968a51131223f6c367eeccbc8be61167_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

968a51131223f6c367eeccbc8be61167_JaffaCakes118
Size

2.0MB
MD5

968a51131223f6c367eeccbc8be61167
SHA1

bcbba758debdcdcb982097e3ffeddc4070cec2e5
SHA256

3baf8a5ed49bdd58dc93e9e27ecd931b824038fc4c264177fd68f63f2e967c26
SHA512

e0bfd21c30323e5f265aad528c8fa0b851e892649f98b9814786018b970ef4e926e8f9d1209b4787525b88c34b81571926a6f4e17af18997f3450bb68f645b57
SSDEEP

49152:vvSQXRrFZXdBZ7WqYKroEexZf3Sf6iVhcaz+KVC4p4Kyv:ii9ejSffRq+ZZC

Score

7^/10

upx aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/atitray.exe	aspack_v212_v242

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/attsetupb.exe	upx
static1/unpack002/plugins/shared memory/uninstall.exe	upx

Unsigned PE 33 IoCs

Checks for missing Authenticode signature.

resource
unpack001/attsetupb.exe
unpack002/$PLUGINSDIR/AdvSplash.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/ATIXcoder.exe
unpack002/atitray.exe
unpack002/attdrv64.exe
unpack002/attext.dll
unpack002/attrest.exe
unpack002/kbdhook.dll
unpack002/out.upx
unpack002/plugins/hddtemp.dll
unpack002/plugins/mg_amdcore.dll
unpack002/plugins/mg_cpuload.dll
unpack002/plugins/mg_hdddtemp.dll
unpack002/plugins/mg_intelcpu.dll
unpack002/plugins/mg_xvlt.dll
unpack002/plugins/mongraphsexample.dll
unpack002/plugins/osd_amdcore.dll
unpack002/plugins/osd_cpuload.dll
unpack002/plugins/osd_intelcpu.dll
unpack002/plugins/osdminfo.dll
unpack002/plugins/osdtime.dll
unpack002/plugins/pciinfo.dll
unpack002/plugins/pciset.dll
unpack002/plugins/shared memory/uninstall.exe
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/nsDialogs.dll
unpack003/out.upx
unpack002/raphook.dll
unpack002/support.dll
unpack002/utils64.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack002/out.upx	nsis_installer_2
static1/unpack003/out.upx	nsis_installer_2

Files

968a51131223f6c367eeccbc8be61167_JaffaCakes118
.rar
155绿色软件站.url
.url
attsetupb.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/AdvSplash.dll
.dll windows:4 windows x86 arch:x86

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GetVersion
lstrcpyA
lstrcatA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree

user32

LoadCursorA
RegisterClassA
SetWindowPos
SetWindowLongA
SystemParametersInfoA
EndPaint
GetClientRect
BeginPaint
DefWindowProcA
DestroyWindow
LoadImageA
CreateWindowExA
IsWindow
GetMessageA
DispatchMessageA
UnregisterClassA
wsprintfA
PostMessageA
SetWindowRgn
EnumDisplaySettingsA

gdi32

CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA
DeleteDC
BitBlt
DeleteObject

winmm

timeSetEvent
PlaySoundA
timeKillEvent

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OCSetupHlp.dll
.dll regsvr32 windows:5 windows x86 arch:x86

19859613df39f2d411c608a7cea010b2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/01/2011, 00:00

Not After

14/03/2014, 23:59

Subject

CN=OpenCandy Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=OpenCandy Inc.,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d0:d1:b4:33:8f:3b:05:6f:55:a7:09:61:7a:b9:3d:28:8e:ec:da:cb
Signer

Actual PE Digest

d0:d1:b4:33:8f:3b:05:6f:55:a7:09:61:7a:b9:3d:28:8e:ec:da:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
CreateFileW
GetFileSize
GetCurrentProcessId
GetEnvironmentVariableW
FindFirstFileW
FindNextFileW
FindClose
ReadFile
GetTimeZoneInformation
WaitForSingleObject
OutputDebugStringW
WriteFile
DeleteFileW
GetCurrentThreadId
SetLastError
GetCurrentProcess
FlushInstructionCache
ExpandEnvironmentStringsW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
OpenFileMappingW
CreateMutexW
OpenMutexW
ReleaseMutex
CreateDirectoryW
GetShortPathNameW
GetTempPathW
SetFilePointer
GetTickCount
CreateEventW
SetEvent
CreateProcessW
MoveFileExW
GlobalUnlock
GlobalLock
GlobalAlloc
Process32NextW
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetFileAttributesA
CreateProcessA
GetExitCodeProcess
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetFullPathNameW
SetEndOfFile
SetStdHandle
WriteConsoleW
Process32FirstW
CreateToolhelp32Snapshot
GetConsoleOutputCP
WriteConsoleA
CloseHandle
GetFullPathNameA
FlushFileBuffers
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
SetErrorMode
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringA
ExitProcess
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
RtlUnwind
GetDriveTypeW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
GetConsoleMode
GetConsoleCP
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
GetCommandLineA
ExitThread
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
HeapFree
HeapAlloc
GetProcessHeap
FindResourceA
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetFileAttributesExW
CompareFileTime
FileTimeToSystemTime
GetVersion
GetSystemInfo
GetVersionExW
GetTempFileNameW
GlobalFree
ReleaseSemaphore
ResumeThread
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
GetSystemDefaultLCID
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
lstrlenA
WideCharToMultiByte
OpenProcess
GetUserDefaultUILanguage
GetLocaleInfoW
FreeLibrary
LoadLibraryW
FindResourceExW
FindResourceW
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
GetProcAddress
GetThreadLocale
GetLastError
SetThreadLocale
RaiseException
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
FreeEnvironmentStringsW
LoadLibraryExW
LoadResource
LockResource
SizeofResource
Sleep
GetCurrentDirectoryA
CreateThread

psapi

EnumProcesses
GetProcessImageFileNameW

ws2_32

WSACleanup
WSAStartup
closesocket
WSAGetLastError
gethostname
ioctlsocket
getaddrinfo
freeaddrinfo
select
__WSAFDIsSet
WSASetLastError
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
socket

msimg32

AlphaBlend

shlwapi

PathMatchSpecW

user32

IsWindow
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetCursor
DrawFocusRect
TrackPopupMenu
GetCursorPos
DestroyWindow
PostMessageW
PostQuitMessage
KillTimer
UnregisterClassA
GetForegroundWindow
DestroyMenu
NotifyWinEvent
FindWindowW
GetParent
GetAncestor
SetFocus
CreateDialogParamW
LoadImageW
GetSystemMetrics
CallNextHookEx
UnhookWindowsHookEx
SystemParametersInfoW
SetWindowsHookExW
DrawTextW
ScreenToClient
SetMenuItemInfoW
IsWindowVisible
SetForegroundWindow
SetCursor
ClientToScreen
GetWindowRect
SendDlgItemMessageW
EnableMenuItem
GetSystemMenu
EnableWindow
SetDlgItemTextW
MessageBoxW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
GetDesktopWindow
CharNextW
FillRect
InvalidateRect
GetAsyncKeyState
EndPaint
BeginPaint
ReleaseCapture
ReleaseDC
GetDC
GetSysColorBrush
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetWindowThreadProcessId
SetWindowPos
MoveWindow
GetClientRect
SetWindowTextW
SendMessageW
LoadIconW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
GetDlgItem
ShowWindow
EnumWindows
EnumChildWindows
GetWindowTextW
GetWindowTextLengthW
SetTimer

gdi32

CreateSolidBrush
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject
CreateDIBSection
SetBkMode
SetTextColor
CreateFontIndirectW
GetObjectW
DeleteObject
DeleteDC
GetDeviceCaps
GetStockObject
GdiFlush

advapi32

RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueA
LookupPrivilegeValueW
RegQueryInfoKeyW
AdjustTokenPrivileges
OpenProcessToken
DuplicateTokenEx
GetUserNameW
RegEnumKeyW

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW

ole32

CLSIDFromProgID
CoInitialize
CoUninitialize
StringFromGUID2
CoTaskMemFree
CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

LoadRegTypeLi
VariantClear
SysAllocStringLen
SysFreeString
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

wininet

InternetQueryOptionW
InternetGetConnectedStateExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
OCPID306CanLeaveOfferPage
OCPID306CleanupProduct
OCPID306Detach
OCPID306FindGuidAndRunDialog
OCPID306FindGuidAndRunDialogA
OCPID306GetAsyncOfferStatus
OCPID306GetBannerInfo
OCPID306GetBannerInfoW
OCPID306GetMsg
OCPID306GetNoCandy
OCPID306GetOfferState
OCPID306GetOfferType
OCPID306Init2A
OCPID306Init2W
OCPID306InnoAdjust
OCPID306InnoRestore
OCPID306InstallShieldAdjust
OCPID306LoadOpenCandyDLL
OCPID306LogDevModeMessage
OCPID306LogDevModeMessageW
OCPID306NSISAdjust
OCPID306PreInit
OCPID306PrepareDownload
OCPID306RunDialog
OCPID306SetCmdLineValues
OCPID306SetCmdLineValuesW
OCPID306SetCustomBrushColor
OCPID306SetCustomBrushColorW
OCPID306SetNoCandy
OCPID306SetOCOfferEnabled
OCPID306SetOfferData
OCPID306SetOfferLocation
OCPID306SetUseDefaultColorBkGrnd
OCPID306Shutdown
OCPID306SignalProductFailed
OCPID306SignalProductInstalled
OCPID306StartDLMgr2Download
OCPID306StartDLMgr2DownloadRunasAdmin
_OCPID306DLMgr2Check@16
_OCPID306Display@16
_OCPID306DownloadMgr2RecycleOffer@12
_OCPID306MgrCheck@16
_OCPID306MgrExec@16
_OCPID306RestartDll@16
_OCPID306RestartDllAsAdmin@16
_OCPID306RunOpenCandyDLL@16

Sections

.text
Size: 505KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
FindClose
FindNextFileA
MulDiv
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpiA
FindFirstFileA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/splash.bmp
3d/bench.res
3d/face_indicies.dat
3d/fur2.dds
3d/normals.dat
3d/rain2.dds
3d/spark.dds
3d/vertices.dat
ATIXcoder.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Database/Advanced CrossFire.dtb
Database/Advanced D3D Tweaks.dtb
Database/Advanced OGL Tweaks.dtb
Database/CCC Mode Switch.dtb
Database/Compatibility Tweaks.dtb
Database/Display Tweaks.dtb
Database/Multi Thread Support.dtb
Database/New AA and AF Methods.dtb
Database/Video Tweaks.dtb
Database/Vista Avivo.dtb
Database/readme.txt
License.rtf
.rtf
Presets/OGL Balanced.reg
Presets/OGL Max Quality.reg
Presets/OGL Max Speed.reg
Presets/d3d Balanced.reg
Presets/d3d Max Quality.reg
Presets/d3d Max Speed.reg
WhatsNew.txt
atitray.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 781KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rayad
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
atitray.hlp
atitray.ini
atitray.sys
.sys windows:6 windows x86 arch:x86

0ed61b43debd79f9d354d20a354fecbb

Code Sign

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5
Certificate

Issuer

CN=Root Agency

Not Before

10/03/2007, 20:15

Not After

31/12/2039, 23:59

Subject

CN=Ray Adams,OU=Certification,O=Ray Adams,1.2.840.113549.1.9.1=#0c1474726179746f6f6c73406775727533642e636f6d

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:4b:69:f2:9d:30:35:8d:e8:19:32:ef:aa:8a:2c:e2:58:b6:08:f5
Signer

Actual PE Digest

38:4b:69:f2:9d:30:35:8d:e8:19:32:ef:aa:8a:2c:e2:58:b6:08:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work2\myutils\atitray\prcmon\atitray\i386\atitray.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
MmUnmapIoSpace
MmIsAddressValid
MmMapIoSpace
RtlDeleteRegistryValue
ZwDeleteKey
ZwEnumerateValueKey
ZwEnumerateKey
IoDeleteSymbolicLink
ExFreePoolWithTag
ZwQueryValueKey
ExAllocatePoolWithTag
ZwOpenKey
RtlCheckRegistryKey
RtlCreateRegistryKey
ZwUnmapViewOfSection
memcpy
IoCreateSymbolicLink
IoCreateDevice
KeTickCount
KeBugCheckEx
IoDeleteDevice
ZwSetValueKey
IofCompleteRequest

hal

HalTranslateBusAddress
KeStallExecutionProcessor

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 237B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 187B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 896B - Virtual size: 872B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 640B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
atitray64.sys
.sys windows:6 windows x64 arch:x64

3cc8b8d77e9445ddfa43634eb6eb9441

Code Sign

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5
Certificate

Issuer

CN=Root Agency

Not Before

10/03/2007, 20:15

Not After

31/12/2039, 23:59

Subject

CN=Ray Adams,OU=Certification,O=Ray Adams,1.2.840.113549.1.9.1=#0c1474726179746f6f6c73406775727533642e636f6d

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:3f:58:e2:45:ec:64:be:5a:b5:8c:93:16:c2:69:a8:99:cf:ad:c7
Signer

Actual PE Digest

e6:3f:58:e2:45:ec:64:be:5a:b5:8c:93:16:c2:69:a8:99:cf:ad:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work2\myutils\atitray\prcmon\atitray\amd64\atitray.pdb

Imports

ntoskrnl.exe

ZwMapViewOfSection
RtlInitUnicodeString
IoDeleteDevice
RtlCheckRegistryKey
ZwSetValueKey
MmUnmapIoSpace
ZwQueryValueKey
ZwUnmapViewOfSection
MmMapIoSpace
ZwEnumerateValueKey
ZwClose
ExFreePoolWithTag
ObReferenceObjectByHandle
IoCreateSymbolicLink
MmIsAddressValid
IoCreateDevice
ZwDeleteKey
ZwOpenSection
RtlDeleteRegistryValue
RtlCreateRegistryKey
ZwEnumerateKey
ZwOpenKey
KeBugCheckEx
IoDeleteSymbolicLink
IofCompleteRequest
ExAllocatePoolWithTag

hal

KeStallExecutionProcessor
HalTranslateBusAddress

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 459B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
attdrv64.exe
.exe windows:4 windows x86 arch:x86

86d09d735acf537d04c088bde6bea865

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeProcess
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
FindFirstFileA
FindClose
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreatePipe
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
attext.dll
.dll regsvr32 windows:4 windows x86 arch:x86

761fa38548368331bbea25a37078f31b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateMutexA
DebugBreak
lstrcpyW
HeapFree
CloseHandle
GlobalLock
GlobalUnlock
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
DisableThreadLibraryCalls
WideCharToMultiByte
lstrcpyA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapCreate
GetVersionExA
GetSystemInfo
HeapAlloc
HeapReAlloc

user32

LoadBitmapA
MessageBoxA
BringWindowToTop
PostMessageA
CreatePopupMenu
InsertMenuA
CharUpperBuffA

gdi32

DeleteObject

advapi32

RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyA
RegCloseKey

shell32

DragQueryFileA

ole32

ReleaseStgMedium

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
LoadRegTypeLi

shlwapi

SHDeleteKeyA

atl

ord21
ord16
ord15
ord18
ord57
ord32
ord30
ord58
ord23

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
attrest.exe
.exe windows:5 windows x86 arch:x86

2c83c125b427ab3cb6163b053890a1da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

GetKeyboardType
MessageBoxA
CreateWindowExW
UpdateWindow
TranslateMessage
RegisterClassW
LoadIconW
LoadCursorW
GetMessageW
DispatchMessageW
DefWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetVersion
GetCurrentThreadId
VirtualQuery
MultiByteToWideChar
GetStartupInfoA
GetModuleFileNameW
GetCommandLineW
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WinExec
GetModuleHandleW
FreeLibrary

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
attsio.dll
.dll windows:4 windows x86 arch:x86

Code Sign

19:70:37:19:af:dd:08:b7:4d:45:f0:44:b2:d6:49:8e
Certificate

Issuer

CN=Ray Adams

Not Before

24/02/2007, 23:28

Not After

25/02/3007, 00:28

Subject

CN=Ray Adams

Extended Key Usages

ExtKeyUsageServerAuth

21:71:22:10:8c:09:53:ce:28:9a:f5:64:29:4b:f7:04:c9:95:62:2b
Signer

Actual PE Digest

21:71:22:10:8c:09:53:ce:28:9a:f5:64:29:4b:f7:04:c9:95:62:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

done_sio_library
exec_sio_library
get_monitoring_interface

Sections

CODE
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
guru3d.url
kbdhook.dll
.dll windows:4 windows x86 arch:x86

b86e049fdf9df45057132811b8059a77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEvent
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateEventA
CloseHandle

user32

GetKeyState
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx

msvcrt

_adjust_fdiv
malloc
free
_initterm

Exports

Exports

InstallKBDHook
UninstallKBDHook
kbd_hook_proc

Sections

.text
Size: 4KB - Virtual size: 718B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lng/Belarussian.ini
lng/Finnish.ini
lng/Hungarian.ini
lng/Japanese.ini
lng/Korean.ini
lng/Polish.ini
lng/Portugues_BR.ini
lng/Romanian.ini
lng/Russian.ini
lng/Simplified Chinese.ini
lng/Spanish.ini
lng/Ukrainian.ini
lng/bulgarian.ini
lng/czech.ini
lng/english.ini
lng/french.ini
lng/german.ini
lng/italian.ini
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins.url
plugins/api/delphi/example/plugin1/plugin1.dpr
plugins/api/delphi/example/plugin1/plugin1.res
plugins/api/delphi/hddtemp/hddtemp.dpr
plugins/api/delphi/hddtemp/hddtemp.res
plugins/api/delphi/hddtemp/smart_drv.pas
plugins/api/delphi/hddtemp/strtoicon.pas
.js
plugins/api/delphi/plugins.pas
.js
plugins/api/readme.txt
plugins/api/vc++/example/cpuload/CpuUsage.cpp
plugins/api/vc++/example/cpuload/CpuUsage.h
plugins/api/vc++/example/cpuload/PerfCounters.h
plugins/api/vc++/example/cpuload/StdAfx.h
plugins/api/vc++/example/cpuload/cpuload.cpp
plugins/api/vc++/example/cpuload/cpuload.def
plugins/api/vc++/example/cpuload/cpuload.dsp
plugins/api/vc++/example/cpuload/cpuload.dsw
plugins/api/vc++/example/cpuload/cpuload.rc
plugins/api/vc++/example/cpuload/icon1.ico
plugins/api/vc++/example/cpuload/icon10.ico
plugins/api/vc++/example/cpuload/icon11.ico
plugins/api/vc++/example/cpuload/icon12.ico
plugins/api/vc++/example/cpuload/icon13.ico
plugins/api/vc++/example/cpuload/icon14.ico
plugins/api/vc++/example/cpuload/icon15.ico
plugins/api/vc++/example/cpuload/icon2.ico
plugins/api/vc++/example/cpuload/icon3.ico
plugins/api/vc++/example/cpuload/icon4.ico
plugins/api/vc++/example/cpuload/icon5.ico
plugins/api/vc++/example/cpuload/icon6.ico
plugins/api/vc++/example/cpuload/icon7.ico
plugins/api/vc++/example/cpuload/icon8.ico
plugins/api/vc++/example/cpuload/icon9.ico
plugins/api/vc++/example/cpuload/resource.h
plugins/api/vc++/example/mongraphs/StdAfx.cpp
plugins/api/vc++/example/mongraphs/StdAfx.h
plugins/api/vc++/example/mongraphs/mongraphsexample.cpp
plugins/api/vc++/example/mongraphs/mongraphsexample.def
plugins/api/vc++/example/mongraphs/mongraphsexample.dep
plugins/api/vc++/example/mongraphs/mongraphsexample.dsp
plugins/api/vc++/example/mongraphs/mongraphsexample.dsw
plugins/api/vc++/example/mongraphs/mongraphsexample.mak
plugins/api/vc++/example/mongraphs/mongraphsexample.rc
plugins/api/vc++/example/mongraphs/resource.h
plugins/api/vc++/example/osdtime/StdAfx.cpp
plugins/api/vc++/example/osdtime/StdAfx.h
plugins/api/vc++/example/osdtime/osdtime.cpp
plugins/api/vc++/example/osdtime/osdtime.def
plugins/api/vc++/example/osdtime/osdtime.dsp
plugins/api/vc++/example/osdtime/osdtime.dsw
plugins/api/vc++/example/osdtime/osdtime.mak
plugins/api/vc++/example/osdtime/osdtime.rc
plugins/api/vc++/example/osdtime/resource.h
plugins/api/vc++/example/pciinfo/StdAfx.cpp
plugins/api/vc++/example/pciinfo/StdAfx.h
plugins/api/vc++/example/pciinfo/pciinfo.cpp
plugins/api/vc++/example/pciinfo/pciinfo.def
plugins/api/vc++/example/pciinfo/pciinfo.dsp
plugins/api/vc++/example/pciinfo/pciinfo.dsw
plugins/api/vc++/example/pciinfo/resource.h
plugins/api/vc++/example/pciinfo/resources.rc
plugins/api/vc++/plugins.h
plugins/hddtemp.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

config_plugin
done_plugin
exec_plugin
get_plug_info
suspend_restore

Sections

CODE
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 35KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/mg_amdcore.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

done_plugin
exec_plugin
get_mr_count
get_mr_name
get_mr_status
get_mr_value
get_plug_info
start_mr_plugin

Sections

CODE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 834B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 241B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/mg_cpuload.dll
.dll windows:4 windows x86 arch:x86

3187a377b370d25d758c41289773129a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetProcAddress

msvcrt

free
_initterm
malloc
_adjust_fdiv
_itoa

Exports

Exports

done_plugin
exec_plugin
get_mr_count
get_mr_name
get_mr_status
get_mr_value
get_plug_info
start_mr_plugin

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 593B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/mg_hdddtemp.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

done_plugin
exec_plugin
get_mr_count
get_mr_name
get_mr_status
get_mr_value
get_plug_info
start_mr_plugin

Sections

CODE
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 35KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/mg_intelcpu.dll
.dll windows:4 windows x86 arch:x86

8344666ad8f3473f34225fd69b42a4ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
GetSystemInfo
SetThreadAffinityMask
GetCurrentThread
SetProcessAffinityMask
GetProcessAffinityMask
GetCurrentProcess

msvcrt

strncmp
_except_handler3
free
_initterm
malloc
_adjust_fdiv
_itoa

Exports

Exports

done_plugin
exec_plugin
get_mr_count
get_mr_name
get_mr_status
get_mr_value
get_plug_info
start_mr_plugin

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/mg_xvlt.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

done_plugin
exec_plugin
get_mr_count
get_mr_name
get_mr_status
get_mr_value
get_plug_info
start_mr_plugin

Sections

CODE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 834B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 238B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/mongraphsexample.dll
.dll windows:4 windows x86 arch:x86

11efd8b2869f5c85b6be3ae234c1f411

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalMemoryStatusEx

msvcrt

free
_initterm
malloc
_adjust_fdiv

Exports

Exports

done_plugin
exec_plugin
get_mr_count
get_mr_name
get_mr_status
get_mr_value
get_plug_info
start_mr_plugin

Sections

.text
Size: 4KB - Virtual size: 894B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 471B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/osd_amdcore.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

config_plugin
done_plugin
exec_plugin
get_osd_string
get_plug_info
start_mr_plugin

Sections

CODE
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 199B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plugins/osd_cpuload.dll
.dll windows:4 windows x86 arch:x86

48110e8b078801065cff39f581b321fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetProcAddress

user32

MessageBoxA

msvcrt

sprintf
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

config_plugin
done_plugin
exec_plugin
get_osd_string
get_plug_info

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 589B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/osd_intelcpu.dll
.dll windows:5 windows x86 arch:x86

35d45e31da0242fc15d361cd01c8197c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetProcessAffinityMask
GetProcessAffinityMask
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetThreadAffinityMask
GetSystemInfo
GetModuleHandleA
GetCurrentThreadId
GetProcAddress
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

user32

EndDialog
GetDlgItem
SetFocus
SetDlgItemInt
GetDlgItemInt
DialogBoxParamA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA

msvcr90

_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_encode_pointer
_except_handler4_common
sprintf
strncmp
free

Exports

Exports

config_plugin
done_plugin
exec_plugin
get_osd_string
get_plug_info

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/osdminfo.dll
.dll windows:4 windows x86 arch:x86

6111c6ed7b4fe992a84d06710e617b75

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile

user32

SendMessageA
GetDlgItem
EndDialog
SetWindowTextA
DialogBoxParamA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

msvcrt

__dllonexit
_adjust_fdiv
malloc
_initterm
free
sprintf
_itoa
_onexit

Exports

Exports

config_plugin
done_plugin
exec_plugin
get_osd_string
get_plug_info

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 858B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/osdtime.dll
.dll windows:4 windows x86 arch:x86

86c6364f5727dbe8cc2ceff7772b4db0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
GetTimeFormatA
GetSystemPowerStatus

user32

EnumDisplaySettingsA
IsDlgButtonChecked
CheckDlgButton
SetFocus
EndDialog
GetDlgItem
DialogBoxParamA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

msvcrt

sprintf
_adjust_fdiv
malloc
_initterm
free

Exports

Exports

config_plugin
done_plugin
exec_plugin
get_osd_string
get_plug_info

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 809B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/pciinfo.dll
.dll windows:4 windows x86 arch:x86

3ac0bb48a88649af9990fd0e3073c52a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DialogBoxParamA
GetDlgItem
EndDialog
SetFocus
SendMessageA

msvcrt

sprintf
_adjust_fdiv
malloc
_initterm
strcpy
free

Exports

Exports

exec_plugin
get_plug_info

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/pciset.dll
.dll windows:4 windows x86 arch:x86

ba45d2fccb6d3c90b8d6ef186fa8d824

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DialogBoxParamA
EndDialog
MessageBoxA
GetDlgItem
SendMessageA

advapi32

RegSetValueExA
RegFlushKey
RegCreateKeyExA
RegEnumValueA
RegCloseKey
RegDeleteKeyA

msvcrt

_adjust_fdiv
malloc
_initterm
sscanf
sprintf
strtoul
atoi
free

Exports

Exports

config_plugin
done_plugin
exec_plugin
get_plug_info
suspend_restore

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/shared memory/Delphi/attshmem.dof
plugins/shared memory/Delphi/attshmem.dpr
plugins/shared memory/Delphi/attshmem.res
plugins/shared memory/Delphi/uMain.dfm
plugins/shared memory/Delphi/uMain.pas
plugins/shared memory/VC/StdAfx.cpp
plugins/shared memory/VC/StdAfx.h
plugins/shared memory/VC/attsharedmem.clw
plugins/shared memory/VC/attsharedmem.cpp
plugins/shared memory/VC/attsharedmem.dsp
plugins/shared memory/VC/attsharedmem.dsw
plugins/shared memory/VC/attsharedmem.h
plugins/shared memory/VC/attsharedmem.rc
plugins/shared memory/VC/attsharedmemDlg.cpp
plugins/shared memory/VC/attsharedmemDlg.h
plugins/shared memory/VC/res/attsharedmem.ico
plugins/shared memory/VC/res/attsharedmem.rc2
plugins/shared memory/VC/resource.h
plugins/shared memory/readme.txt
plugins/shared memory/uninstall.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
radeon.url
raphook.dll
.dll windows:5 windows x86 arch:x86

3e08ce54daaf64f361f39a921f26552d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathStripPathA
PathMatchSpecA

psapi

GetProcessMemoryInfo

kernel32

VirtualProtect
FlushInstructionCache
GetCurrentProcess
IsBadWritePtr
GetSystemDirectoryA
GetLastError
SetLastError
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
WaitForSingleObject
ResetEvent
Beep
GetCurrentThreadId
GetWindowsDirectoryA
GetVersionExA
SetEvent
CreateEventA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
IsBadReadPtr
CloseHandle
CreateThread
GetTickCount
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleA
OutputDebugStringA
GetTimeFormatA
GetLocalTime
FindClose
FindFirstFileA
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

user32

CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
EnumDisplaySettingsA
GetDesktopWindow
ReleaseDC
GetDC
ChangeDisplaySettingsA
CharUpperBuffA

gdi32

GetObjectA
BitBlt
SelectObject
CreateCompatibleBitmap
DeleteObject
CreateDIBSection
GetDIBits
CreateCompatibleDC
DeleteDC

advapi32

RegQueryValueExA
RegCloseKey
RegEnumKeyA
RegCreateKeyExA

shell32

SHGetFolderPathA

msvcr90

feof
ferror
fflush
getc
_purecall
ceil
strstr
??2@YAPAXI@Z
free
malloc
realloc
longjmp
strncpy
printf
exit
_ftol
abort
_setjmp3
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
ftell
fseek
fwrite
__CxxLongjmpUnwind
fclose
fopen
??3@YAXPAX@Z
_itoa
sprintf
memset
floor
memcpy
fputc
__CxxFrameHandler3
_CxxThrowException
fread

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXAAV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
GetDllVersion
InstallAPPHook
SaveAsJPG
SaveAsPNG
UninstallAPPHook

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.raydat
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.htm
.html
srvinst.exe
.exe windows:4 windows x86 arch:x86

3c385122a34d67d1ee34b2cc11a0b40f

Code Sign

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5
Certificate

Issuer

CN=Root Agency

Not Before

10/03/2007, 20:15

Not After

31/12/2039, 23:59

Subject

CN=Ray Adams,OU=Certification,O=Ray Adams,1.2.840.113549.1.9.1=#0c1474726179746f6f6c73406775727533642e636f6d

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:a7:37:89:cf:73:0f:24:d4:f7:7b:0c:f2:d4:96:05:73:c2:28:59
Signer

Actual PE Digest

66:a7:37:89:cf:73:0f:24:d4:f7:7b:0c:f2:d4:96:05:73:c2:28:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord561
ord825
ord2514
ord2621
ord641
ord609
ord795
ord800
ord2818
ord540
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord2575
ord4396
ord5289
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3402
ord4627
ord3721
ord1146
ord1168
ord567
ord324
ord2302
ord4234
ord6199
ord4710
ord2379
ord755
ord470
ord4224
ord2642
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3574
ord4673
ord1576

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_setmbcp
__CxxFrameHandler
strcmp
_except_handler3
strcpy
strcat
strncmp
_splitpath
__dllonexit
_exit
_onexit

kernel32

GetStartupInfoA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetTickCount
Sleep
GetLastError
QueryDosDeviceA
GetModuleFileNameA

user32

EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
SendMessageA
LoadIconA
MessageBoxA
DrawIcon

advapi32

CloseServiceHandle
DeleteService
ControlService
StartServiceA
CreateServiceA
QueryServiceStatus
OpenSCManagerA
OpenServiceA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
support.dll
.dll windows:4 windows x86 arch:x86

f5c6a44d6eec991cbebd2411151cbb5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetConnectA
InternetCloseHandle
InternetOpenA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

CoCreateInstance

user32

CharUpperBuffA
SendMessageA

imagehlp

BindImageEx

msvcrt

fwrite
fclose
free
_initterm
_adjust_fdiv
malloc
fopen

kernel32

GlobalFree
GlobalAlloc
GetTempPathA
MultiByteToWideChar
Sleep

Exports

Exports

CreateShortcut
CreateStartUpShortcut
DetectAPIType
TurnMonitor
run_update

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 426B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
utils64.exe
.exe windows:5 windows x64 arch:x64

d462d47c101032e1dc5a62cd52825b1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\Myutils\atitray\utils64.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
ReadProcessMemory
LocalFree
FormatMessageA
GetLastError
CloseHandle
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
QueryPerformanceCounter
UnhandledExceptionFilter
GetStartupInfoA
Sleep
SetUnhandledExceptionFilter

user32

FindWindowExA
FindWindowA
MessageBoxA
wsprintfA
GetWindowThreadProcessId
SetWindowLongA
GetWindowLongA
SendMessageA

advapi32

CloseServiceHandle
QueryServiceStatusEx
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA

msvcr90

strcmp
strcat_s
_amsg_exit
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
strncpy_s
strlen
memset
strcpy_s
_itoa

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 272KB

UPX1 Size: 18KB - Virtual size: 20KB

.rsrc Size: 5KB - Virtual size: 8KB

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 188B

.reloc Size: 512B - Virtual size: 436B

19859613df39f2d411c608a7cea010b2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d0:d1:b4:33:8f:3b:05:6f:55:a7:09:61:7a:b9:3d:28:8e:ec:da:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

psapi

ws2_32

msimg32

shlwapi

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

version

urlmon

wininet

Exports

Exports

Sections

.text Size: 505KB - Virtual size: 504KB

.rdata Size: 158KB - Virtual size: 157KB

.data Size: 9KB - Virtual size: 19KB

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 30KB - Virtual size: 30KB

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

UPX0
Size: - Virtual size: 272KB

UPX1
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 188B

.reloc
Size: 512B - Virtual size: 436B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d0:d1:b4:33:8f:3b:05:6f:55:a7:09:61:7a:b9:3d:28:8e:ec:da:cb
Signer

.text
Size: 505KB - Virtual size: 504KB

.rdata
Size: 158KB - Virtual size: 157KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 30KB - Virtual size: 30KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 518B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 83KB - Virtual size: 83KB

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 781KB - Virtual size: 2.4MB

.itext
Size: 5KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 32KB

.bss
Size: - Virtual size: 544KB

.idata
Size: 6KB - Virtual size: 20KB

.didata
Size: 512B - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 204KB

.rsrc
Size: 86KB - Virtual size: 452KB

.rayad
Size: 14KB - Virtual size: 16KB

.adata
Size: - Virtual size: 4KB

68:42:3f:8b:63:f2:3b:7e:bc:ef:88:be:78:d8:f3:c5
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate