
??_Fctype_base@std@@QAEXXZ
??_Ffacet@locale@std@@QAEXXZ
??_Fid@locale@std@@QAEXXZ
??_Ftime_base@std@@QAEXXZ
?CaptureCallstack@platform@details@Concurrency@@YAIPAPAXII@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Addcats@_Locinfo@std@@QAEAAV12@HPBD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Addstd@ios_base@std@@SAXPAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AAEXPAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QBEPBDXZ
?_C_str@?$_Yarn@G@std@@QBEPBGXZ
?_C_str@?$_Yarn@_W@std@@QBEPB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AAEXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_Clocptr@_Locimp@locale@std@@0PAV123@A
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IBEDGD@Z
?_Donarrow@?$ctype@_W@std@@IBED_WD@Z
?_Dowiden@?$ctype@G@std@@IBEGD@Z
?_Dowiden@?$ctype@_W@std@@IBE_WD@Z
?_Empty@?$_Yarn@D@std@@QBE_NXZ
?_Empty@?$_Yarn@G@std@@QBE_NXZ
?_Empty@?$_Yarn@_W@std@@QBE_NXZ
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADDH@Z
?_Findarr@ios_base@std@@AAEAAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBDI@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AAVios_base@2@GPBDI@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBDI@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@facet@locale@std@@SAIPAPBV123@PBV23@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QBEHXZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AAVios_base@2@PAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IBE?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HABVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HABVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HABVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAAHABV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAAHABV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAHAAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAAHABV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_Getname@_Locinfo@std@@QBEPBDXZ
?_Getptr@_Timevec@std@@QBEPAXXZ
?_Gettnames@_Locinfo@std@@QBE?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IBE_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBE_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Id_cnt@id@locale@std@@0HA
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADPBDH@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADPBDH@Z
?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADPBDH@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Index@ios_base@std@@0HA

Sections

.text
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/msvcp140_1.dll
.dll windows:6 windows x86 arch:x86

badc88dcecb53267a454e1969fb4ce2e

Code Sign

33:00:00:01:11:83:51:cb:64:c6:de:16:10:00:00:00:00:01:11
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:57C8-2D15-1C8B,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:80:e9:0f:78:72:ee:a1:a8:42:98:7d:7d:dc:5c:3f:8a:fd:7b:3f:d1:06:b8:77:94:b1:4f:90:24:aa:66:49
Signer

Actual PE Digest

c4:80:e9:0f:78:72:ee:a1:a8:42:98:7d:7d:dc:5c:3f:8a:fd:7b:3f:d1:06:b8:77:94:b1:4f:90:24:aa:66:49

Digest Algorithm

sha256

PE Digest Matches

true

5e:4f:97:6f:33:4e:01:bd:b4:e4:59:ea:9f:a7:72:ce:b8:d9:bf:90
Signer

Actual PE Digest

5e:4f:97:6f:33:4e:01:bd:b4:e4:59:ea:9f:a7:72:ce:b8:d9:bf:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140_1.i386.pdb

Imports

msvcp140

?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Xbad_alloc@std@@YAXXZ

vcruntime140

_except_handler4_common
__std_exception_destroy
__std_exception_copy
__std_type_info_destroy_list
_CxxThrowException
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_seh_filter_dll
terminate
_cexit
_execute_onexit_table
_initterm_e
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

free
_aligned_free
_callnewh
malloc
_aligned_malloc

kernel32

UnhandledExceptionFilter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
QueryPerformanceCounter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId

Exports

Exports

_Aligned_get_default_resource
_Aligned_new_delete_resource
_Aligned_set_default_resource
_Unaligned_get_default_resource
_Unaligned_new_delete_resource
_Unaligned_set_default_resource
null_memory_resource

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/msvcp140_2.dll
.dll windows:6 windows x86 arch:x86

93349915df9759fa7a16a326552ba61b

Code Sign

33:00:00:01:11:83:51:cb:64:c6:de:16:10:00:00:00:00:01:11
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:57C8-2D15-1C8B,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:04:78:3c:0c:fb:04:d9:75:14:e8:a3:91:45:3a:cc:f8:9b:d8:da:fc:9f:57:fc:34:04:1c:a2:87:e7:e6:b7
Signer

Actual PE Digest

14:04:78:3c:0c:fb:04:d9:75:14:e8:a3:91:45:3a:cc:f8:9b:d8:da:fc:9f:57:fc:34:04:1c:a2:87:e7:e6:b7

Digest Algorithm

sha256

PE Digest Matches

true

2a:60:e3:2c:f6:c4:30:44:68:f2:4a:87:5c:ac:27:e8:08:89:de:d5
Signer

Actual PE Digest

2a:60:e3:2c:f6:c4:30:44:68:f2:4a:87:5c:ac:27:e8:08:89:de:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140_2.i386.pdb

Imports

msvcp140

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?widen@?$ctype@D@std@@QBEDD@Z
?widen@?$ctype@D@std@@QBEPBDPBD0PAD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?clear@ios_base@std@@QAEXH_N@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Addstd@ios_base@std@@SAXPAV12@@Z
?_Init@ios_base@std@@IAEXXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
??Bid@locale@std@@QAEIXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QAE@XZ
??1ios_base@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z

vcruntime140

__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
memchr
memcmp
memcpy
memmove
__std_terminate
memset
_CxxThrowException
_purecall
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_errno
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_callnewh

api-ms-win-crt-math-l1-1-0

_CIsqrt
_CItan
ceil
floor
_CIlog
_CIsinh
_dtest
_fdtest
expm1
frexp
log1p
_CIsin
_CIatan
_CIfmod
_CIcos
ldexp
_CIcosh
_CIpow
_CIexp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

strcspn

api-ms-win-crt-locale-l1-1-0

localeconv

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent

Exports

Exports

___std_smf_assoc_laguerre@16
___std_smf_assoc_laguerref@12
___std_smf_assoc_legendre@16
___std_smf_assoc_legendref@12
___std_smf_beta@16
___std_smf_betaf@8
___std_smf_comp_ellint_1@8
___std_smf_comp_ellint_1f@4
___std_smf_comp_ellint_2@8
___std_smf_comp_ellint_2f@4
___std_smf_comp_ellint_3@16
___std_smf_comp_ellint_3f@8
___std_smf_cyl_bessel_i@16
___std_smf_cyl_bessel_if@8
___std_smf_cyl_bessel_j@16
___std_smf_cyl_bessel_jf@8
___std_smf_cyl_bessel_k@16
___std_smf_cyl_bessel_kf@8
___std_smf_cyl_neumann@16
___std_smf_cyl_neumannf@8
___std_smf_ellint_1@16
___std_smf_ellint_1f@8
___std_smf_ellint_2@16
___std_smf_ellint_2f@8
___std_smf_ellint_3@24
___std_smf_ellint_3f@12
___std_smf_expint@8
___std_smf_expintf@4
___std_smf_hermite@12
___std_smf_hermitef@8
___std_smf_hypot3@24
___std_smf_hypot3f@12
___std_smf_laguerre@12
___std_smf_laguerref@8
___std_smf_legendre@12
___std_smf_legendref@8
___std_smf_riemann_zeta@8
___std_smf_riemann_zetaf@4
___std_smf_sph_bessel@12
___std_smf_sph_besself@8
___std_smf_sph_legendre@16
___std_smf_sph_legendref@12
___std_smf_sph_neumann@12
___std_smf_sph_neumannf@8

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/nghttp2.dll
.dll windows:6 windows x86 arch:x86

59738f5daf24ba63a3fe727c021f2e93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

memmove
memcpy
__std_type_info_destroy_list
_except_handler4_common
memset

api-ms-win-crt-runtime-l1-1-0

_wassert
_initialize_onexit_table
_cexit
_initterm_e
_initterm
_initialize_narrow_environment
_seh_filter_dll
_configure_narrow_argv
abort
_execute_onexit_table

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc
calloc

api-ms-win-crt-math-l1-1-0

_except1

kernel32

DisableThreadLibraryCalls
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

Exports

Exports

nghttp2_check_authority
nghttp2_check_header_name
nghttp2_check_header_value
nghttp2_check_header_value_rfc9113
nghttp2_check_method
nghttp2_check_path
nghttp2_hd_deflate_bound
nghttp2_hd_deflate_change_table_size
nghttp2_hd_deflate_del
nghttp2_hd_deflate_get_dynamic_table_size
nghttp2_hd_deflate_get_max_dynamic_table_size
nghttp2_hd_deflate_get_num_table_entries
nghttp2_hd_deflate_get_table_entry
nghttp2_hd_deflate_hd
nghttp2_hd_deflate_hd_vec
nghttp2_hd_deflate_new
nghttp2_hd_deflate_new2
nghttp2_hd_inflate_change_table_size
nghttp2_hd_inflate_del
nghttp2_hd_inflate_end_headers
nghttp2_hd_inflate_get_dynamic_table_size
nghttp2_hd_inflate_get_max_dynamic_table_size
nghttp2_hd_inflate_get_num_table_entries
nghttp2_hd_inflate_get_table_entry
nghttp2_hd_inflate_hd
nghttp2_hd_inflate_hd2
nghttp2_hd_inflate_new
nghttp2_hd_inflate_new2
nghttp2_http2_strerror
nghttp2_is_fatal
nghttp2_nv_compare_name
nghttp2_option_del
nghttp2_option_new
nghttp2_option_set_builtin_recv_extension_type
nghttp2_option_set_max_deflate_dynamic_table_size
nghttp2_option_set_max_outbound_ack
nghttp2_option_set_max_reserved_remote_streams
nghttp2_option_set_max_send_header_block_length
nghttp2_option_set_max_settings
nghttp2_option_set_no_auto_ping_ack
nghttp2_option_set_no_auto_window_update
nghttp2_option_set_no_closed_streams
nghttp2_option_set_no_http_messaging
nghttp2_option_set_no_recv_client_magic
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation
nghttp2_option_set_peer_max_concurrent_streams
nghttp2_option_set_server_fallback_rfc7540_priorities
nghttp2_option_set_user_recv_extension_type
nghttp2_pack_settings_payload
nghttp2_priority_spec_check_default
nghttp2_priority_spec_default_init
nghttp2_priority_spec_init
nghttp2_rcbuf_decref
nghttp2_rcbuf_get_buf
nghttp2_rcbuf_incref
nghttp2_rcbuf_is_static
nghttp2_select_next_protocol
nghttp2_session_callbacks_del
nghttp2_session_callbacks_new
nghttp2_session_callbacks_set_before_frame_send_callback
nghttp2_session_callbacks_set_data_source_read_length_callback
nghttp2_session_callbacks_set_error_callback
nghttp2_session_callbacks_set_error_callback2
nghttp2_session_callbacks_set_on_begin_frame_callback
nghttp2_session_callbacks_set_on_begin_headers_callback
nghttp2_session_callbacks_set_on_data_chunk_recv_callback
nghttp2_session_callbacks_set_on_extension_chunk_recv_callback
nghttp2_session_callbacks_set_on_frame_not_send_callback
nghttp2_session_callbacks_set_on_frame_recv_callback
nghttp2_session_callbacks_set_on_frame_send_callback
nghttp2_session_callbacks_set_on_header_callback
nghttp2_session_callbacks_set_on_header_callback2
nghttp2_session_callbacks_set_on_invalid_frame_recv_callback
nghttp2_session_callbacks_set_on_invalid_header_callback
nghttp2_session_callbacks_set_on_invalid_header_callback2
nghttp2_session_callbacks_set_on_stream_close_callback
nghttp2_session_callbacks_set_pack_extension_callback
nghttp2_session_callbacks_set_recv_callback
nghttp2_session_callbacks_set_select_padding_callback
nghttp2_session_callbacks_set_send_callback
nghttp2_session_callbacks_set_send_data_callback
nghttp2_session_callbacks_set_unpack_extension_callback
nghttp2_session_change_extpri_stream_priority
nghttp2_session_change_stream_priority
nghttp2_session_check_request_allowed
nghttp2_session_check_server_session
nghttp2_session_client_new
nghttp2_session_client_new2
nghttp2_session_client_new3
nghttp2_session_consume
nghttp2_session_consume_connection
nghttp2_session_consume_stream
nghttp2_session_create_idle_stream
nghttp2_session_del
nghttp2_session_find_stream
nghttp2_session_get_effective_local_window_size
nghttp2_session_get_effective_recv_data_length
nghttp2_session_get_hd_deflate_dynamic_table_size
nghttp2_session_get_hd_inflate_dynamic_table_size
nghttp2_session_get_last_proc_stream_id
nghttp2_session_get_local_settings
nghttp2_session_get_local_window_size
nghttp2_session_get_next_stream_id
nghttp2_session_get_outbound_queue_size
nghttp2_session_get_remote_settings
nghttp2_session_get_remote_window_size
nghttp2_session_get_root_stream
nghttp2_session_get_stream_effective_local_window_size
nghttp2_session_get_stream_effective_recv_data_length
nghttp2_session_get_stream_local_close
nghttp2_session_get_stream_local_window_size
nghttp2_session_get_stream_remote_close
nghttp2_session_get_stream_remote_window_size
nghttp2_session_get_stream_user_data
nghttp2_session_mem_recv
nghttp2_session_mem_send
nghttp2_session_recv
nghttp2_session_resume_data
nghttp2_session_send
nghttp2_session_server_new
nghttp2_session_server_new2
nghttp2_session_server_new3
nghttp2_session_set_local_window_size
nghttp2_session_set_next_stream_id
nghttp2_session_set_stream_user_data
nghttp2_session_set_user_data
nghttp2_session_terminate_session
nghttp2_session_terminate_session2
nghttp2_session_upgrade
nghttp2_session_upgrade2
nghttp2_session_want_read
nghttp2_session_want_write
nghttp2_set_debug_vprintf_callback
nghttp2_stream_get_first_child
nghttp2_stream_get_next_sibling
nghttp2_stream_get_parent
nghttp2_stream_get_previous_sibling
nghttp2_stream_get_state
nghttp2_stream_get_stream_id
nghttp2_stream_get_sum_dependency_weight
nghttp2_stream_get_weight
nghttp2_strerror
nghttp2_submit_altsvc
nghttp2_submit_data
nghttp2_submit_extension
nghttp2_submit_goaway
nghttp2_submit_headers
nghttp2_submit_origin
nghttp2_submit_ping
nghttp2_submit_priority
nghttp2_submit_priority_update
nghttp2_submit_push_promise
nghttp2_submit_request
nghttp2_submit_response
nghttp2_submit_rst_stream
nghttp2_submit_settings
nghttp2_submit_shutdown_notice
nghttp2_submit_trailer
nghttp2_submit_window_update
nghttp2_version

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/pcre2-8.dll
.dll windows:6 windows x86 arch:x86

acb330be786f37317ba4f3c0ac45b310

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

memchr
strchr
memset
memmove
__std_type_info_destroy_list
_except_handler4_common
memcpy

api-ms-win-crt-string-l1-1-0

isprint
isalnum
isxdigit
isdigit
islower
isupper
isalpha
isgraph
iscntrl
ispunct
tolower
isspace
toupper

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_initterm_e
_execute_onexit_table
_cexit
_initterm
_configure_narrow_argv

kernel32

InitializeSListHead
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
IsDebuggerPresent
UnhandledExceptionFilter
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId

Exports

Exports

pcre2_callout_enumerate_8
pcre2_code_copy_8
pcre2_code_copy_with_tables_8
pcre2_code_free_8
pcre2_compile_8
pcre2_compile_context_copy_8
pcre2_compile_context_create_8
pcre2_compile_context_free_8
pcre2_config_8
pcre2_convert_context_copy_8
pcre2_convert_context_create_8
pcre2_convert_context_free_8
pcre2_converted_pattern_free_8
pcre2_dfa_match_8
pcre2_general_context_copy_8
pcre2_general_context_create_8
pcre2_general_context_free_8
pcre2_get_error_message_8
pcre2_get_mark_8
pcre2_get_match_data_size_8
pcre2_get_ovector_count_8
pcre2_get_ovector_pointer_8
pcre2_get_startchar_8
pcre2_jit_compile_8
pcre2_jit_free_unused_memory_8
pcre2_jit_match_8
pcre2_jit_stack_assign_8
pcre2_jit_stack_create_8
pcre2_jit_stack_free_8
pcre2_maketables_8
pcre2_maketables_free_8
pcre2_match_8
pcre2_match_context_copy_8
pcre2_match_context_create_8
pcre2_match_context_free_8
pcre2_match_data_create_8
pcre2_match_data_create_from_pattern_8
pcre2_match_data_free_8
pcre2_pattern_convert_8
pcre2_pattern_info_8
pcre2_serialize_decode_8
pcre2_serialize_encode_8
pcre2_serialize_free_8
pcre2_serialize_get_number_of_codes_8
pcre2_set_bsr_8
pcre2_set_callout_8
pcre2_set_character_tables_8
pcre2_set_compile_extra_options_8
pcre2_set_compile_recursion_guard_8
pcre2_set_depth_limit_8
pcre2_set_glob_escape_8
pcre2_set_glob_separator_8
pcre2_set_heap_limit_8
pcre2_set_match_limit_8
pcre2_set_max_pattern_length_8
pcre2_set_newline_8
pcre2_set_offset_limit_8
pcre2_set_parens_nest_limit_8
pcre2_set_recursion_limit_8
pcre2_set_recursion_memory_management_8
pcre2_set_substitute_callout_8
pcre2_substitute_8
pcre2_substring_copy_byname_8
pcre2_substring_copy_bynumber_8
pcre2_substring_free_8
pcre2_substring_get_byname_8
pcre2_substring_get_bynumber_8
pcre2_substring_length_byname_8
pcre2_substring_length_bynumber_8
pcre2_substring_list_free_8
pcre2_substring_list_get_8
pcre2_substring_nametable_scan_8
pcre2_substring_number_from_name_8

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/pdcurses.dll
.dll windows:6 windows x86 arch:x86

1a2a46f72a179d8e5d305147b2692e4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CloseClipboard
MessageBeep
GetWindowThreadProcessId
FindWindowW
SendMessageW
wsprintfW
MapVirtualKeyW
GetKeyState
EmptyClipboard
GetClipboardData
SetClipboardData
OpenClipboard

advapi32

RegQueryValueExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

CreateFileW
GetStringTypeW
SetStdHandle
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapReAlloc
SetEndOfFile
GetProcessHeap
InitializeSListHead
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetTickCount
SetConsoleMode
WriteConsoleA
WriteConsoleW
SetConsoleCursorPosition
WriteConsoleOutputW
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
GetNumberOfConsoleInputEvents
ReadConsoleInputW
PeekConsoleInputW
FlushConsoleInputBuffer
GetStdHandle
GetFileType
CloseHandle
DuplicateHandle
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
GetCurrentProcessId
OpenProcess
GetVersion
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleA
GetProcAddress
GetConsoleOutputCP
GetConsoleMode
SetConsoleCtrlHandler
CreateConsoleScreenBuffer
SetConsoleActiveScreenBuffer
SetConsoleScreenBufferSize
GetLargestConsoleWindowSize
SetConsoleTextAttribute
SetConsoleWindowInfo
GetConsoleTitleW
SetConsoleTitleW
SetConsoleCursorInfo
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
DecodePointer
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCommandLineA
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
GetModuleFileNameW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
ReadFile
ReadConsoleW
WriteFile
GetConsoleCP
GetFileSizeEx
SetFilePointerEx
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

Exports

Exports

COLORS
COLOR_PAIRS
COLS
LINES
Mouse_status
PDC_clearclipboard
PDC_debug
PDC_freeclipboard
PDC_get_input_fd
PDC_get_key_modifiers
PDC_get_version
PDC_getclipboard
PDC_return_key_modifiers
PDC_set_blink
PDC_set_bold
PDC_set_line_color
PDC_set_title
PDC_setclipboard
PDC_ungetch
SP
TABSIZE
acs_map
add_wch
add_wchnstr
add_wchstr
addch
addchnstr
addchstr
addnstr
addnwstr
addrawch
addstr
addwstr
assume_default_colors
attr_get
attr_off
attr_on
attr_set
attroff
attron
attrset
baudrate
beep
bkgd
bkgdset
bkgrnd
bkgrndset
border
border_set
bottom_panel
box
box_set
can_change_color
cbreak
chgat
clear
clearok
clrtobot
clrtoeol
color_content
color_set
copywin
crmode
curs_set
curscr
curses_version
def_prog_mode
def_shell_mode
del_panel
delay_output
delch
deleteln
delscreen
delwin
derwin
doupdate
draino
dupwin
echo
echo_wchar
echochar
endwin
erase
erasechar
erasewchar
filter
fixterm
flash
flushinp
get_wch
get_wstr
getattrs
getbegx
getbegy
getbkgd
getbkgrnd
getcchar
getcurx
getcury
getmaxx
getmaxy
getmouse
getn_wstr
getnstr
getparx
getpary
getstr
getwin
halfdelay
has_colors
has_ic
has_il
has_key
has_mouse
hide_panel
hline
hline_set
idcok
idlok
immedok
in_wch
in_wchnstr
in_wchstr
inch
inchnstr
inchstr
init_color
init_pair
initscr
innstr
innwstr
ins_nwstr
ins_wch
ins_wstr
insch
insdelln
insertln
insnstr
insrawch
insstr
instr
intrflush
inwstr
is_keypad
is_leaveok
is_linetouched
is_pad
is_termresized
is_wintouched
isendwin
key_name
keyname
keypad
killchar
killwchar
leaveok
longname
meta
mouse_off
mouse_on
mouse_set
mouse_trafo
mouseinterval
mousemask
move
move_panel
mvadd_wch
mvadd_wchnstr
mvadd_wchstr
mvaddch
mvaddchnstr
mvaddchstr
mvaddnstr
mvaddnwstr
mvaddrawch
mvaddstr
mvaddwstr
mvchgat
mvcur
mvdelch
mvdeleteln
mvderwin
mvget_wch
mvget_wstr
mvgetch
mvgetn_wstr
mvgetnstr
mvgetstr
mvhline
mvhline_set
mvin_wch
mvin_wchnstr
mvin_wchstr
mvinch
mvinchnstr
mvinchstr
mvinnstr
mvinnwstr
mvins_nwstr
mvins_wch
mvins_wstr
mvinsch
mvinsertln
mvinsnstr
mvinsrawch
mvinsstr
mvinstr
mvinwstr
mvprintw
mvscanw
mvvline
mvvline_set
mvwadd_wch
mvwadd_wchnstr
mvwadd_wchstr
mvwaddch
mvwaddchnstr
mvwaddchstr
mvwaddnstr
mvwaddnwstr
mvwaddrawch
mvwaddstr
mvwaddwstr
mvwchgat
mvwdelch
mvwdeleteln
mvwget_wch
mvwget_wstr
mvwgetch
mvwgetn_wstr
mvwgetnstr
mvwgetstr
mvwhline
mvwhline_set
mvwin
mvwin_wch
mvwin_wchnstr
mvwin_wchstr
mvwinch
mvwinchnstr
mvwinchstr
mvwinnstr
mvwinnwstr
mvwins_nwstr
mvwins_wch
mvwins_wstr
mvwinsch
mvwinsertln
mvwinsnstr
mvwinsrawch
mvwinsstr
mvwinstr
mvwinwstr
mvwprintw
mvwscanw
mvwvline
mvwvline_set
napms
nc_getmouse
new_panel
newpad
newterm
newwin
nl
nocbreak
nocrmode
nodelay
noecho
nonl
noqiflush
noraw
notimeout
overlay
overwrite
pair_content
panel_above
panel_below
panel_hidden
panel_userptr
panel_window
pecho_wchar
pechochar
pnoutrefresh
prefresh
printw
putwin
qiflush
raw
raw_output
redrawwin
refresh
replace_panel
request_mouse_pos
reset_prog_mode
reset_shell_mode
resetterm
resetty
resize_term
resize_window
ripoffline
saveterm
savetty
scanw
scr_dump
scr_init
scr_restore
scr_set
scrl
scroll
scrollok
set_panel_userptr
set_tabsize
set_term
setcchar
setscrreg
setsyx
show_panel
slk_attr_off
slk_attr_on
slk_attr_set
slk_attroff
slk_attron
slk_attrset
slk_clear
slk_color
slk_init
slk_label
slk_noutrefresh
slk_refresh
slk_restore
slk_set
slk_touch
slk_wlabel
slk_wset
standend
standout
start_color
stdscr
subpad
subwin
syncok
term_attrs
termattrs
termname
timeout
top_panel
touchline
touchoverlap
touchwin
traceoff
traceon
ttytype
typeahead
unctrl
underend
underscore
unget_wch
ungetmouse
untouchwin
update_panels
use_default_colors
use_env
vline
vline_set
vw_printw
vw_scanw
vwprintw
vwscanw
wadd_wch
wadd_wchnstr
wadd_wchstr
waddch
waddchnstr
waddchstr
waddnstr
waddnwstr
waddrawch
waddstr
waddwstr
wattr_get
wattr_off
wattr_on
wattr_set
wattroff
wattron
wattrset
wbkgd
wbkgdset
wbkgrnd
wbkgrndset
wborder
wborder_set
wchgat
wclear
wclrtobot
wclrtoeol
wcolor_set
wcursyncup
wdelch
wdeleteln
wecho_wchar
wechochar
wenclose
werase
wget_wch
wget_wstr
wgetbkgrnd
wgetch
wgetn_wstr
wgetnstr
wgetstr
whline
whline_set
win_wch
win_wchnstr
win_wchstr
winch
winchnstr
winchstr
winnstr
winnwstr
wins_nwstr
wins_wch
wins_wstr
winsch
winsdelln
winsertln
winsnstr
winsrawch
winsstr
winstr
winwstr
wmouse_position
wmouse_trafo
wmove
wnoutrefresh
wordchar
wprintw
wredrawln
wrefresh
wresize
wscanw
wscrl
wsetscrreg
wstandend
wstandout
wsyncdown
wsyncup
wtimeout
wtouchln
wunctrl
wunderend
wunderscore
wvline
wvline_set

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/pthreadvc3.dll
.dll windows:6 windows x86 arch:x86

bd6ff9efc1b8fd38c0931050b9d58a9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\build\.mussels\cache\work\x86\pthreads4w-code-07053a521b0a9deb6db2a649cde1f828f2eb1f4f\pthreadVC3.pdb

Imports

kernel32

CloseHandle
DuplicateHandle
RaiseException
GetLastError
SetLastError
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
Sleep
WaitForMultipleObjects
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
SuspendThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetThreadContext
SetThreadContext
OpenProcess
GetSystemTimeAsFileTime
GetSystemDirectoryA
FreeLibrary
GetProcAddress
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
CreateSemaphoreA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW

vcruntime140

longjmp
_setjmp3
memset
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
terminate
_get_errno
exit
_beginthreadex
_set_errno
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_endthreadex
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit

api-ms-win-crt-string-l1-1-0

_strdup
strncat_s

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc

Exports

Exports

__ptw32_get_exception_services_code
__ptw32_pop_cleanup
__ptw32_push_cleanup
_sched_affinitycpuand
_sched_affinitycpuclr
_sched_affinitycpucount
_sched_affinitycpuequal
_sched_affinitycpuisset
_sched_affinitycpuor
_sched_affinitycpuset
_sched_affinitycpuxor
_sched_affinitycpuzero
pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getaffinity_np
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getname_np
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setaffinity_np
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setname_np
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getaffinity_np
pthread_getconcurrency
pthread_getname_np
pthread_getschedparam
pthread_getspecific
pthread_getunique_np
pthread_getw32threadhandle_np
pthread_getw32threadid_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_consistent
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_getrobust
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_setrobust
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setaffinity_np
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setname_np
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_timedjoin_np
pthread_tryjoin_np
pthread_win32_getabstime_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_test_features_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
sched_get_priority_max
sched_get_priority_min
sched_getaffinity
sched_setaffinity
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/sigtool.exe
.exe windows:6 windows x86 arch:x86

cf2c9fca3ad09e3ea951ee47e86c5797

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libclamav

cl_cvdhead
cl_cvdverify
cl_cvdfree
cl_cvdunpack
cl_retflevel
cl_strerror
cl_hash_init
cl_update_hash
cl_finish_hash
cl_hash_destroy
fmap
cli_regcomp
cli_regexec
cli_regfree
cli_strbcasestr
cli_chomp
cli_strtok
cli_hex2ui
cli_hex2str
cli_str2hex
cli_strtokenize
cli_ldbtokenize
cli_isnumber
cli_calloc
cli_rmdirs
cli_hashstream
cli_hashfile
cli_gentemp
cli_strerror
cli_ac_chklsig
cli_scan_fmap
cli_getdsig
cli_ole2_extract
html_normalise_map
text_normalize_init
text_normalize_reset
text_normalize_map
cli_add_content_match_pattern
readdb_parse_ldb_subsignature
cli_initroots
cli_check_auth_header
cli_genhash_pe
cli_utf16toascii
cli_gettmpdir
uniq_get
cli_vba_readdir
cli_wm_readdir
cli_free_vba_project
cli_vba_inflate
cli_ppt_vba_read
cli_wm_decrypt_macro
cli_ctime
cl_retdbdir
cl_init
cl_engine_new
cl_engine_set_num
cl_engine_compile
cli_get_debug_flag
cli_versig2
cl_load
cl_engine_free
cl_debug

pthreadvc3

pthread_mutex_lock
pthread_mutex_unlock

bcrypt

BCryptGenRandom

kernel32

IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
SetFileAttributesA
GetFileAttributesExW
GetFileAttributesA
DeleteFileA
CreateFileA
WriteConsoleW
GetConsoleMode
GetSystemTimeAsFileTime
CreateThread
GetFullPathNameW
FormatMessageW
GetModuleHandleW
GetFinalPathNameByHandleW
MoveFileExW
DeleteFileW
FindFirstFileW
DeviceIoControl
GetFileInformationByHandle
CreateFileW
FindNextFileW
GetModuleHandleA
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
AcquireSRWLockShared
HeapReAlloc
TlsAlloc
HeapFree
HeapAlloc
GetProcessHeap
QueryPerformanceFrequency
TlsGetValue
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
TerminateProcess
WaitForSingleObject
GetCurrentProcessId
GetStdHandle
SetFilePointerEx
GetCommandLineW
GetEnvironmentVariableW
GetCurrentDirectoryW
Sleep
GetLastError
MoveFileA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrcmpiA
CopyFileA
CloseHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
FindClose
ReleaseSRWLockShared
SetThreadStackGuarantee
TlsSetValue
SwitchToThread
GetSystemInfo
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
SetLastError

advapi32

RegCloseKey
RegQueryValueExA
SystemFunction036
RegOpenKeyExA

vcruntime140

strrchr
strchr
__CxxFrameHandler3
memcmp
memset
_CxxThrowException
wcsrchr
wcsstr
memcpy
memmove
_except_handler4_common
strstr

api-ms-win-crt-string-l1-1-0

isdigit
strpbrk
_strdup
wcsncpy
_strnicmp
strncmp
strncpy
strlen
wcsncat
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_seh_filter_exe
_crt_atexit
_controlfp_s
terminate
_set_app_type
_configure_narrow_argv
_set_errno
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
strerror
exit
_initialize_narrow_environment
_errno
perror

api-ms-win-crt-stdio-l1-1-0

_set_fmode
_getcwd
fclose
fflush
fgets
_fileno
fopen
fread
fseek
ftell
fwrite
_write
rewind
__stdio_common_vfprintf
__stdio_common_vfscanf
__stdio_common_vsprintf
_read
_wopen
_open
_get_osfhandle
_lseek
_close
_lseeki64
__acrt_iob_func
__p__commode
_setmode

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
realloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
atoi
wcstombs

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
strftime
_ctime64
_localtime64

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32
_unlink
_mkdir
rename
_chdir
_umask

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-math-l1-1-0

sin
cos
exp
exp2f
pow
floor
roundf
__setusermatherr
truncf
ceil

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 592KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/Handler/vcruntime140.dll
.dll windows:6 windows x86 arch:x86

6a84b7445ccacd5d29ac27de2745f356

Code Sign

33:00:00:01:14:96:9a:0d:f8:95:e4:71:49:00:00:00:00:01:14
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:C3B0-0F6A-4111,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:83:07:f2:ab:ac:ee:45:72:8a:94:b8:52:1c:71:d9:cf:2a:02:0f:3d:2a:40:23:c8:ae:be:94:e0:2b:de:b2
Signer

Actual PE Digest

7c:83:07:f2:ab:ac:ee:45:72:8a:94:b8:52:1c:71:d9:cf:2a:02:0f:3d:2a:40:23:c8:ae:be:94:e0:2b:de:b2

Digest Algorithm

sha256

PE Digest Matches

true

69:f0:3a:b3:d3:e2:76:74:1b:68:d7:40:21:2e:c8:f1:01:72:80:8a
Signer

Actual PE Digest

69:f0:3a:b3:d3:e2:76:74:1b:68:d7:40:21:2e:c8:f1:01:72:80:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

abort
terminate

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

DeleteCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
RtlUnwind
VirtualQuery
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsFree

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMD_Virus_Scanner/main.py
CMD_Virus_Scanner/run.bat

Sharing

General

Malware Config

Signatures

Files

d3267c4121dfbe75b1ff6ec6b5f5cc23

Headers

DLL Characteristics

File Characteristics

Imports

libclamav

bcrypt

kernel32

advapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 124KB - Virtual size: 124KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 8KB - Virtual size: 8KB

b21e9ce2e216c87b4d511189271525d3

Headers

DLL Characteristics

File Characteristics

Imports

libclamav

kernel32

advapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 4KB - Virtual size: 4KB

1a7e97a0bab395e92cd911a5c478f243

Headers

DLL Characteristics

File Characteristics

Imports

libclamav

pthreadvc3

wsock32

ws2_32

kernel32

advapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 3KB - Virtual size: 36KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 6KB - Virtual size: 6KB