1d457de011a602bf74833fc44cc6222c758fd7eebe1d353fcd4cbecf96724a31[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1d457de011a602bf74833fc44cc6222c758fd7eebe1d353fcd4cbecf96724a31.exe
Size

10.8MB
MD5

5b612941bae69538844923764eb4e495
SHA1

affce25655baa9852d18bad20d3d0794678c43e5
SHA256

1d457de011a602bf74833fc44cc6222c758fd7eebe1d353fcd4cbecf96724a31
SHA512

d679aa6520d35fc75736c61aaf6ba51fbe1801a4fbc09acdd70c10a555a1afd55a8748ac3691137347b5f558597d24651f5f52657ab006d17bacde2bfd6a7c27
SSDEEP

196608:Kht5RVPrCIirNJn/UjbyVvYvxAb0ZOcPBL/2ZCki98q2XUnMCm+qxS+PQZl6i6iv:efCIeMHyeg0ZjpL/2DuTiUn9qU+4d6iv

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
1d457de011a602bf74833fc44cc6222c758fd7eebe1d353fcd4cbecf96724a31.exe
unpack002/infinst.exe
unpack003/infinst.exe
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsUnzip.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

1d457de011a602bf74833fc44cc6222c758fd7eebe1d353fcd4cbecf96724a31.exe
.exe windows:4 windows x86 arch:x86

29b61e5a552b3a9bc00953de1c93be41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CompareFileTime
SearchPathA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
CreateDirectoryA
lstrcmpiA
GetCommandLineA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
LoadLibraryA
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
WaitForSingleObject
GetWindowsDirectoryA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
FreeLibrary

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
ScreenToClient
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
PostQuitMessage
RegisterClassA
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
OpenClipboard
TrackPopupMenu
SendMessageTimeoutA
GetDC
LoadImageA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
SetWindowLongA
EmptyClipboard
SetTimer
CreateDialogParamA
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/111111.cab
.cab
Nov2008_X3DAudio_x64.inf
X3DAudio1_5.dll
.dll windows:6 windows x64 arch:x64

5cee0b3174abcd8ab839754d43c5a256

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:95:c3:38:0c:2a:c4:77:b4:89:18:94:c0:f7:79:34:b8:e0:14:a4
Signer

Actual PE Digest

42:95:c3:38:0c:2a:c4:77:b4:89:18:94:c0:f7:79:34:b8:e0:14:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

X3DAudio1_5.pdb

Imports

msvcrt

__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
cosf
acosf
tanf
atan2f
sin
sinf

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
SetUnhandledExceptionFilter

Exports

Exports

X3DAudioCalculate
X3DAudioInitialize

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X3DAudio1_5_x64.cat
X3DAudio1_5_x64.inf
X3DAudio1_5_x64_xp.inf
infinst.exe
.exe windows:6 windows x64 arch:x64

b22a4f669312ee374cb26a4eb9e4098a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

infinst.pdb

Imports

kernel32

LocalFree
FormatMessageA
GetWindowsDirectoryA
CreateDirectoryA
GetLastError
OutputDebugStringA
MoveFileExA
GetModuleFileNameA
FindFirstFileA
CopyFileA
GetCurrentDirectoryA
CompareStringA
FindClose
GetPrivateProfileStringA
CloseHandle
CreateFileA
lstrlenA
CreateFileW
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
ReadFile
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetCommandLineA
GetVersionExW
GetStartupInfoW
GetLocalTime
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsSetValue
FlsGetValue
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
Sleep
GetConsoleCP
GetConsoleMode
SetFilePointer
SetStdHandle
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW

user32

CharNextA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupCloseInfFile
SetupCloseFileQueue
SetupOpenFileQueue
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupOpenInfFileA
SetupDiSetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupInstallFromInfSectionA
SetupDefaultQueueCallbackA
SetupCopyOEMInfA

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CrashDump.exe
.exe windows:5 windows x64 arch:x64

e9d6079c3793a081c1517212a078112f

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:ab:79:f2:98:a4:c1:8e:81:cb:7f:9f:90:99:55:fc
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

20/02/2024, 00:00

Not After

19/02/2027, 23:59

Subject

SERIALNUMBER=91110105MA005CH48R,CN=北京火绒网络科技有限公司,O=北京火绒网络科技有限公司,ST=Beijing Shi,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f7:9e:c5:83:71:48:dd:4c:a2:bd:3d:a9:4d:03:c4:43:1b:fd:5d:07:4e:c1:66:b6:32:10:a9:83:d0:4b:63:8e
Signer

Actual PE Digest

f7:9e:c5:83:71:48:dd:4c:a2:bd:3d:a9:4d:03:c4:43:1b:fd:5d:07:4e:c1:66:b6:32:10:a9:83:d0:4b:63:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\docker\Documents\workspace\build-v2\common\hr_sysdiag-app-60\bin\x64\CrashDump.pdb

Imports

kernel32

GetModuleFileNameW
CreateFileW
OpenProcess
CloseHandle
LoadLibraryW
SetCurrentDirectoryW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCommandLineA
GetCommandLineW
GetStdHandle
WriteFile
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
RaiseException

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CrashHandler.dll
.dll windows:5 windows x64 arch:x64

6fe27ae8d64e3bea9c45cd3a8fffd0f5

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:ab:79:f2:98:a4:c1:8e:81:cb:7f:9f:90:99:55:fc
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

20/02/2024, 00:00

Not After

19/02/2027, 23:59

Subject

SERIALNUMBER=91110105MA005CH48R,CN=北京火绒网络科技有限公司,O=北京火绒网络科技有限公司,ST=Beijing Shi,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a4:6e:b1:27:8f:a9:21:ab:6b:62:4a:98:da:cb:e1:62:a9:e0:99:f7:34:6c:30:78:41:60:27:51:98:3f:18:ca
Signer

Actual PE Digest

a4:6e:b1:27:8f:a9:21:ab:6b:62:4a:98:da:cb:e1:62:a9:e0:99:f7:34:6c:30:78:41:60:27:51:98:3f:18:ca

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\docker\Documents\workspace\build-v2\common\hr_sysdiag-app-60\bin\x64\CrashHandler.pdb

Imports

kernel32

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
CreateProcessW
WaitForSingleObject
CloseHandle
ExitProcess
GetProcAddress
LoadLibraryW
GetModuleFileNameW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
RaiseException
CreateFileW

Exports

Exports

SetCrashHandle

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DuiLib.dll
.dll windows:5 windows x64 arch:x64

50fc88bdcacc91f12f1a1b2d39e6c2b6

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:ab:79:f2:98:a4:c1:8e:81:cb:7f:9f:90:99:55:fc
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

20/02/2024, 00:00

Not After

19/02/2027, 23:59

Subject

SERIALNUMBER=91110105MA005CH48R,CN=北京火绒网络科技有限公司,O=北京火绒网络科技有限公司,ST=Beijing Shi,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:fb:63:9f:23:f7:62:4d:a8:57:ce:d1:73:35:b4:4a:2b:68:c3:cf:d2:2b:61:17:b5:92:cd:af:d6:ce:51:2d
Signer

Actual PE Digest

ca:fb:63:9f:23:f7:62:4d:a8:57:ce:d1:73:35:b4:4a:2b:68:c3:cf:d2:2b:61:17:b5:92:cd:af:d6:ce:51:2d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\docker\Documents\workspace\build-v2\common\hrduilib\bin\x64\DuiLib.pdb

Imports

kernel32

DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
WaitForSingleObjectEx
OutputDebugStringA
SetEndOfFile
HeapSize
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
SetFileTime
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetStdHandle
HeapReAlloc
GetCurrentThread
GetStringTypeW
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RaiseException
EncodePointer
RtlPcToFileHeader
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetFilePointer
WriteFile
GetFileType
GetCurrentProcess
ExitProcess
GetACP
LoadLibraryExA
FreeLibrary
GetVersionExW
LoadLibraryA
GetCurrentProcessId
GetProcAddress
OpenProcess
DisableThreadLibraryCalls
WideCharToMultiByte
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
CloseHandle
ReadFile
GetFileSize
SizeofResource
LoadResource
LockResource
FreeResource
lstrlenW
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
GetProcessHeap
HeapFree
HeapAlloc
MultiByteToWideChar
GetTickCount
GetModuleHandleA
GetLocalTime
lstrcmpW
LoadLibraryW
MulDiv
GetDateFormatW
CreateThread

user32

IsChild
NotifyWinEvent
SetWindowLongPtrW
GetWindowLongPtrW
AdjustWindowRectEx
GetPropW
SetPropW
GetMenu
GetSystemMetrics
CreateWindowExW
GetClassInfoExW
RegisterClassExW
IsWindowVisible
IsIconic
DefWindowProcW
DestroyWindow
ShowWindow
MoveWindow
SetCapture
IsZoomed
KillTimer
GetUpdateRect
EnumChildWindows
CharPrevW
ReleaseCapture
SetTimer
CreateAcceleratorTableW
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
GetClientRect
ClientToScreen
ScreenToClient
FillRect
IntersectRect
PtInRect
GetGUIThreadInfo
SetCursor
SetRect
SendMessageW
SetWindowPos
CharNextW
SetFocus
GetFocus
MapWindowPoints
GetParent
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetCursorPos
OffsetRect
IsWindow
EnableWindow
DrawTextW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetCaretBlinkTime
GetCaretPos
UnionRect
IsRectEmpty
EqualRect
GetWindowLongW
SetWindowLongW
PrivateExtractIconsW
DestroyIcon
LoadImageW
DrawIconEx
GetIconInfo
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
PostQuitMessage
WindowFromPoint
GetWindow
MonitorFromPoint
GetKeyState
CreateCaret
HideCaret
ShowCaret
EnumDisplaySettingsW
wvsprintfW
InflateRect
SetCaretPos
GetSysColor
wsprintfW
CallWindowProcW
RegisterClassW
SetWindowRgn
MessageBoxW
LoadCursorW

gdi32

BitBlt
GetStockObject
CreateFontIndirectW
GetObjectA
GetObjectW
SetTextColor
SetBkMode
SelectObject
CreateSolidBrush
DeleteObject
GetDeviceCaps
RestoreDC
RoundRect
SaveDC
GetTextMetricsW
ExtCreatePen
CombineRgn
CreateCompatibleDC
CreateRectRgnIndirect
CreateRoundRectRgn
GetCharABCWidthsW
GetClipBox
GetTextColor
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
StretchBlt
SetStretchBltMode
MoveToEx
TextOutW
ExtTextOutW
SetViewportOrgEx
GdiFlush
CreatePen
DeleteDC
GetObjectType
CreateCompatibleBitmap
CreateDIBSection
Rectangle

shell32

SHGetFileInfoW

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleLockRunning

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdiplus

GdipAddPathBezier
GdipTransformPath
GdipSetPenStartCap
GdipSetPenColor
GdipSetPathGradientCenterPoint
GdipSetLineWrapMode
GdipDrawImageRect
GdipAddPathPolygon
GdipCreateLineBrushFromRectWithAngle
GdipSetPathGradientPresetBlend
GdipMultiplyLineTransform
GdipAddPathLine
GdipTranslateMatrix
GdipBitmapSetPixel
GdipBitmapUnlockBits
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipCreateMatrix
GdipSetMatrixElements
GdipSetPenBrushFill
GdipSetSmoothingMode
GdipSetWorldTransform
GdipSetPenMiterLimit
GdipSetPenLineCap197819
GdipSetPathGradientWrapMode
GdipCreateSolidFill
GdipResetPath
GdipFillPath
GdipGetPathWorldBounds
GdipSetPenDashArray
GdipSetPenWidth
GdipSetPixelOffsetMode
GdipAddPathEllipse
GdipClosePathFigure
GdipDrawPath
GdipSetPenLineJoin
GdipSetPenEndCap
GdipMultiplyPathGradientTransform
GdipSetPenDashOffset
GdipGetImageGraphicsContext
GdipGetPathGradientPointCount
ord1
GdipStartPathFigure
GdipDeletePen
GdipSetPathFillMode
GdipCreatePen1
GdipDeleteMatrix
GdipAddPathLine2
GdipSetPathGradientSurroundColorsWithCount
GdipCreateHBITMAPFromBitmap
GdipDeletePath
GdipCreatePath
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipCreateLineBrushI
GdipDeleteBrush
GdipCloneBrush
GdipDrawImagePointRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipBitmapGetPixel
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImageThumbnail
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipSetLinePresetBlend

shlwapi

PathIsUNCW
PathIsDirectoryW

comctl32

ord17
ImageList_DrawIndirect
ImageList_GetImageCount
_TrackMouseEvent

oleacc

CreateStdAccessibleObject
LresultFromObject

Exports

Exports

??0CAccessibleServer@DuiLib@@QEAA@AEBV01@@Z
??0CAccessibleServer@DuiLib@@QEAA@PEAVCPaintManagerUI@1@@Z
??0CActiveXUI@DuiLib@@QEAA@AEBV01@@Z
??0CActiveXUI@DuiLib@@QEAA@XZ
??0CAnimationData@DuiLib@@QEAA@HHHH@Z
??0CButtonUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CButtonUI@DuiLib@@QEAA@AEBV01@@Z
??0CButtonUI@DuiLib@@QEAA@XZ
??0CCascaderUI@DuiLib@@QEAA@AEBV01@@Z
??0CCascaderUI@DuiLib@@QEAA@XZ
??0CCheckBoxUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CCheckBoxUI@DuiLib@@QEAA@AEBV01@@Z
??0CCheckBoxUI@DuiLib@@QEAA@XZ
??0CChildLayoutUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CChildLayoutUI@DuiLib@@QEAA@AEBV01@@Z
??0CChildLayoutUI@DuiLib@@QEAA@XZ
??0CComboExUI@DuiLib@@QEAA@AEBV01@@Z
??0CComboExUI@DuiLib@@QEAA@XZ
??0CComboUI@DuiLib@@QEAA@AEBV01@@Z
??0CComboUI@DuiLib@@QEAA@XZ
??0CContainerUI@DuiLib@@QEAA@AEBV01@@Z
??0CContainerUI@DuiLib@@QEAA@XZ
??0CControlUI@DuiLib@@QEAA@AEBV01@@Z
??0CControlUI@DuiLib@@QEAA@XZ
??0CDPI@DuiLib@@QEAA@PEAUHWND__@@@Z
??0CDPI@DuiLib@@QEAA@XZ
??0CDateTimeUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CDateTimeUI@DuiLib@@QEAA@AEBV01@@Z
??0CDateTimeUI@DuiLib@@QEAA@XZ
??0CDelegateBase@DuiLib@@QEAA@AEBV01@@Z
??0CDelegateBase@DuiLib@@QEAA@PEAX0@Z
??0CDialogBuilder@DuiLib@@QEAA@XZ
??0CDuiDrawInfo@DuiLib@@QEAA@AEBV01@@Z
??0CDuiDrawInfo@DuiLib@@QEAA@XZ
??0CDuiPtrArray@DuiLib@@QEAA@AEBV01@@Z
??0CDuiPtrArray@DuiLib@@QEAA@H@Z
??0CDuiRect@DuiLib@@QEAA@AEBUtagRECT@@@Z
??0CDuiRect@DuiLib@@QEAA@HHHH@Z
??0CDuiRect@DuiLib@@QEAA@XZ
??0CDuiSize@DuiLib@@QEAA@AEBUtagSIZE@@@Z
??0CDuiSize@DuiLib@@QEAA@HH@Z
??0CDuiSize@DuiLib@@QEAA@UtagRECT@@@Z
??0CDuiSize@DuiLib@@QEAA@XZ
??0CDuiString@DuiLib@@QEAA@AEBV01@@Z
??0CDuiString@DuiLib@@QEAA@PEB_WH@Z
??0CDuiString@DuiLib@@QEAA@XZ
??0CDuiString@DuiLib@@QEAA@_W@Z
??0CDuiStringPtrMap@DuiLib@@QEAA@H@Z
??0CDuiValArray@DuiLib@@QEAA@HH@Z
??0CEditUI@DuiLib@@QEAA@AEBV01@@Z
??0CEditUI@DuiLib@@QEAA@XZ
??0CEventSource@DuiLib@@QEAA@AEBV01@@Z
??0CEventSource@DuiLib@@QEAA@XZ
??0CFileIconUI@DuiLib@@QEAA@AEBV01@@Z
??0CFileIconUI@DuiLib@@QEAA@XZ
??0CHorizontalLayoutUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CHorizontalLayoutUI@DuiLib@@QEAA@AEBV01@@Z
??0CHorizontalLayoutUI@DuiLib@@QEAA@XZ
??0CLabelUI@DuiLib@@QEAA@AEBV01@@Z
??0CLabelUI@DuiLib@@QEAA@XZ
??0CListBodyUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CListBodyUI@DuiLib@@QEAA@AEBV01@@Z
??0CListBodyUI@DuiLib@@QEAA@PEAVCListUI@1@@Z
??0CListContainerElementUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CListContainerElementUI@DuiLib@@QEAA@AEBV01@@Z
??0CListContainerElementUI@DuiLib@@QEAA@XZ
??0CListElementUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CListElementUI@DuiLib@@QEAA@AEBV01@@Z
??0CListElementUI@DuiLib@@QEAA@XZ
??0CListHeaderItemUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CListHeaderItemUI@DuiLib@@QEAA@AEBV01@@Z
??0CListHeaderItemUI@DuiLib@@QEAA@XZ
??0CListHeaderUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CListHeaderUI@DuiLib@@QEAA@AEBV01@@Z
??0CListHeaderUI@DuiLib@@QEAA@XZ
??0CListLabelElementUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CListLabelElementUI@DuiLib@@QEAA@AEBV01@@Z
??0CListLabelElementUI@DuiLib@@QEAA@XZ
??0CListMiddleUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CListMiddleUI@DuiLib@@QEAA@AEBV01@@Z
??0CListMiddleUI@DuiLib@@QEAA@XZ
??0CListNotifyKey@DuiLib@@IEAA@XZ
??0CListNotifyKey@DuiLib@@QEAA@$$QEAV01@@Z
??0CListNotifyKey@DuiLib@@QEAA@AEBV01@@Z
??0CListTextElementUI@DuiLib@@QEAA@AEBV01@@Z
??0CListTextElementUI@DuiLib@@QEAA@XZ
??0CListUI@DuiLib@@QEAA@AEBV01@@Z
??0CListUI@DuiLib@@QEAA@XZ
??0CMarkup@DuiLib@@QEAA@PEB_W@Z
??0CMarkupNode@DuiLib@@AEAA@PEAVCMarkup@1@H@Z
??0CMarkupNode@DuiLib@@QEAA@XZ
??0CMenuBodyUI@DuiLib@@QEAA@AEBV01@@Z
??0CMenuBodyUI@DuiLib@@QEAA@XZ
??0CMenuItemUI@DuiLib@@QEAA@AEBV01@@Z
??0CMenuItemUI@DuiLib@@QEAA@PEAVCMenuUI@1@@Z
??0CMenuUI@DuiLib@@QEAA@AEBV01@@Z
??0CMenuUI@DuiLib@@QEAA@PEB_WPEAVCMenuItemUI@1@@Z
??0CNotifyPump@DuiLib@@QEAA@$$QEAV01@@Z
??0CNotifyPump@DuiLib@@QEAA@AEBV01@@Z
??0CNotifyPump@DuiLib@@QEAA@XZ
??0COptionUI@DuiLib@@QEAA@AEBV01@@Z
??0COptionUI@DuiLib@@QEAA@XZ
??0CPaintManagerUI@DuiLib@@QEAA@AEBV01@@Z
??0CPaintManagerUI@DuiLib@@QEAA@XZ
??0CPoint@DuiLib@@QEAA@AEBUtagPOINT@@@Z
??0CPoint@DuiLib@@QEAA@HH@Z
??0CPoint@DuiLib@@QEAA@XZ
??0CPoint@DuiLib@@QEAA@_J@Z
??0CProgressUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CProgressUI@DuiLib@@QEAA@AEBV01@@Z
??0CProgressUI@DuiLib@@QEAA@XZ
??0CRenderClip@DuiLib@@QEAA@XZ
??0CRichEditUI@DuiLib@@QEAA@AEBV01@@Z
??0CRichEditUI@DuiLib@@QEAA@XZ
??0CScrollBarUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CScrollBarUI@DuiLib@@QEAA@AEBV01@@Z
??0CScrollBarUI@DuiLib@@QEAA@XZ
??0CSliderUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CSliderUI@DuiLib@@QEAA@AEBV01@@Z
??0CSliderUI@DuiLib@@QEAA@XZ
??0CTabControlMgr@DuiLib@@QEAA@AEBV01@@Z
??0CTabControlMgr@DuiLib@@QEAA@PEAVCPaintManagerUI@1@@Z
??0CTabLayoutUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CTabLayoutUI@DuiLib@@QEAA@AEBV01@@Z
??0CTabLayoutUI@DuiLib@@QEAA@XZ
??0CTextUI@DuiLib@@QEAA@AEBV01@@Z
??0CTextUI@DuiLib@@QEAA@XZ
??0CTileLayoutUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CTileLayoutUI@DuiLib@@QEAA@AEBV01@@Z
??0CTileLayoutUI@DuiLib@@QEAA@XZ
??0CTranslateManager@DuiLib@@QEAA@AEBV01@@Z
??0CTranslateManager@DuiLib@@QEAA@XZ
??0CTreeNodeExUI@DuiLib@@QEAA@AEBV01@@Z
??0CTreeNodeExUI@DuiLib@@QEAA@XZ
??0CTreeNodeUI@DuiLib@@QEAA@AEBV01@@Z
??0CTreeNodeUI@DuiLib@@QEAA@PEAV01@@Z
??0CTreeViewExUI@DuiLib@@QEAA@AEBV01@@Z
??0CTreeViewExUI@DuiLib@@QEAA@K@Z
??0CTreeViewUI@DuiLib@@QEAA@AEBV01@@Z
??0CTreeViewUI@DuiLib@@QEAA@XZ
??0CTxtWinHost@DuiLib@@QEAA@AEBV01@@Z
??0CTxtWinHost@DuiLib@@QEAA@XZ
??0CUIAnimation@DuiLib@@QEAA@$$QEAV01@@Z
??0CUIAnimation@DuiLib@@QEAA@AEBV01@@Z
??0CUIAnimation@DuiLib@@QEAA@PEAVCControlUI@1@@Z
??0CVListBodyUI@DuiLib@@QEAA@AEBV01@@Z
??0CVListBodyUI@DuiLib@@QEAA@PEAVCVListUI@1@@Z
??0CVListUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CVListUI@DuiLib@@QEAA@AEBV01@@Z
??0CVListUI@DuiLib@@QEAA@XZ
??0CVerticalLayoutUI@DuiLib@@QEAA@$$QEAV01@@Z
??0CVerticalLayoutUI@DuiLib@@QEAA@AEBV01@@Z
??0CVerticalLayoutUI@DuiLib@@QEAA@XZ
??0CWaitCursor@DuiLib@@QEAA@XZ
??0CWebBrowserUI@DuiLib@@QEAA@AEBV01@@Z
??0CWebBrowserUI@DuiLib@@QEAA@XZ
??0CWindowWnd@DuiLib@@QEAA@$$QEAV01@@Z
??0CWindowWnd@DuiLib@@QEAA@AEBV01@@Z
??0CWindowWnd@DuiLib@@QEAA@XZ
??0ITreeInfo@DuiLib@@QEAA@AEBV01@@Z
??0ITreeInfo@DuiLib@@QEAA@XZ
??0IUIAnimation@DuiLib@@QEAA@AEBV01@@Z
??0IUIAnimation@DuiLib@@QEAA@XZ
??0IVListCallbackUI@DuiLib@@QEAA@$$QEAV01@@Z
??0IVListCallbackUI@DuiLib@@QEAA@AEBV01@@Z
??0IVListCallbackUI@DuiLib@@QEAA@XZ
??0WindowImplBase@DuiLib@@QEAA@AEBV01@@Z
??0WindowImplBase@DuiLib@@QEAA@XZ
??1CAccessibleServer@DuiLib@@UEAA@XZ
??1CActiveXUI@DuiLib@@UEAA@XZ
??1CButtonUI@DuiLib@@UEAA@XZ
??1CCascaderUI@DuiLib@@UEAA@XZ
??1CCheckBoxUI@DuiLib@@UEAA@XZ
??1CChildLayoutUI@DuiLib@@UEAA@XZ
??1CComboExUI@DuiLib@@UEAA@XZ
??1CComboUI@DuiLib@@UEAA@XZ
??1CContainerUI@DuiLib@@UEAA@XZ
??1CControlUI@DuiLib@@UEAA@XZ
??1CDateTimeUI@DuiLib@@UEAA@XZ
??1CDelegateBase@DuiLib@@UEAA@XZ
??1CDialogBuilder@DuiLib@@QEAA@XZ
??1CDuiDrawInfo@DuiLib@@QEAA@XZ
??1CDuiPtrArray@DuiLib@@QEAA@XZ
??1CDuiString@DuiLib@@QEAA@XZ
??1CDuiStringPtrMap@DuiLib@@QEAA@XZ
??1CDuiValArray@DuiLib@@QEAA@XZ
??1CEditUI@DuiLib@@UEAA@XZ
??1CEventSource@DuiLib@@QEAA@XZ
??1CFileIconUI@DuiLib@@UEAA@XZ
??1CHorizontalLayoutUI@DuiLib@@UEAA@XZ
??1CLabelUI@DuiLib@@UEAA@XZ
??1CListBodyUI@DuiLib@@UEAA@XZ
??1CListContainerElementUI@DuiLib@@UEAA@XZ
??1CListElementUI@DuiLib@@UEAA@XZ
??1CListHeaderItemUI@DuiLib@@UEAA@XZ
??1CListHeaderUI@DuiLib@@UEAA@XZ
??1CListLabelElementUI@DuiLib@@UEAA@XZ
??1CListMiddleUI@DuiLib@@UEAA@XZ
??1CListNotifyKey@DuiLib@@QEAA@XZ
??1CListTextElementUI@DuiLib@@UEAA@XZ
??1CListUI@DuiLib@@UEAA@XZ
??1CMarkup@DuiLib@@QEAA@XZ
??1CMenuBodyUI@DuiLib@@UEAA@XZ
??1CMenuItemUI@DuiLib@@UEAA@XZ
??1CMenuUI@DuiLib@@UEAA@XZ
??1CNotifyPump@DuiLib@@QEAA@XZ
??1COptionUI@DuiLib@@UEAA@XZ
??1CPaintManagerUI@DuiLib@@QEAA@XZ
??1CProgressUI@DuiLib@@UEAA@XZ
??1CRenderClip@DuiLib@@QEAA@XZ
??1CRichEditUI@DuiLib@@UEAA@XZ
??1CScrollBarUI@DuiLib@@UEAA@XZ
??1CSliderUI@DuiLib@@UEAA@XZ
??1CTabControlMgr@DuiLib@@QEAA@XZ
??1CTabLayoutUI@DuiLib@@UEAA@XZ
??1CTextUI@DuiLib@@UEAA@XZ
??1CTileLayoutUI@DuiLib@@UEAA@XZ
??1CTranslateManager@DuiLib@@QEAA@XZ
??1CTreeNodeExUI@DuiLib@@UEAA@XZ
??1CTreeNodeUI@DuiLib@@UEAA@XZ
??1CTreeViewExUI@DuiLib@@UEAA@XZ
??1CTreeViewUI@DuiLib@@UEAA@XZ
??1CTxtWinHost@DuiLib@@UEAA@XZ
??1CUIAnimation@DuiLib@@UEAA@XZ
??1CVListBodyUI@DuiLib@@UEAA@XZ
??1CVListUI@DuiLib@@UEAA@XZ
??1CVerticalLayoutUI@DuiLib@@UEAA@XZ
??1CWaitCursor@DuiLib@@QEAA@XZ
??1CWebBrowserUI@DuiLib@@UEAA@XZ
??1ITreeInfo@DuiLib@@QEAA@XZ
??1IUIAnimation@DuiLib@@UEAA@XZ
??1WindowImplBase@DuiLib@@UEAA@XZ
??4CAccessibleServer@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CActiveXUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CAnimationData@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CAnimationData@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CButtonUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CButtonUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CCascaderUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CCheckBoxUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CCheckBoxUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CChildLayoutUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CChildLayoutUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CComboExUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CComboUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CContainerUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CControlUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CDPI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CDPI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CDateTimeUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CDateTimeUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CDelegateBase@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CDialogBuilder@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CDialogBuilder@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CDuiDrawInfo@DuiLib@@QEAAAEBV01@AEBV01@@Z
??4CDuiPtrArray@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CDuiRect@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CDuiRect@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CDuiSize@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CDuiSize@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CDuiString@DuiLib@@QEAAAEBV01@AEBV01@@Z
??4CDuiString@DuiLib@@QEAAAEBV01@PEBD@Z
??4CDuiString@DuiLib@@QEAAAEBV01@PEB_W@Z
??4CDuiString@DuiLib@@QEAAAEBV01@_W@Z
??4CDuiStringPtrMap@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CDuiValArray@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CEditUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CEventSource@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CFileIconUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CHorizontalLayoutUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CHorizontalLayoutUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CLabelUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CListBodyUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CListBodyUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CListContainerElementUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CListContainerElementUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CListElementUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CListElementUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CListHeaderItemUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CListHeaderItemUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CListHeaderUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CListHeaderUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CListLabelElementUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CListLabelElementUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CListMiddleUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CListMiddleUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CListNotifyKey@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CListNotifyKey@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CListTextElementUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CListUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CMarkup@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CMarkupNode@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CMarkupNode@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CMenuBodyUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CMenuItemUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CMenuUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CNotifyPump@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CNotifyPump@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4COptionUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CPaintManagerUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CPoint@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CPoint@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CProgressUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CProgressUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CRenderClip@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CRenderEngine@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CRenderEngine@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CRichEditUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CScrollBarUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CScrollBarUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CSliderUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CSliderUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CTabControlMgr@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CTabLayoutUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CTabLayoutUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CTextUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CTileLayoutUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CTileLayoutUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CTranslateManager@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CTreeNodeExUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CTreeNodeUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CTreeViewExUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CTreeViewUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CTxtWinHost@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CUIAnimation@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CUIAnimation@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CVListBodyUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CVListUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CVListUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CVerticalLayoutUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CVerticalLayoutUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CWaitCursor@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CWebBrowserUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4CWindowWnd@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4CWindowWnd@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4ITreeInfo@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4IUIAnimation@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4IVListCallbackUI@DuiLib@@QEAAAEAV01@$$QEAV01@@Z
??4IVListCallbackUI@DuiLib@@QEAAAEAV01@AEBV01@@Z
??4WindowImplBase@DuiLib@@QEAAAEAV01@AEBV01@@Z
??8CDuiString@DuiLib@@QEBA_NPEB_W@Z
??9CDuiString@DuiLib@@QEBA_NPEB_W@Z
??ACDuiPtrArray@DuiLib@@QEBAPEAXH@Z
??ACDuiString@DuiLib@@QEBA_WH@Z
??ACDuiStringPtrMap@DuiLib@@QEBAPEB_WH@Z
??ACDuiValArray@DuiLib@@QEBAPEAXH@Z
??BCDuiString@DuiLib@@QEBAPEB_WXZ
??BCEventSource@DuiLib@@QEAA_NXZ
??BCWindowWnd@DuiLib@@QEBAPEAUHWND__@@XZ
??HCDuiString@DuiLib@@QEBA?AV01@AEBV01@@Z
??HCDuiString@DuiLib@@QEBA?AV01@PEB_W@Z
??MCDuiString@DuiLib@@QEBA_NPEB_W@Z
??NCDuiString@DuiLib@@QEBA_NPEB_W@Z
??OCDuiString@DuiLib@@QEBA_NPEB_W@Z
??PCDuiString@DuiLib@@QEBA_NPEB_W@Z
??RCDelegateBase@DuiLib@@QEAA_NPEAX@Z
??RCEventSource@DuiLib@@QEAA_NPEAX@Z
??YCDuiString@DuiLib@@QEAAAEBV01@AEBV01@@Z
??YCDuiString@DuiLib@@QEAAAEBV01@PEBD@Z
??YCDuiString@DuiLib@@QEAAAEBV01@PEB_W@Z
??YCDuiString@DuiLib@@QEAAAEBV01@_W@Z
??YCEventSource@DuiLib@@QEAAXAEBVCDelegateBase@1@@Z
??YCEventSource@DuiLib@@QEAAXP6A_NPEAX@Z@Z
??ZCEventSource@DuiLib@@QEAAXAEBVCDelegateBase@1@@Z
??ZCEventSource@DuiLib@@QEAAXP6A_NPEAX@Z@Z
??_7CAccessibleServer@DuiLib@@6BIAccessible@@@
??_7CAccessibleServer@DuiLib@@6BIEnumVARIANT@@@
??_7CActiveXUI@DuiLib@@6BCControlUI@1@@
??_7CActiveXUI@DuiLib@@6BIMessageFilterUI@1@@
??_7CButtonUI@DuiLib@@6BCControlUI@1@@
??_7CButtonUI@DuiLib@@6BITranslateManagerCallback@1@@
??_7CCascaderUI@DuiLib@@6BCControlUI@1@@
??_7CCascaderUI@DuiLib@@6BITranslateManagerCallback@1@@
??_7CCheckBoxUI@DuiLib@@6BCControlUI@1@@
??_7CCheckBoxUI@DuiLib@@6BITranslateManagerCallback@1@@
??_7CChildLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CChildLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CComboExUI@DuiLib@@6B@
??_7CComboExUI@DuiLib@@6BCControlUI@1@@
??_7CComboExUI@DuiLib@@6BIContainerUI@1@@
??_7CComboUI@DuiLib@@6B@
??_7CComboUI@DuiLib@@6BCControlUI@1@@
??_7CComboUI@DuiLib@@6BIContainerUI@1@@
??_7CContainerUI@DuiLib@@6BCControlUI@1@@
??_7CContainerUI@DuiLib@@6BIContainerUI@1@@
??_7CControlUI@DuiLib@@6B@
??_7CDateTimeUI@DuiLib@@6BCControlUI@1@@
??_7CDateTimeUI@DuiLib@@6BITranslateManagerCallback@1@@
??_7CDelegateBase@DuiLib@@6B@
??_7CEditUI@DuiLib@@6B@
??_7CEditUI@DuiLib@@6BCControlUI@1@@
??_7CEditUI@DuiLib@@6BITranslateManagerCallback@1@@
??_7CFileIconUI@DuiLib@@6B@
??_7CHorizontalLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CHorizontalLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CLabelUI@DuiLib@@6BCControlUI@1@@
??_7CLabelUI@DuiLib@@6BITranslateManagerCallback@1@@
??_7CListBodyUI@DuiLib@@6BCControlUI@1@@
??_7CListBodyUI@DuiLib@@6BIContainerUI@1@@
??_7CListContainerElementUI@DuiLib@@6B@
??_7CListContainerElementUI@DuiLib@@6BCControlUI@1@@
??_7CListContainerElementUI@DuiLib@@6BIContainerUI@1@@
??_7CListElementUI@DuiLib@@6BCControlUI@1@@
??_7CListElementUI@DuiLib@@6BIListItemUI@1@@
??_7CListHeaderItemUI@DuiLib@@6BCControlUI@1@@
??_7CListHeaderItemUI@DuiLib@@6BIContainerUI@1@@
??_7CListHeaderUI@DuiLib@@6BCControlUI@1@@
??_7CListHeaderUI@DuiLib@@6BIContainerUI@1@@
??_7CListLabelElementUI@DuiLib@@6BCControlUI@1@@
??_7CListLabelElementUI@DuiLib@@6BIListItemUI@1@@
??_7CListMiddleUI@DuiLib@@6BCControlUI@1@@
??_7CListMiddleUI@DuiLib@@6BIContainerUI@1@@
??_7CListTextElementUI@DuiLib@@6BCControlUI@1@@
??_7CListTextElementUI@DuiLib@@6BIListItemUI@1@@
??_7CListUI@DuiLib@@6B@
??_7CListUI@DuiLib@@6BCControlUI@1@@
??_7CListUI@DuiLib@@6BIContainerUI@1@@
??_7CMenuBodyUI@DuiLib@@6B@
??_7CMenuBodyUI@DuiLib@@6BCControlUI@1@@
??_7CMenuBodyUI@DuiLib@@6BIContainerUI@1@@
??_7CMenuItemUI@DuiLib@@6B@
??_7CMenuItemUI@DuiLib@@6BCControlUI@1@@
??_7CMenuItemUI@DuiLib@@6BIContainerUI@1@@
??_7CMenuUI@DuiLib@@6BCWindowWnd@1@@
??_7CMenuUI@DuiLib@@6BIDialogBuilderCallback@1@@
??_7CMenuUI@DuiLib@@6BINotifyUI@1@@
??_7CNotifyPump@DuiLib@@6B@
??_7COptionUI@DuiLib@@6BCControlUI@1@@
??_7COptionUI@DuiLib@@6BITranslateManagerCallback@1@@
??_7CProgressUI@DuiLib@@6BCControlUI@1@@
??_7CProgressUI@DuiLib@@6BITranslateManagerCallback@1@@
??_7CRichEditUI@DuiLib@@6B@
??_7CRichEditUI@DuiLib@@6BCControlUI@1@@
??_7CRichEditUI@DuiLib@@6BIContainerUI@1@@
??_7CScrollBarUI@DuiLib@@6B@
??_7CSliderUI@DuiLib@@6BCControlUI@1@@
??_7CSliderUI@DuiLib@@6BITranslateManagerCallback@1@@
??_7CTabLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CTabLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CTextUI@DuiLib@@6BCControlUI@1@@
??_7CTextUI@DuiLib@@6BITranslateManagerCallback@1@@
??_7CTileLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CTileLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeNodeExUI@DuiLib@@6B@
??_7CTreeNodeExUI@DuiLib@@6BCControlUI@1@@
??_7CTreeNodeExUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeNodeUI@DuiLib@@6B@
??_7CTreeNodeUI@DuiLib@@6BCControlUI@1@@
??_7CTreeNodeUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeViewExUI@DuiLib@@6BCControlUI@1@@
??_7CTreeViewExUI@DuiLib@@6BCVListUI@1@@
??_7CTreeViewExUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeViewExUI@DuiLib@@6BITreeInfo@1@@
??_7CTreeViewExUI@DuiLib@@6BIVListCallbackUI@1@@
??_7CTreeViewUI@DuiLib@@6BCControlUI@1@@
??_7CTreeViewUI@DuiLib@@6BCListUI@1@@
??_7CTreeViewUI@DuiLib@@6BIContainerUI@1@@
??_7CTreeViewUI@DuiLib@@6BINotifyUI@1@@
??_7CTxtWinHost@DuiLib@@6B@
??_7CUIAnimation@DuiLib@@6B@
??_7CVListBodyUI@DuiLib@@6BCControlUI@1@@
??_7CVListBodyUI@DuiLib@@6BIContainerUI@1@@
??_7CVListUI@DuiLib@@6B@
??_7CVListUI@DuiLib@@6BCControlUI@1@@
??_7CVListUI@DuiLib@@6BIContainerUI@1@@
??_7CVerticalLayoutUI@DuiLib@@6BCControlUI@1@@
??_7CVerticalLayoutUI@DuiLib@@6BIContainerUI@1@@
??_7CWebBrowserUI@DuiLib@@6BCControlUI@1@@
??_7CWebBrowserUI@DuiLib@@6BIDispatch@@@
??_7CWebBrowserUI@DuiLib@@6BIDocHostUIHandler@@@
??_7CWebBrowserUI@DuiLib@@6BIMessageFilterUI@1@@
??_7CWebBrowserUI@DuiLib@@6BIOleCommandTarget@@@
??_7CWebBrowserUI@DuiLib@@6BIServiceProvider@@@
??_7CWebBrowserUI@DuiLib@@6BITranslateAccelerator@1@@
??_7CWindowWnd@DuiLib@@6B@
??_7ITreeInfo@DuiLib@@6B@
??_7IUIAnimation@DuiLib@@6B@
??_7IVListCallbackUI@DuiLib@@6B@
??_7WindowImplBase@DuiLib@@6BCNotifyPump@1@@
??_7WindowImplBase@DuiLib@@6BCWindowWnd@1@@
??_7WindowImplBase@DuiLib@@6BIDialogBuilderCallback@1@@
??_7WindowImplBase@DuiLib@@6BIMessageFilterUI@1@@
??_7WindowImplBase@DuiLib@@6BINotifyUI@1@@
??_FCDuiPtrArray@DuiLib@@QEAAXXZ
??_FCDuiStringPtrMap@DuiLib@@QEAAXXZ
??_FCMarkup@DuiLib@@QEAAXXZ
??_FCMenuUI@DuiLib@@QEAAXXZ
??_FCTreeNodeUI@DuiLib@@QEAAXXZ
??_FCTreeViewExUI@DuiLib@@QEAAXXZ
?AccSerStringFormat@CControlUI@DuiLib@@QEAAXPEB_WZZ
?Activate@CButtonUI@DuiLib@@UEAA_NXZ
?Activate@CCascaderUI@DuiLib@@UEAA_NXZ
?Activate@CCheckBoxUI@DuiLib@@UEAA_NXZ
?Activate@CComboExUI@DuiLib@@UEAA_NXZ
?Activate@CComboUI@DuiLib@@UEAA_NXZ
?Activate@CControlUI@DuiLib@@UEAA_NXZ
?Activate@CListContainerElementUI@DuiLib@@UEAA_NXZ
?Activate@CListElementUI@DuiLib@@UEAA_NXZ
?Activate@COptionUI@DuiLib@@UEAA_NXZ
?Add@CComboUI@DuiLib@@UEAA_NPEAVCControlUI@2@@Z

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 535KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Nov2008_XAudio_x64.cab
.cab
Nov2008_XAudio_x64.inf
XAPOFX1_2.dll
.dll windows:6 windows x64 arch:x64

b9fff31472f46cb47adc63867dabf2c1

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:81:13:f4:b3:b1:c0:58:4b:b3:73:12:a2:b5:a0:f2:0f:0c:8f:fd
Signer

Actual PE Digest

ed:81:13:f4:b3:b1:c0:58:4b:b3:73:12:a2:b5:a0:f2:0f:0c:8f:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

XAPOFX1_2.pdb

Imports

msvcrt

__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
sqrtf
memset
memcpy
_aligned_free
memcmp
_aligned_malloc
pow
powf
_control87
cos
_vsnprintf
sin
floorf
tanf

kernel32

HeapFree
SwitchToThread
HeapAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
GetProcessHeap

ole32

CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

CreateFX

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XAudio2_3.dll
.dll regsvr32 windows:6 windows x64 arch:x64

0b4113924c13bbc1ea99e7826778fb64

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:28:6f:d4:95:32:19:b0:13:94:0d:25:05:c3:a3:1c:bf:b2:f3:ff
Signer

Actual PE Digest

25:28:6f:d4:95:32:19:b0:13:94:0d:25:05:c3:a3:1c:bf:b2:f3:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

xaudio2_3.pdb

Imports

msvcrt

memmove
sqrtf
log
memset
memcpy
__C_specific_handler
powf
atanf
_amsg_exit
cosf
free
_initterm
malloc
_XcptFilter
_purecall
_vsnprintf
sinf
_aligned_malloc
_aligned_free
_vsnwprintf
sin
floorf
cos
memcmp
_control87
pow
exp

kernel32

LoadLibraryA
WaitForSingleObjectEx
CreateThread
ResumeThread
GetProcessAffinityMask
SetThreadAffinityMask
GetVersionExA
GetProcAddress
lstrcmpW
ResetEvent
SetEvent
CreateEventA
CreateSemaphoreA
CloseHandle
SwitchToThread
GetProcessHeap
HeapSize
GetSystemInfo
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
Sleep
GetModuleFileNameA
DisableThreadLibraryCalls
WaitForSingleObject
DuplicateHandle
WaitForMultipleObjects
FreeLibrary
ReleaseSemaphore
GetCurrentThreadId
TryEnterCriticalSection
SetThreadPriority
GetCurrentThread
GetThreadPriority
InitializeCriticalSection
HeapCreate
GetLastError
HeapDestroy
DeleteCriticalSection
OutputDebugStringA
HeapAlloc
LeaveCriticalSection
QueryPerformanceFrequency
EnterCriticalSection
HeapFree

ole32

PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA

rpcrt4

RpcStringFreeA
UuidToStringA

winmm

timeBeginPeriod
timeEndPeriod

user32

GetDesktopWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.no_bbt
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XAudio2_3_x64.cat
XAudio2_3_x64.inf
XAudio2_3_x64_xp.inf
infinst.exe
.exe windows:6 windows x64 arch:x64

b22a4f669312ee374cb26a4eb9e4098a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

infinst.pdb

Imports

kernel32

LocalFree
FormatMessageA
GetWindowsDirectoryA
CreateDirectoryA
GetLastError
OutputDebugStringA
MoveFileExA
GetModuleFileNameA
FindFirstFileA
CopyFileA
GetCurrentDirectoryA
CompareStringA
FindClose
GetPrivateProfileStringA
CloseHandle
CreateFileA
lstrlenA
CreateFileW
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
ReadFile
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetCommandLineA
GetVersionExW
GetStartupInfoW
GetLocalTime
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsSetValue
FlsGetValue
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
Sleep
GetConsoleCP
GetConsoleMode
SetFilePointer
SetStdHandle
FlushFileBuffers
LCMapStringW
MultiByteToWideChar
GetStringTypeW

user32

CharNextA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupCloseInfFile
SetupCloseFileQueue
SetupOpenFileQueue
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupOpenInfFileA
SetupDiSetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupInstallFromInfSectionA
SetupDefaultQueueCallbackA
SetupCopyOEMInfA

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Nov2008_XAudio_x86.cab
.cab
Nov2008_XAudio_x86.inf
XAPOFX1_2.dll
.dll windows:6 windows x86 arch:x86

c5805c0b212a91c28f845c32f8f87d12

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:da:27:81:aa:43:6b:0a:71:8d:81:e7:73:e4:68:42:c0:2d:1b:2a
Signer

Actual PE Digest

c4:da:27:81:aa:43:6b:0a:71:8d:81:e7:73:e4:68:42:c0:2d:1b:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

XAPOFX1_2.pdb

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
sqrt
_aligned_malloc
memcpy
_aligned_free
memcmp
cos
sin
memset
_CIpow
floor
_vsnprintf
_control87

kernel32

GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
HeapFree
SwitchToThread
DebugBreak
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedIncrement
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
IsProcessorFeaturePresent
InterlockedDecrement

ole32

CoTaskMemFree
CoTaskMemAlloc

user32

MessageBoxA

Exports

Exports

CreateFX

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XAudio2_3.dll
.dll regsvr32 windows:6 windows x86 arch:x86

07251bd5f22f6000eb2c22a92806cc8f

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:01:41:ca:60:0d:2a:14:78:64:b5:6f:36:5e:34:4e:d7:df:e7:3f
Signer

Actual PE Digest

2e:01:41:ca:60:0d:2a:14:78:64:b5:6f:36:5e:34:4e:d7:df:e7:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

xaudio2_3.pdb

Imports

msvcrt

memset
_amsg_exit
_initterm
free
malloc
_XcptFilter
ceil
_CIpow
_control87
strlen
_purecall
memmove
_vsnprintf
_adjust_fdiv
memcmp
memcpy
_aligned_malloc
_aligned_free
strcmp
wcslen
_vsnwprintf
sin
cos
floor
sqrt

kernel32

FreeLibrary
WaitForSingleObjectEx
CreateThread
ResumeThread
GetProcessAffinityMask
SetThreadAffinityMask
lstrcmpW
GetProcAddress
GetVersionExA
ResetEvent
SetEvent
CreateEventA
CreateSemaphoreA
LoadLibraryA
ReleaseSemaphore
GetProcessHeap
HeapSize
GetSystemInfo
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
DisableThreadLibraryCalls
SwitchToThread
WaitForSingleObject
DuplicateHandle
WaitForMultipleObjects
CloseHandle
GetModuleFileNameA
GetCurrentThreadId
HeapDestroy
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapCreate
GetLastError
QueryPerformanceFrequency
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree
GetCurrentThread
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
GetThreadPriority
IsProcessorFeaturePresent
SetThreadPriority
DebugBreak

ole32

PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString

user32

MessageBoxA
GetDesktopWindow

rpcrt4

UuidToStringA
RpcStringFreeA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA

winmm

timeBeginPeriod
timeEndPeriod

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 476KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.no_bbt
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XAudio2_3_x86.cat
XAudio2_3_x86.inf
XAudio2_3_x86_xp.inf
$PLUGINSDIR/Nov2008_d3dx10_40_x86.cab
.cab
D3DCompiler_40.dll
.dll windows:6 windows x86 arch:x86

35b8c0a7c0a05f310fd4dc0f3d466cd4

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:46:40:77:30:b6:a4:d4:6a:1d:d0:2f:f1:ff:25:af:d0:fc:25:da
Signer

Actual PE Digest

42:46:40:77:30:b6:a4:d4:6a:1d:d0:2f:f1:ff:25:af:d0:fc:25:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_40.pdb

Imports

msvcrt

__dllonexit
_lock
_onexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
isspace
_amsg_exit
_initterm
_XcptFilter
_CxxThrowException
memset
memcpy
isxdigit
atof
_strdup
modf
isalnum
_isnan
ceil
_finite
strrchr
_clearfp
_controlfp
_strnicmp
_fpclass
_purecall
getenv
_stricmp
strncmp
setlocale
memmove
qsort
isalpha
toupper
atoi
isdigit
tolower
sscanf
free
malloc
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
_vsnprintf
__CxxFrameHandler
strstr
floor
_CIfmod
_CItanh
_CItan
_CIsinh
_CIsin
_CIlog
_CIpow
_CIexp
_CIsqrt
_CIcosh
_CIcos
_CIatan2
_CIatan
_CIasin
_CIacos

gdi32

DeleteObject

kernel32

GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
UnmapViewOfFile
CloseHandle
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
UnhandledExceptionFilter
GetFullPathNameA
HeapCreate
OutputDebugStringA
LoadLibraryA
GetModuleHandleA
lstrcmpiA
GetEnvironmentVariableA
TlsFree
TlsGetValue
HeapDestroy
TlsSetValue
InterlockedExchange
TlsAlloc
Sleep
InterlockedCompareExchange
GetVersion
GetSystemInfo
GetProcAddress
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
DisableThreadLibraryCalls
VirtualFree
SetUnhandledExceptionFilter

Exports

Exports

D3DCompile
D3DDisassemble
D3DDisassemble10Effect
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DPreprocess
D3DReflect
D3DReturnFailure1
D3DStripShader
DebugSetMute

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nov2008_d3dx10_40_x86.inf
d3dx10_40.dll
.dll windows:6 windows x86 arch:x86

38002bfb317baf0ab2ecb9ab8d6f152f

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:bc:7e:bf:96:3b:74:48:80:8d:a9:26:7c:9d:6c:68:fa:78:0e:b7
Signer

Actual PE Digest

2a:bc:7e:bf:96:3b:74:48:80:8d:a9:26:7c:9d:6c:68:fa:78:0e:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d3dx10_40.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_amsg_exit
_initterm
free
malloc
_XcptFilter
tolower
_stricmp
_CxxThrowException
_isnan
floor
_controlfp
_purecall
_CIatan
_CIcos
_CIasin
_finite
_CIsin
_CIatan2
_CIacos
_CIsqrt
iswspace
iswalpha
iswdigit
iswpunct
memmove
qsort
memset
??2@YAPAXI@Z
memcpy
??3@YAXPAX@Z
_vsnprintf
__CxxFrameHandler

gdi32

CreateDIBSection
GetCharacterPlacementA
GetCharacterPlacementW
SetTextColor
DeleteDC
DeleteObject
SelectObject
GetGlyphOutlineA
GetTextMetricsA
GetObjectW
GetObjectA
SetBkMode
GetTextMetricsW
GetFontLanguageInfo
CreateFontIndirectA
CreateFontIndirectW
SetTextAlign
SetMapMode
CreateCompatibleDC
ExtTextOutA
MoveToEx
ExtTextOutW
TranslateCharsetInfo
SetBkColor

kernel32

IsProcessorFeaturePresent
MultiByteToWideChar
CreateFileA
GetFileSizeEx
ReadFile
WideCharToMultiByte
GetFullPathNameA
GetModuleHandleA
FreeLibrary
GetCurrentProcess
GetProcessAffinityMask
CreateThread
InterlockedIncrement
Sleep
WaitForSingleObject
InterlockedDecrement
DebugBreak
CreateFileW
ReleaseSemaphore
ReleaseMutex
CloseHandle
CreateSemaphoreA
CreateMutexA
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
GetVersion
GetProcAddress
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
GetModuleFileNameA
InterlockedExchange
InterlockedCompareExchange
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetLastError
LockResource
FindResourceW
LoadResource
SizeofResource
FindResourceA
WaitForMultipleObjects

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

ole32

CreateStreamOnHGlobal

Exports

Exports

D3DX10CheckVersion
D3DX10CompileFromFileA
D3DX10CompileFromFileW
D3DX10CompileFromMemory
D3DX10CompileFromResourceA
D3DX10CompileFromResourceW
D3DX10ComputeNormalMap
D3DX10CreateAsyncCompilerProcessor
D3DX10CreateAsyncEffectCreateProcessor
D3DX10CreateAsyncEffectPoolCreateProcessor
D3DX10CreateAsyncFileLoaderA
D3DX10CreateAsyncFileLoaderW
D3DX10CreateAsyncMemoryLoader
D3DX10CreateAsyncResourceLoaderA
D3DX10CreateAsyncResourceLoaderW
D3DX10CreateAsyncShaderPreprocessProcessor
D3DX10CreateAsyncShaderResourceViewProcessor
D3DX10CreateAsyncTextureInfoProcessor
D3DX10CreateAsyncTextureProcessor
D3DX10CreateDevice
D3DX10CreateDeviceAndSwapChain
D3DX10CreateEffectFromFileA
D3DX10CreateEffectFromFileW
D3DX10CreateEffectFromMemory
D3DX10CreateEffectFromResourceA
D3DX10CreateEffectFromResourceW
D3DX10CreateEffectPoolFromFileA
D3DX10CreateEffectPoolFromFileW
D3DX10CreateEffectPoolFromMemory
D3DX10CreateEffectPoolFromResourceA
D3DX10CreateEffectPoolFromResourceW
D3DX10CreateFontA
D3DX10CreateFontIndirectA
D3DX10CreateFontIndirectW
D3DX10CreateFontW
D3DX10CreateMesh
D3DX10CreateShaderResourceViewFromFileA
D3DX10CreateShaderResourceViewFromFileW
D3DX10CreateShaderResourceViewFromMemory
D3DX10CreateShaderResourceViewFromResourceA
D3DX10CreateShaderResourceViewFromResourceW
D3DX10CreateSkinInfo
D3DX10CreateSprite
D3DX10CreateTextureFromFileA
D3DX10CreateTextureFromFileW
D3DX10CreateTextureFromMemory
D3DX10CreateTextureFromResourceA
D3DX10CreateTextureFromResourceW
D3DX10CreateThreadPump
D3DX10FilterTexture
D3DX10GetFeatureLevel1
D3DX10GetImageInfoFromFileA
D3DX10GetImageInfoFromFileW
D3DX10GetImageInfoFromMemory
D3DX10GetImageInfoFromResourceA
D3DX10GetImageInfoFromResourceW
D3DX10LoadTextureFromTexture
D3DX10PreprocessShaderFromFileA
D3DX10PreprocessShaderFromFileW
D3DX10PreprocessShaderFromMemory
D3DX10PreprocessShaderFromResourceA
D3DX10PreprocessShaderFromResourceW
D3DX10SHProjectCubeMap
D3DX10SaveTextureToFileA
D3DX10SaveTextureToFileW
D3DX10SaveTextureToMemory
D3DX10UnsetAllDeviceObjects
D3DXBoxBoundProbe
D3DXColorAdjustContrast
D3DXColorAdjustSaturation
D3DXComputeBoundingBox
D3DXComputeBoundingSphere
D3DXCpuOptimizations
D3DXCreateMatrixStack
D3DXFloat16To32Array
D3DXFloat32To16Array
D3DXFresnelTerm
D3DXIntersectTri
D3DXMatrixAffineTransformation
D3DXMatrixAffineTransformation2D
D3DXMatrixDecompose
D3DXMatrixDeterminant
D3DXMatrixInverse
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixMultiply
D3DXMatrixMultiplyTranspose
D3DXMatrixOrthoLH
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXMatrixOrthoRH
D3DXMatrixPerspectiveFovLH
D3DXMatrixPerspectiveFovRH
D3DXMatrixPerspectiveLH
D3DXMatrixPerspectiveOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXMatrixPerspectiveRH
D3DXMatrixReflect
D3DXMatrixRotationAxis
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixScaling
D3DXMatrixShadow
D3DXMatrixTransformation
D3DXMatrixTransformation2D
D3DXMatrixTranslation
D3DXMatrixTranspose
D3DXPlaneFromPointNormal
D3DXPlaneFromPoints
D3DXPlaneIntersectLine
D3DXPlaneNormalize
D3DXPlaneTransform
D3DXPlaneTransformArray
D3DXQuaternionBaryCentric
D3DXQuaternionExp
D3DXQuaternionInverse
D3DXQuaternionLn
D3DXQuaternionMultiply
D3DXQuaternionNormalize
D3DXQuaternionRotationAxis
D3DXQuaternionRotationMatrix
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionSlerp
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXQuaternionToAxisAngle
D3DXSHAdd
D3DXSHDot
D3DXSHEvalConeLight
D3DXSHEvalDirection
D3DXSHEvalDirectionalLight
D3DXSHEvalHemisphereLight
D3DXSHEvalSphericalLight
D3DXSHMultiply2
D3DXSHMultiply3
D3DXSHMultiply4
D3DXSHMultiply5
D3DXSHMultiply6
D3DXSHRotate
D3DXSHRotateZ
D3DXSHScale
D3DXSphereBoundProbe
D3DXVec2BaryCentric
D3DXVec2CatmullRom
D3DXVec2Hermite
D3DXVec2Normalize
D3DXVec2Transform
D3DXVec2TransformArray
D3DXVec2TransformCoord
D3DXVec2TransformCoordArray
D3DXVec2TransformNormal
D3DXVec2TransformNormalArray
D3DXVec3BaryCentric
D3DXVec3CatmullRom
D3DXVec3Hermite
D3DXVec3Normalize
D3DXVec3Project
D3DXVec3ProjectArray
D3DXVec3Transform
D3DXVec3TransformArray
D3DXVec3TransformCoord
D3DXVec3TransformCoordArray
D3DXVec3TransformNormal
D3DXVec3TransformNormalArray
D3DXVec3Unproject
D3DXVec3UnprojectArray
D3DXVec4BaryCentric
D3DXVec4CatmullRom
D3DXVec4Cross
D3DXVec4Hermite
D3DXVec4Normalize
D3DXVec4Transform
D3DXVec4TransformArray

Sections

.text
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d3dx10_40_x86.cat
d3dx10_40_x86.inf
d3dx10_40_x86_xp.inf
$PLUGINSDIR/OCT2006_XACT_x64.cab
.cab
infinst.exe
.exe windows:5 windows x64 arch:x64

6668c9525ad04c4190169dc04fde550d

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

16:ea:8d:6d:c9:eb:5a:c1:f5:96:aa:39:1d:0c:d2:17:1f:f8:1a:8f
Signer

Actual PE Digest

16:ea:8d:6d:c9:eb:5a:c1:f5:96:aa:39:1d:0c:d2:17:1f:f8:1a:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

infinst.pdb

Imports

kernel32

OutputDebugStringA
GetWindowsDirectoryA
GetLastError
LocalFree
FormatMessageA
CompareStringA
CloseHandle
CreateFileA
lstrlenA
GetPrivateProfileStringA
FindClose
FindFirstFileA
MoveFileExA
CopyFileA
GetCurrentDirectoryA
GetModuleFileNameA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetLocalTime
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
Sleep
SetFilePointer
SetStdHandle
FlushFileBuffers
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile
ReadFile
GetLocaleInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery

user32

CharNextA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupOpenInfFileA
SetupOpenFileQueue
SetupInstallFromInfSectionA
SetupCloseFileQueue
SetupCloseInfFile
SetupCopyOEMInfA
SetupDiDestroyDeviceInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDefaultQueueCallbackA

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
oct2006_xact_x64.inf
x3daudio1_1.dll
.dll windows:5 windows x64 arch:x64

01dbb721ad8b0aa287d0e6cb37b97382

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:2b:fc:2c:be:00:d2:f9:f0:2d:7a:31:b3:c6:e8:cc:c4:87:22:77
Signer

Actual PE Digest

6e:2b:fc:2c:be:00:d2:f9:f0:2d:7a:31:b3:c6:e8:cc:c4:87:22:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

X3DAudio1_1.pdb

Imports

msvcrt

tan
sinf
sin
sqrt
_initterm
cosf
malloc
acosf
free
atan2f

kernel32

Sleep
DisableThreadLibraryCalls

Exports

Exports

X3DAudioCalculate
X3DAudioInitialize

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xact2_4_x64.cat
xact2_4_x64.inf
xactengine2_4.dll
.dll regsvr32 windows:5 windows x64 arch:x64

3147d87c4ac86651dd64144caf571a01

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:dc:1b:f2:2f:80:6a:e0:b0:48:15:06:37:08:c0:fa:08:96:69:14
Signer

Actual PE Digest

08:dc:1b:f2:2f:80:6a:e0:b0:48:15:06:37:08:c0:fa:08:96:69:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

XactEngine2_4.pdb

Imports

msvcrt

_controlfp
cos
_initterm
sinf
cosf
sqrtf
memset
sin
powf
pow
log10
memcmp
??2@YAPEAX_K@Z
acosf
memcpy
atan2f
floorf
_purecall
free
malloc
??3@YAXPEAX@Z
sqrt
_aligned_malloc
_aligned_free
_vsnwprintf
_isnan
tan

kernel32

ReleaseSemaphore
CreateSemaphoreW
HeapSize
GetSystemInfo
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
lstrcmpW
__C_specific_handler
CreateEventW
DisableThreadLibraryCalls
GetLastError
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
GetTickCount
QueryPerformanceCounter
SetThreadPriority
GetProcessHeap
GetCurrentThreadId
HeapAlloc
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceFrequency
GetOverlappedResult
ReadFile
WaitForMultipleObjects
CloseHandle
WaitForSingleObject
SetEvent
CreateThread
CreateEventA
Sleep
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SwitchToThread
HeapFree

rpcrt4

RpcStringFreeA
UuidToStringA

ole32

PropVariantClear
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CLSIDFromString

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA

user32

GetDesktopWindow

winmm

timeEndPeriod
timeBeginPeriod

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 115B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OCT2006_XACT_x86.cab
.cab
oct2006_xact_x86.inf
x3daudio1_1.dll
.dll windows:5 windows x86 arch:x86

9c6625d43656449d2c5b879dc74321e3

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b2:2b:d9:a2:23:a6:40:1b:ee:29:09:ad:5c:d8:97:f3:2d:d5:58:04
Signer

Actual PE Digest

b2:2b:d9:a2:23:a6:40:1b:ee:29:09:ad:5c:d8:97:f3:2d:d5:58:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

X3DAudio1_1.pdb

Imports

msvcrt

_adjust_fdiv
_initterm
free
malloc
_CIacos

kernel32

Sleep
DisableThreadLibraryCalls

Exports

Exports

_X3DAudioCalculate@20
_X3DAudioInitialize@12

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xact2_4_x86.cat
xact2_4_x86.inf
xactengine2_4.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0041cf3abe8dce5f52586c3e79bd0948

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

62:63:5b:a4:5e:d4:a2:6a:44:ff:7e:da:f3:4a:c0:64:04:c0:2c:9c
Signer

Actual PE Digest

62:63:5b:a4:5e:d4:a2:6a:44:ff:7e:da:f3:4a:c0:64:04:c0:2c:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

XactEngine2_4.pdb

Imports

msvcrt

??2@YAPAXI@Z
_controlfp
_except_handler3
_adjust_fdiv
floor
wcslen
_initterm
_vsnwprintf
_CIpow
_purecall
free
malloc
??3@YAXPAX@Z
_isnan
_aligned_malloc
_aligned_free
_CIacos

kernel32

CreateEventW
ReleaseSemaphore
CreateSemaphoreW
HeapSize
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetLastError
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
GetTickCount
QueryPerformanceCounter
HeapFree
GetProcessHeap
InterlockedCompareExchange
GetCurrentThreadId
HeapAlloc
InitializeCriticalSection
DeleteCriticalSection
GetOverlappedResult
ReadFile
InterlockedExchange
WaitForMultipleObjects
CloseHandle
WaitForSingleObject
SetEvent
CreateThread
CreateEventA
Sleep
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemInfo
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
lstrcmpW
SetThreadPriority
SwitchToThread
QueryPerformanceFrequency
GetCurrentProcess

rpcrt4

RpcStringFreeA
UuidToStringA

ole32

PropVariantClear
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CLSIDFromString

advapi32

RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

user32

GetDesktopWindow

winmm

timeEndPeriod
timeBeginPeriod

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Oct2005_xinput_x64.cab
.cab
infinst.exe
.exe windows:5 windows x64 arch:x64

6668c9525ad04c4190169dc04fde550d

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

17:3f:0b:81:95:36:9f:6b:6a:c6:0a:16:77:a0:3b:6c:07:9a:00:49
Signer

Actual PE Digest

17:3f:0b:81:95:36:9f:6b:6a:c6:0a:16:77:a0:3b:6c:07:9a:00:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

infinst.pdb

Imports

kernel32

OutputDebugStringA
GetWindowsDirectoryA
GetLastError
LocalFree
FormatMessageA
CompareStringA
CloseHandle
CreateFileA
lstrlenA
GetPrivateProfileStringA
FindClose
FindFirstFileA
MoveFileExA
CopyFileA
GetCurrentDirectoryA
GetModuleFileNameA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetLocalTime
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
Sleep
SetFilePointer
SetStdHandle
FlushFileBuffers
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile
ReadFile
GetLocaleInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery

user32

CharNextA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupOpenInfFileA
SetupOpenFileQueue
SetupInstallFromInfSectionA
SetupCloseFileQueue
SetupCloseInfFile
SetupCopyOEMInfA
SetupDiDestroyDeviceInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDefaultQueueCallbackA

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
oct2005_xinput_x64.inf
xinput9_1_0.dll
.dll windows:5 windows x64 arch:x64

fa42dfa17b7e153d70b62168803a5c20

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

85:72:61:b7:bd:f9:41:e9:8a:08:56:4f:91:3a:b5:5a:5c:34:3a:a9
Signer

Actual PE Digest

85:72:61:b7:bd:f9:41:e9:8a:08:56:4f:91:3a:b5:5a:5c:34:3a:a9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

XInput9_1_0.pdb

Imports

ntdll

RtlPcToFileHeader
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

CloseHandle
LocalFree
DuplicateHandle
GetCurrentProcess
LocalAlloc
LoadLibraryW
FreeLibrary
GetProcAddress
GetLastError
CreateFileW
DeviceIoControl
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
ExitProcess
GetModuleHandleA
HeapSetInformation
HeapCreate
HeapDestroy
LeaveCriticalSection
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
EnterCriticalSection
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
WriteFile
RaiseException
Sleep
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
FlushFileBuffers
DeleteCriticalSection
InitializeCriticalSection
SetHandleCount
GetEnvironmentStrings

advapi32

TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
RegSetValueExW
RegCloseKey
GetTraceEnableFlags
RegCreateKeyExW

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

Exports

Exports

DllMain
XInputGetCapabilities
XInputGetDSoundAudioDeviceGuids
XInputGetState
XInputSetState

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 342B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xinput9_1_0_x64.cat
xinput9_1_0_x64.inf
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

f2ac1ab587d5531d5f1bf76c094aef4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalAlloc
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/aa.cab
.cab
D3DCompiler_40.dll
.dll windows:6 windows x86 arch:x86

35b8c0a7c0a05f310fd4dc0f3d466cd4

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:46:40:77:30:b6:a4:d4:6a:1d:d0:2f:f1:ff:25:af:d0:fc:25:da
Signer

Actual PE Digest

42:46:40:77:30:b6:a4:d4:6a:1d:d0:2f:f1:ff:25:af:d0:fc:25:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_40.pdb

Imports

msvcrt

__dllonexit
_lock
_onexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
isspace
_amsg_exit
_initterm
_XcptFilter
_CxxThrowException
memset
memcpy
isxdigit
atof
_strdup
modf
isalnum
_isnan
ceil
_finite
strrchr
_clearfp
_controlfp
_strnicmp
_fpclass
_purecall
getenv
_stricmp
strncmp
setlocale
memmove
qsort
isalpha
toupper
atoi
isdigit
tolower
sscanf
free
malloc
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
_vsnprintf
__CxxFrameHandler
strstr
floor
_CIfmod
_CItanh
_CItan
_CIsinh
_CIsin
_CIlog
_CIpow
_CIexp
_CIsqrt
_CIcosh
_CIcos
_CIatan2
_CIatan
_CIasin
_CIacos

gdi32

DeleteObject

kernel32

GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
UnmapViewOfFile
CloseHandle
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
UnhandledExceptionFilter
GetFullPathNameA
HeapCreate
OutputDebugStringA
LoadLibraryA
GetModuleHandleA
lstrcmpiA
GetEnvironmentVariableA
TlsFree
TlsGetValue
HeapDestroy
TlsSetValue
InterlockedExchange
TlsAlloc
Sleep
InterlockedCompareExchange
GetVersion
GetSystemInfo
GetProcAddress
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
DisableThreadLibraryCalls
VirtualFree
SetUnhandledExceptionFilter

Exports

Exports

D3DCompile
D3DDisassemble
D3DDisassemble10Effect
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DPreprocess
D3DReflect
D3DReturnFailure1
D3DStripShader
DebugSetMute

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nov2008_d3dx10_40_x86.inf
d3dx10_40.dll
.dll windows:6 windows x86 arch:x86

38002bfb317baf0ab2ecb9ab8d6f152f

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:bc:7e:bf:96:3b:74:48:80:8d:a9:26:7c:9d:6c:68:fa:78:0e:b7
Signer

Actual PE Digest

2a:bc:7e:bf:96:3b:74:48:80:8d:a9:26:7c:9d:6c:68:fa:78:0e:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d3dx10_40.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_amsg_exit
_initterm
free
malloc
_XcptFilter
tolower
_stricmp
_CxxThrowException
_isnan
floor
_controlfp
_purecall
_CIatan
_CIcos
_CIasin
_finite
_CIsin
_CIatan2
_CIacos
_CIsqrt
iswspace
iswalpha
iswdigit
iswpunct
memmove
qsort
memset
??2@YAPAXI@Z
memcpy
??3@YAXPAX@Z
_vsnprintf
__CxxFrameHandler

gdi32

CreateDIBSection
GetCharacterPlacementA
GetCharacterPlacementW
SetTextColor
DeleteDC
DeleteObject
SelectObject
GetGlyphOutlineA
GetTextMetricsA
GetObjectW
GetObjectA
SetBkMode
GetTextMetricsW
GetFontLanguageInfo
CreateFontIndirectA
CreateFontIndirectW
SetTextAlign
SetMapMode
CreateCompatibleDC
ExtTextOutA
MoveToEx
ExtTextOutW
TranslateCharsetInfo
SetBkColor

kernel32

IsProcessorFeaturePresent
MultiByteToWideChar
CreateFileA
GetFileSizeEx
ReadFile
WideCharToMultiByte
GetFullPathNameA
GetModuleHandleA
FreeLibrary
GetCurrentProcess
GetProcessAffinityMask
CreateThread
InterlockedIncrement
Sleep
WaitForSingleObject
InterlockedDecrement
DebugBreak
CreateFileW
ReleaseSemaphore
ReleaseMutex
CloseHandle
CreateSemaphoreA
CreateMutexA
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
GetVersion
GetProcAddress
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
GetModuleFileNameA
InterlockedExchange
InterlockedCompareExchange
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetLastError
LockResource
FindResourceW
LoadResource
SizeofResource
FindResourceA
WaitForMultipleObjects

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

ole32

CreateStreamOnHGlobal

Exports

Exports

D3DX10CheckVersion
D3DX10CompileFromFileA
D3DX10CompileFromFileW
D3DX10CompileFromMemory
D3DX10CompileFromResourceA
D3DX10CompileFromResourceW
D3DX10ComputeNormalMap
D3DX10CreateAsyncCompilerProcessor
D3DX10CreateAsyncEffectCreateProcessor
D3DX10CreateAsyncEffectPoolCreateProcessor
D3DX10CreateAsyncFileLoaderA
D3DX10CreateAsyncFileLoaderW
D3DX10CreateAsyncMemoryLoader
D3DX10CreateAsyncResourceLoaderA
D3DX10CreateAsyncResourceLoaderW
D3DX10CreateAsyncShaderPreprocessProcessor
D3DX10CreateAsyncShaderResourceViewProcessor
D3DX10CreateAsyncTextureInfoProcessor
D3DX10CreateAsyncTextureProcessor
D3DX10CreateDevice
D3DX10CreateDeviceAndSwapChain
D3DX10CreateEffectFromFileA
D3DX10CreateEffectFromFileW
D3DX10CreateEffectFromMemory
D3DX10CreateEffectFromResourceA
D3DX10CreateEffectFromResourceW
D3DX10CreateEffectPoolFromFileA
D3DX10CreateEffectPoolFromFileW
D3DX10CreateEffectPoolFromMemory
D3DX10CreateEffectPoolFromResourceA
D3DX10CreateEffectPoolFromResourceW
D3DX10CreateFontA
D3DX10CreateFontIndirectA
D3DX10CreateFontIndirectW
D3DX10CreateFontW
D3DX10CreateMesh
D3DX10CreateShaderResourceViewFromFileA
D3DX10CreateShaderResourceViewFromFileW
D3DX10CreateShaderResourceViewFromMemory
D3DX10CreateShaderResourceViewFromResourceA
D3DX10CreateShaderResourceViewFromResourceW
D3DX10CreateSkinInfo
D3DX10CreateSprite
D3DX10CreateTextureFromFileA
D3DX10CreateTextureFromFileW
D3DX10CreateTextureFromMemory
D3DX10CreateTextureFromResourceA
D3DX10CreateTextureFromResourceW
D3DX10CreateThreadPump
D3DX10FilterTexture
D3DX10GetFeatureLevel1
D3DX10GetImageInfoFromFileA
D3DX10GetImageInfoFromFileW
D3DX10GetImageInfoFromMemory
D3DX10GetImageInfoFromResourceA
D3DX10GetImageInfoFromResourceW
D3DX10LoadTextureFromTexture
D3DX10PreprocessShaderFromFileA
D3DX10PreprocessShaderFromFileW
D3DX10PreprocessShaderFromMemory
D3DX10PreprocessShaderFromResourceA
D3DX10PreprocessShaderFromResourceW
D3DX10SHProjectCubeMap
D3DX10SaveTextureToFileA
D3DX10SaveTextureToFileW
D3DX10SaveTextureToMemory
D3DX10UnsetAllDeviceObjects
D3DXBoxBoundProbe
D3DXColorAdjustContrast
D3DXColorAdjustSaturation
D3DXComputeBoundingBox
D3DXComputeBoundingSphere
D3DXCpuOptimizations
D3DXCreateMatrixStack
D3DXFloat16To32Array
D3DXFloat32To16Array
D3DXFresnelTerm
D3DXIntersectTri
D3DXMatrixAffineTransformation
D3DXMatrixAffineTransformation2D
D3DXMatrixDecompose
D3DXMatrixDeterminant
D3DXMatrixInverse
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixMultiply
D3DXMatrixMultiplyTranspose
D3DXMatrixOrthoLH
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXMatrixOrthoRH
D3DXMatrixPerspectiveFovLH
D3DXMatrixPerspectiveFovRH
D3DXMatrixPerspectiveLH
D3DXMatrixPerspectiveOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXMatrixPerspectiveRH
D3DXMatrixReflect
D3DXMatrixRotationAxis
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixScaling
D3DXMatrixShadow
D3DXMatrixTransformation
D3DXMatrixTransformation2D
D3DXMatrixTranslation
D3DXMatrixTranspose
D3DXPlaneFromPointNormal
D3DXPlaneFromPoints
D3DXPlaneIntersectLine
D3DXPlaneNormalize
D3DXPlaneTransform
D3DXPlaneTransformArray
D3DXQuaternionBaryCentric
D3DXQuaternionExp
D3DXQuaternionInverse
D3DXQuaternionLn
D3DXQuaternionMultiply
D3DXQuaternionNormalize
D3DXQuaternionRotationAxis
D3DXQuaternionRotationMatrix
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionSlerp
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXQuaternionToAxisAngle
D3DXSHAdd
D3DXSHDot
D3DXSHEvalConeLight
D3DXSHEvalDirection
D3DXSHEvalDirectionalLight
D3DXSHEvalHemisphereLight
D3DXSHEvalSphericalLight
D3DXSHMultiply2
D3DXSHMultiply3
D3DXSHMultiply4
D3DXSHMultiply5
D3DXSHMultiply6
D3DXSHRotate
D3DXSHRotateZ
D3DXSHScale
D3DXSphereBoundProbe
D3DXVec2BaryCentric
D3DXVec2CatmullRom
D3DXVec2Hermite
D3DXVec2Normalize
D3DXVec2Transform
D3DXVec2TransformArray
D3DXVec2TransformCoord
D3DXVec2TransformCoordArray
D3DXVec2TransformNormal
D3DXVec2TransformNormalArray
D3DXVec3BaryCentric
D3DXVec3CatmullRom
D3DXVec3Hermite
D3DXVec3Normalize
D3DXVec3Project
D3DXVec3ProjectArray
D3DXVec3Transform
D3DXVec3TransformArray
D3DXVec3TransformCoord
D3DXVec3TransformCoordArray
D3DXVec3TransformNormal
D3DXVec3TransformNormalArray
D3DXVec3Unproject
D3DXVec3UnprojectArray
D3DXVec4BaryCentric
D3DXVec4CatmullRom
D3DXVec4Cross
D3DXVec4Hermite
D3DXVec4Normalize
D3DXVec4Transform
D3DXVec4TransformArray

Sections

.text
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d3dx10_40_x86.cat
d3dx10_40_x86.inf
d3dx10_40_x86_xp.inf
$PLUGINSDIR/amd_pcibus_15.20.0.0000_w1064.zip
.zip
$PLUGINSDIR/cleaneng.dll
.dll windows:5 windows x64 arch:x64

71896ad2cc0ba2ef7b6503d6a43218a9

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:ab:79:f2:98:a4:c1:8e:81:cb:7f:9f:90:99:55:fc
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

20/02/2024, 00:00

Not After

19/02/2027, 23:59

Subject

SERIALNUMBER=91110105MA005CH48R,CN=北京火绒网络科技有限公司,O=北京火绒网络科技有限公司,ST=Beijing Shi,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:bb:39:bf:ee:9e:9d:7c:09:29:db:37:ec:8f:fa:81:91:93:50:61:ec:04:c6:61:d8:b1:f0:ef:33:ea:c1:a3
Signer

Actual PE Digest

5a:bb:39:bf:ee:9e:9d:7c:09:29:db:37:ec:8f:fa:81:91:93:50:61:ec:04:c6:61:d8:b1:f0:ef:33:ea:c1:a3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\docker\Documents\workspace\build-v2\common\hr_sysdiag-app-60\bin\x64\cleaneng.pdb

Imports

kernel32

GetProcessHeap
GetEnvironmentVariableW
GetLogicalDriveStringsA
GetDriveTypeA
GetModuleHandleW
GetLastError
GetSystemTimeAsFileTime
FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
GetFileTime
GetFileAttributesW
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
LoadLibraryW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
GetNativeSystemInfo
GetVersionExW
GetFullPathNameW
SearchPathW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ReadFile
SetFilePointer
HeapAlloc
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
ResumeThread
CreateThread
SuspendThread
DecodePointer
CompareFileTime
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
InitializeCriticalSectionAndSpinCount
IsBadReadPtr
SearchPathA
GetSystemInfo
LoadLibraryA
CreateFileW
ExpandEnvironmentStringsA
VirtualProtect
GetVersion
GetProcAddress
GetModuleHandleA
GetTickCount
WideCharToMultiByte
DeleteCriticalSection
LocalFree
GetWindowsDirectoryW
CloseHandle
Sleep
MultiByteToWideChar
OpenProcess
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetLongPathNameW
CreateToolhelp32Snapshot
EnterCriticalSection
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadConsoleW
SetFilePointerEx
OutputDebugStringA
GetConsoleMode
GetConsoleCP
WriteFile
GetFileType
GetStdHandle
GetACP
GetCurrentThread
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
FreeLibrary
RtlUnwindEx
RtlPcToFileHeader
OutputDebugStringW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
GetCPInfo
EncodePointer
GetStringTypeW
FormatMessageW
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent

user32

UnregisterClassW
GetWindowThreadProcessId
EnumWindowStationsA
GetWindowRect
IsWindowVisible
CloseWindowStation
EnumDesktopsA
CloseDesktop
OpenWindowStationA
OpenDesktopA
GetParent
EnumDesktopWindows

advapi32

RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
BuildExplicitAccessWithNameA
SetSecurityDescriptorDacl
SetEntriesInAclA
GetSecurityDescriptorDacl
RegGetKeySecurity
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetKeySecurity
RegSetValueExW
RegSetValueExA
RegLoadKeyA
InitializeSecurityDescriptor
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegSaveKeyA
RegQueryValueExW
RegEnumKeyExA
RegCloseKey
OpenProcessToken
ConvertSidToStringSidW
RegOpenKeyW
GetTokenInformation
RegEnumValueW

shell32

SHGetDesktopFolder
SHEmptyRecycleBinW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

oleaut32

VariantChangeType

libxsse

ord10
ord30
ord2

shlwapi

PathIsDirectoryEmptyW
PathIsDirectoryW
PathFileExistsW
StrRetToStrW

sfc

SfcIsFileProtected

msi

ord70

psapi

GetProcessImageFileNameW

sqlite

sqlite3_exec
sqlite3_busy_timeout
sqlite3_open
sqlite3_db_mutex
sqlite3_prepare_v2
sqlite3_step
sqlite3_column_int
sqlite3_finalize
sqlite3_mutex_leave
sqlite3_close_v2
sqlite3_mutex_enter

jansson

json_object_get
json_load_callback
json_loadb
json_array
json_object
json_delete
json_integer_value
json_array_size
json_object_iter
json_object_iter_key
json_array_get
json_object_iter_next
json_unpack
json_deep_copy
json_string_value
json_object_size
json_object_iter_value
json_array_append_new
json_object_set_new
json_array_extend
json_dumps
json_dumps_free
json_string
json_integer
json_pack
json_object_key_to_iter

Exports

Exports

??4CCleanHelper@@QEAAAEAV0@$$QEAV0@@Z
??4CCleanHelper@@QEAAAEAV0@AEBV0@@Z
?DeleteFileEx@CCleanHelper@@SAHPEB_WH@Z
?DeleteFileW@CCleanHelper@@SAHPEB_W@Z
?ExpandInstallLocation@CCleanHelper@@SAHAEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PEB_W@Z
?ExpandInternalPath@CCleanHelper@@SAHAEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?FindProcess@CCleanHelper@@SAKPEB_W@Z
?FindProcessModules@CCleanHelper@@SAHKPEB_W@Z
?GetDescriptionFromLnkFile@CCleanHelper@@SAHPEB_WAEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?GetFileAttributesW@CCleanHelper@@SAKPEB_W@Z
?GetFileSize@CCleanHelper@@SA_KPEB_W@Z
?GetFolderPath@CCleanHelper@@SAHHAEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?GetFolderSize@CCleanHelper@@SA_KPEB_WH@Z
?GetLinkTarget@CCleanHelper@@SAHPEB_WPEA_W_K@Z
?GetPathByIniFile@CCleanHelper@@SAHPEAUjson_t@@PEB_WAEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?GetPathByJSONValue@CCleanHelper@@SAHPEAUjson_t@@PEB_WAEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?GetPathByRegValue@CCleanHelper@@SAHPEAUjson_t@@AEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@H@Z
?GetPathByRootReg@CCleanHelper@@SAPEB_WPEAUHKEY__@@@Z
?GetPathByXMLValue@CCleanHelper@@SAHPEAUjson_t@@PEB_WAEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?GetRegKeyByPath@CCleanHelper@@SAPEAUHKEY__@@PEB_WK@Z
?GetShortcutTargetPath@CCleanHelper@@SAHPEB_WPEA_W_K@Z
?GetSpecialFolderPath@CCleanHelper@@SAHPEB_WAEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?GetWildDirectoryDepth@CCleanHelper@@SAHPEB_WAEAH@Z
?InitRule@CCleanHelper@@SAPEAUjson_t@@PEBD0@Z
?InitShareddllWhitelist@CCleanHelper@@SAXAEAV?$CSimpleArray@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@V?$CSimpleArrayEqualHelper@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@2@@ATL@@@Z
?InitSpecialFolderSet@CCleanHelper@@CAXXZ
?IsDirectoryEmpty@CCleanHelper@@SAHPEB_W@Z
?IsDriverRootPath@CCleanHelper@@SAHPEB_W@Z
?IsExclusive@CCleanHelper@@SAHPEB_W@Z
?IsFreshFile@CCleanHelper@@SAHU_FILETIME@@@Z
?IsLnkFileInvalid@CCleanHelper@@SA_NPEB_W@Z
?IsOSx64@CCleanHelper@@SAHXZ
?IsShareddllWhitelist@CCleanHelper@@SAHAEAV?$CSimpleArray@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@V?$CSimpleArrayEqualHelper@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@2@@ATL@@PEB_W@Z
?IsSpecialFolder@CCleanHelper@@SAHPEB_W@Z
?IsWin8AndLaterOs@CCleanHelper@@SAHXZ
?IsXpOs@CCleanHelper@@SAHXZ
?ListDirectory@CCleanHelper@@SAHPEB_WAEAV?$list@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@V?$allocator@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@std@@@std@@K@Z
?ProcessExists@CCleanHelper@@SAHPEB_W@Z
?ReFindFirstFile@CCleanHelper@@SAPEAXPEB_WPEAU_WIN32_FIND_DATAW@@@Z
?ReFindNextFile@CCleanHelper@@SAHPEAXPEAU_WIN32_FIND_DATAW@@@Z
?ReGetFileDirectory@CCleanHelper@@SAHAEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?ReGetFullPathName@CCleanHelper@@SAHAEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?RePathFileExists@CCleanHelper@@SAHPEB_W@Z
?RePathWithExtExists@CCleanHelper@@SAHPEB_W@Z
?ReSearchPathExists@CCleanHelper@@SAHPEB_WAEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?ReadSubDirectory@CCleanHelper@@SAHPEB_W0AEAV?$list@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@V?$allocator@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@std@@@std@@@Z
?RemoveDirectoryEx@CCleanHelper@@SA_KPEB_WH@Z
?RemoveDirectoryW@CCleanHelper@@SAHPEB_W@Z
?RemoveParameters@CCleanHelper@@SAXAEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?RemoveRegKey@CCleanHelper@@SA_JPEB_W@Z
?RemoveRegValue@CCleanHelper@@SA_JPEB_W0@Z
?ReplaceEnvString@CCleanHelper@@SAXAEAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?SHCreateItemFromParsingName@CCleanHelper@@SAJPEB_WPEAUIBindCtx@@AEBU_GUID@@PEAPEAX@Z
?SQLitDBExecute@CCleanHelper@@SAHPEB_WPEAUjson_t@@@Z
?SQLitDBQuery@CCleanHelper@@SA_KPEB_WPEAUjson_t@@@Z
?SetFileAttributesW@CCleanHelper@@SAHPEB_WK@Z
?SfcIsKeyProtected@CCleanHelper@@SAHPEAUHKEY__@@PEB_WK@Z
?SkipUNCPath@CCleanHelper@@SA_NPEB_W@Z
?UnpinStartMenuItem@CCleanHelper@@SAHPEB_W@Z
?m_bSpecialInited@CCleanHelper@@0_NA
?m_pSetSpecialFolder@CCleanHelper@@0PEAV?$set@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@U?$less@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@std@@V?$allocator@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@4@@std@@EA
SysCleanCleanTask
SysCleanScanTask

Sections

.text
Size: 740KB - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/daemon.dll
.dll windows:5 windows x64 arch:x64

35b97d937fafdab72f3fa54e0ce430c1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:ab:79:f2:98:a4:c1:8e:81:cb:7f:9f:90:99:55:fc
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

20/02/2024, 00:00

Not After

19/02/2027, 23:59

Subject

SERIALNUMBER=91110105MA005CH48R,CN=北京火绒网络科技有限公司,O=北京火绒网络科技有限公司,ST=Beijing Shi,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8d:88:7f:10:55:0d:af:a8:00:f3:e6:34:06:ce:70:49:ba:1f:b7:a3:6d:5c:bc:7b:68:cb:36:72:83:ec:a7:f1
Signer

Actual PE Digest

8d:88:7f:10:55:0d:af:a8:00:f3:e6:34:06:ce:70:49:ba:1f:b7:a3:6d:5c:bc:7b:68:cb:36:72:83:ec:a7:f1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\git_space\hr_sysdiag-fund\bin\x64\daemon.pdb

Imports

kernel32

SetThreadPriority
GetQueuedCompletionStatus
WaitForSingleObject
PostQueuedCompletionStatus
CreateEventW
GetLastError
SetEvent
GetCurrentThread
CreateThread
SystemTimeToFileTime
GetSystemTime
CreateIoCompletionPort
GetLongPathNameA
IsBadReadPtr
DisableThreadLibraryCalls
OutputDebugStringW
OutputDebugStringA
HeapSize
FlushFileBuffers
WriteConsoleW
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SearchPathA
GetSystemInfo
LoadLibraryA
CreateFileW
VirtualProtect
GetVersion
GetProcAddress
GetModuleHandleA
GetTickCount
WideCharToMultiByte
DeleteCriticalSection
LocalFree
GetWindowsDirectoryW
CloseHandle
Sleep
MultiByteToWideChar
OpenProcess
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetLongPathNameW
EnterCriticalSection
GetFileAttributesA
GetPrivateProfileStringA
ExpandEnvironmentStringsA
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
WaitForSingleObjectEx
FindClose
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetFilePointerEx
GetFileType
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
ReadFile
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleCP
HeapFree
HeapAlloc
GetStringTypeW
GetACP
GetStdHandle
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW

user32

CloseDesktop
GetParent
EnumDesktopWindows
OpenDesktopA
OpenWindowStationA
CloseWindowStation
IsWindowVisible
GetWindowRect
EnumWindowStationsA
GetWindowThreadProcessId
EnumDesktopsA

advapi32

SetSecurityDescriptorDacl
SetEntriesInAclA
GetSecurityDescriptorDacl
RegGetKeySecurity
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetKeySecurity
RegSetValueExW
RegSetValueExA
RegLoadKeyA
InitializeSecurityDescriptor
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegSaveKeyA
RegQueryValueExW
RegEnumKeyExA
RegCloseKey
OpenProcessToken
ConvertSidToStringSidW
RegOpenKeyW
GetTokenInformation
BuildExplicitAccessWithNameA

uactmon

ord102
ord105
ord100
ord5
ord101
ord4
ord30
ord2
ord103
ord1

usysdiag

vif_sysutils_get
vif_assist_get
vif_iokit_get
vif_get

Exports

Exports

daemon_alloc
daemon_class_register
dispent_alloc
dispent_bind_daemon
dispent_free
dispent_get_daemon
dispent_kill_task_group
dispent_resume_task_group
dispent_suspend_task_group
dispent_template_register
task_get
task_put
tasks_lock
tasks_unlock

Sections

.text
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/dxdllreg_x86.cab
.cab
$PLUGINSDIR/lan_realtek_10.043.0723.2020_w1064.zip
.zip
$PLUGINSDIR/mmmmmmmmm.7z
.7z
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

f03b2bab186574d8892d3d73fa9fd3fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
lstrcpyA
GetCurrentDirectoryA
HeapFree
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
GetProcessHeap

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
MapWindowPoints
GetWindowLongA
DrawTextA
GetClientRect
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
RemovePropA
DrawFocusRect
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsUnzip.dll
.dll windows:4 windows x86 arch:x86

f61b492d16b51856da71c9a124fee190

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
InterlockedExchange
CreateMutexA
GetDriveTypeA
GetVolumeInformationA
LeaveCriticalSection
EnterCriticalSection
lstrlenA
FindFirstFileA
FindNextFileA
FindClose
GetVersion
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEndOfFile
SetFilePointer
CreateFileA
GetFullPathNameA
GetLocaleInfoA
DosDateTimeToFileTime
SetFileAttributesA
GetFileAttributesA
GetFileTime
SetVolumeLabelA
GetCurrentDirectoryA
DeleteFileA
CreateDirectoryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
HeapSize
LoadLibraryA
ReadFile
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
CloseHandle
GlobalUnlock
GlobalLock
lstrcpyA
lstrcmpA
lstrcmpiA
GlobalFree
GlobalAlloc
lstrcpynA
SetFileTime
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
HeapReAlloc
MultiByteToWideChar
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RtlUnwind
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetTimeZoneInformation
GetACP
GetOEMCP
WriteFile
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
VirtualProtect
GetSystemInfo
VirtualQuery
SetEnvironmentVariableW

user32

OemToCharA
CharToOemA
wsprintfA
DialogBoxParamA
GetDlgItem
SetWindowTextA
SetDlgItemTextA
SendMessageA
EnableWindow
GetWindowTextLengthA
GetWindowTextA
EndDialog
CharUpperA

advapi32

GetSecurityDescriptorControl
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup

Exports

Exports

Extract
GetPassword

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App.dat
Work7.zip
.zip
hello.zip
.zip

Sharing

General

Malware Config

Signatures

Files

29b61e5a552b3a9bc00953de1c93be41

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 108KB

.ndata Size: - Virtual size: 60KB

.rsrc Size: 209KB - Virtual size: 209KB

5cee0b3174abcd8ab839754d43c5a256

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

42:95:c3:38:0c:2a:c4:77:b4:89:18:94:c0:f7:79:34:b8:e0:14:a4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 480B

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 512B - Virtual size: 120B

b22a4f669312ee374cb26a4eb9e4098a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

version

setupapi

Sections

.text Size: 63KB - Virtual size: 63KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 668B

e9d6079c3793a081c1517212a078112f

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 108KB

.ndata
Size: - Virtual size: 60KB

.rsrc
Size: 209KB - Virtual size: 209KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

42:95:c3:38:0c:2a:c4:77:b4:89:18:94:c0:f7:79:34:b8:e0:14:a4
Signer

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 480B

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 512B - Virtual size: 120B

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 668B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

7d:ab:79:f2:98:a4:c1:8e:81:cb:7f:9f:90:99:55:fc
Certificate

f7:9e:c5:83:71:48:dd:4c:a2:bd:3d:a9:4d:03:c4:43:1b:fd:5d:07:4e:c1:66:b6:32:10:a9:83:d0:4b:63:8e
Signer

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 160B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 5KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

7d:ab:79:f2:98:a4:c1:8e:81:cb:7f:9f:90:99:55:fc
Certificate

a4:6e:b1:27:8f:a9:21:ab:6b:62:4a:98:da:cb:e1:62:a9:e0:99:f7:34:6c:30:78:41:60:27:51:98:3f:18:ca
Signer

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

.gfids
Size: 512B - Virtual size: 148B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 5KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate