a96a7df114abbd843136da75af12121e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a96a7df114abbd843136da75af12121e_JaffaCakes118
Size

5.6MB
MD5

a96a7df114abbd843136da75af12121e
SHA1

fb07eb7ce3c14353a7d4dcbf8afbf0f463041c83
SHA256

86602d62376f56467bd7ab023acbbfe6c4a371e49c8e9ba62a18c79e19af2302
SHA512

49598ff1db183404759ddd447119ddb7e085fb3fb4cd19b1670a8105438a17c651c097ac38b47b6daa87c2a18f7e025ba098c04271bef31de27b306d7abfaf8b
SSDEEP

98304:7STiPIldmCqdgftcpwRE3mxXMjfBeHIWP2PPThweFsyU9peC4xMpDsA0AY9C:gwdG0w5MfYHIPlFRU90C8MtCAYA

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Viewlet-1.5-Setup-cn.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/Interop.WIA.1.0.dll
unpack002/SnaperHelper.dll
unpack002/Viewlet.exe
unpack002/WiaUtils.dll
unpack002/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/Viewlet-1.5-Setup-cn.exe	nsis_installer_1
static1/unpack001/Viewlet-1.5-Setup-cn.exe	nsis_installer_2
static1/unpack002/uninst.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_2

Files

a96a7df114abbd843136da75af12121e_JaffaCakes118
.rar
Viewlet-1.5-Setup-cn.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$LOCALAPPDATA/3Pi Studio/Viewlet/1.5/Setting/favorites.xml
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/wiaaut.dll
.dll regsvr32 windows:5 windows x86 arch:x86

c4d5288cc0f629fc5c7869b66bfe2953

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
malloc
realloc
free
_vsnwprintf
wcscmp

advapi32

RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

gdi32

CreateDIBSection
DeleteObject
SelectClipRgn
CreateRectRgnIndirect
Rectangle
GetDeviceCaps
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCW
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileW

gdiplus

GdipDeleteGraphics
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertySize
GdipGetAllPropertyItems
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipFree
GdipCloneImage
GdipGetImageDecodersSize
GdipGetImageDecoders
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipAlloc
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipBitmapSetResolution
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipRemovePropertyItem
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipCreateBitmapFromGdiDib
GdipCloneBitmapAreaI
GdipGetImageFlags
GdipGetImageRawFormat
GdipImageRotateFlip
GdipSetPropertyItem
GdipSaveAddImage
GdipCreateHBITMAPFromBitmap
GdipGetImagePixelFormat

kernel32

GetCurrentProcess
FlushInstructionCache
HeapAlloc
GetShortPathNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
DisableThreadLibraryCalls
LoadLibraryW
GetProcAddress
FreeLibrary
HeapDestroy
GetModuleFileNameW
lstrcatW
GetWindowsDirectoryW
CreateMutexW
OpenFileMappingW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
ReleaseMutex
FormatMessageW
LocalAlloc
LocalFree
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetLastError
GetTempFileNameW
GetTempPathW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
CloseHandle
GetFileSize
CreateFileW
lstrlenA
lstrcpyW
GetModuleHandleW
FileTimeToSystemTime
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
WideCharToMultiByte
SystemTimeToFileTime
CopyFileW
WriteFile
CompareStringW
lstrcpynW
GetTickCount
HeapFree
GetProcessHeap
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW

ole32

CoAllowSetForegroundWindow
PropVariantClear
PropVariantCopy
CreateStreamOnHGlobal
CLSIDFromString
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CreateOleAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream

oleaut32

SysAllocStringByteLen
OleCreatePropertyFrame
SysStringByteLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
OleCreatePictureIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantCopy
VariantClear
SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString

shell32

ord155
ord28
ord18

shlwapi

PathFindFileNameW
PathRemoveExtensionW
StrCatW

user32

SetCursor
GetLastActivePopup
SetForegroundWindow
LoadStringW
ReleaseDC
GetDC
GetDesktopWindow
CharUpperBuffW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
DestroyWindow
IsWindow
DefWindowProcW
DrawIcon
LoadIconW
GetWindowThreadProcessId
GetActiveWindow
CharNextW
PtInRect
UnionRect
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
SetWindowLongW
GetWindowLongW
CallWindowProcW
GetKeyState
DestroyAcceleratorTable
InvalidateRect
EndPaint
GetClientRect
BeginPaint
IsChild
GetFocus
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
CreateWindowExW
ShowWindow
SetFocus
GetParent

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Viewlet/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

092eb6daba2f17cbda102fd1a32acd00

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:b4:88:77:65:2e:d1:f9:20:49:04:a3:aa:4d:40:5e:81:0c:7e:15
Signer

Actual PE Digest

8f:b4:88:77:65:2e:d1:f9:20:49:04:a3:aa:4d:40:5e:81:0c:7e:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateFileA
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetCurrentDirectoryA
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
ExpandEnvironmentStringsA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
CloseHandle
DeviceIoControl
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetErrorMode
GetTickCount
CreateDirectoryA
GetLastError
RemoveDirectoryA
MoveFileExA
SetFilePointer
FindClose
ReadFile

msvcrt

strchr
_strnicmp
_stricmp
strrchr
_strlwr
strncpy
strstr
_snprintf
sprintf

advapi32

AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken

user32

ShowWindow
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA

ntdll

NtShutdownSystem
NtAdjustPrivilegesToken
NtClose
NtOpenProcessToken

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.9MB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Changes.txt
Config/config.ini
Config/settings.ini
Interop.WIA.1.0.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Language/Chinese/language.ini
License.txt
SnaperHelper.dll
.dll windows:5 windows x86 arch:x86

56b550a9baa3a1e72a4250646b37c0aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\3PI Studio\Work\azsoft\Viewlet_vc9\src\Release_unicode\SnaperHelper.pdb

Imports

mfc90u

ord374
ord1783
ord1716
ord4664
ord3286
ord3651
ord797
ord595
ord775
ord1938
ord1937
ord2038
ord4000
ord5008
ord6760
ord6577
ord6808
ord5167
ord2904
ord6065
ord340
ord2207
ord5632
ord4630
ord5166
ord5324
ord1810
ord1809
ord1675
ord3353
ord6408
ord1492
ord5653
ord3236
ord4682
ord3498
ord3515
ord4631
ord4043
ord589
ord794
ord4211
ord3670
ord4905
ord3115
ord6018
ord5663
ord5680
ord4996
ord4347
ord2447
ord5676
ord5674
ord3217
ord2087
ord4213
ord5830
ord6741
ord5548
ord2283
ord4179
ord6035
ord2206
ord2251
ord4747
ord6803
ord4173
ord6801
ord4423
ord4448
ord3422
ord2758
ord6372
ord6572
ord6566
ord6574
ord2470
ord6830
ord590
ord795
ord1364
ord1533
ord2154
ord6604
ord1108
ord2069
ord337
ord613
ord2097
ord3637
ord6088
ord3513
ord6174
ord6418
ord5850
ord5863
ord6040
ord5974
ord6101
ord6096
ord6183
ord6547
ord6569
ord4579
ord6060
ord6063
ord4044
ord524
ord744
ord6579
ord464
ord712
ord2495
ord5883
ord1005
ord1039
ord1248
ord3590
ord6131
ord1719
ord3355
ord6411
ord1754
ord1751
ord4345
ord1493
ord4660
ord5602
ord2074
ord5512
ord6800
ord4603
ord5664
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4681
ord3654
ord3589
ord1088
ord321
ord639
ord1137
ord2143
ord2208
ord778
ord799
ord6094
ord6095
ord2593
ord3622
ord6484
ord6527
ord6091
ord1354
ord1353
ord3543
ord2106
ord296
ord600
ord2537
ord1183
ord3486
ord636
ord367
ord1048
ord801
ord605
ord1274
ord1241
ord1239
ord1264
ord1180
ord1233
ord2084
ord391
ord1152
ord1273
ord1271
ord1145
ord1076
ord322
ord802

msvcr90

_except_handler4_common
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_decode_pointer
_lock
_encode_pointer
__dllonexit
_onexit
__CxxFrameHandler3

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
LocalAlloc
LocalFree
Sleep

user32

EnableWindow
InvalidateRect
GetWindowRect
SendMessageW
SetCursorPos
PostMessageW
UnhookWindowsHookEx
InflateRect
SetRect
GetForegroundWindow
GetCursorPos
SetTimer
SetCursor
LoadCursorW
EqualRect
IsRectEmpty
KillTimer
IsWindowVisible
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
EnumWindows
EnumChildWindows
GetParent
PtInRect
GetClientRect
GetSystemMetrics

gdi32

GetMapMode
CreateCompatibleBitmap
BitBlt
GetPixel
Escape
TextOutW
RectVisible
PtVisible
SelectObject
CreateRoundRectRgn
CreateEllipticRgnIndirect
GetBkColor
DPtoLP
GetViewportExtEx
GetWindowExtEx
CreateCompatibleDC
LPtoDP
CreateBitmapIndirect
GetObjectW
ExtTextOutW
GetTextExtentPoint32W
RoundRect
Ellipse
GetStockObject
CreatePen
PatBlt
Rectangle
StretchBlt

winmm

PlaySoundW

Exports

Exports

GetSnapType

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SYSHELP
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Viewers/dsoframer.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

ac5029424c9f1ac0d664a95501997bed

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

31:f5:90:56:3b:01:80:85:14:ce:4b:33:64:9b:94:fb:a6:c3:a6:3f
Signer

Actual PE Digest

31:f5:90:56:3b:01:80:85:14:ce:4b:33:64:9b:94:fb:a6:c3:a6:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
CreateFileA
CreateFileW
MoveFileA
CopyFileA
DeleteFileA
GetFileAttributesA
CopyFileW
DeleteFileW
GetModuleFileNameA
GetModuleFileNameW
SetLastError
FormatMessageA
MulDiv
LoadLibraryA
GetProcAddress
GetTempPathA
lstrcatA
CreateDirectoryA
CompareStringW
CompareStringA
GetACP
WideCharToMultiByte
IsValidCodePage
MultiByteToWideChar
HeapFree
HeapAlloc
HeapCreate
GetVersion
InitializeCriticalSection
DisableThreadLibraryCalls
HeapDestroy
DeleteCriticalSection
GlobalSize
ReadFile
WriteFile
CloseHandle
GetThreadLocale
lstrlenW
Sleep
GetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
lstrcpyA
lstrlenA
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
MoveFileW
InterlockedDecrement
RtlUnwind

user32

UpdateWindow
DefWindowProcW
CallWindowProcA
CallWindowProcW
BringWindowToTop
wsprintfA
RemoveMenu
SetRectEmpty
RegisterClipboardFormatA
LoadImageA
ReleaseDC
GetDC
LoadStringA
DrawTextW
SetTimer
KillTimer
MessageBeep
MessageBoxA
EnableMenuItem
SendMessageA
PostMessageA
CreatePopupMenu
AppendMenuA
MapWindowPoints
TrackPopupMenu
GetSubMenu
GetFocus
GetPropA
PtInRect
ReleaseCapture
SetCapture
DestroyMenu
DrawEdge
GetSysColorBrush
FrameRect
FillRect
DrawIconEx
GetSysColor
DrawTextA
GetMenuItemCount
GetMenuStringA
IsWindowVisible
ShowWindow
SetFocus
IsWindow
GetClassInfoA
RegisterClassA
CreateWindowExA
SetWindowLongA
CopyRect
SetRect
InflateRect
InvalidateRect
GetClientRect
LoadCursorA
SetCursor
RemovePropW
IsWindowUnicode
RemovePropA
SetPropW
SetWindowLongW
SetPropA
GetParent
GetKeyState
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
DestroyWindow
GetWindowRect
SetWindowPos
GetWindowLongA
BeginPaint
EndPaint
DefWindowProcA
GetWindowThreadProcessId
EnumChildWindows
GetCursorPos
InsertMenuA
GetPropW

gdi32

SelectPalette
CreateHalftonePalette
GetDeviceCaps
CreateRectRgnIndirect
RestoreDC
LPtoDP
SetWindowOrgEx
RealizePalette
SaveDC
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileW
CreateCompatibleBitmap
CreateSolidBrush
CreateFontIndirectA
SelectObject
SetBkMode
SetMapMode
SetTextColor
DeleteObject
GetTextExtentPoint32A
CreateCompatibleDC
GetObjectA
StretchBlt
SetViewportOrgEx
DeleteDC
BitBlt

advapi32

RegSetValueExW
RegOpenKeyA
RegQueryValueExW
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegEnumKeyA

ole32

CreateBindCtx
CreateFileMoniker
OleGetAutoConvert
OleDoAutoConvert
StgCreateDocfile
GetClassFile
CoGetClassObject
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CLSIDFromProgID
WriteClassStg
CoDisconnectObject
CoCreateInstance
CreateDataAdviseHolder
CoTaskMemFree
ReadClassStg
StgOpenStorage
StgIsStorageFile
ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID
CLSIDFromString
OleRegEnumFormatEtc
ProgIDFromCLSID

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantInit
OleTranslateColor
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SetErrorInfo
CreateErrorInfo
VariantClear

comdlg32

GetOpenFileNameW
GetSaveFileNameA
GetOpenFileNameA
GetSaveFileNameW

oledlg

ord3
OleUIInsertObjectW

winspool.drv

GetPrinterW
GetPrinterA
OpenPrinterW
OpenPrinterA
ClosePrinter

shell32

DragAcceptFiles
DragQueryFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Viewlet.chm
.chm
Viewlet.exe
.exe windows:5 windows x86 arch:x86

69ab9ce60fb6320b85152ed610243d82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

snaperhelper

GetSnapType

mfc90u

ord933
ord1043
ord1144
ord4519
ord814
ord293
ord4490
ord2479
ord5939
ord939
ord2676
ord899
ord10580
ord1353
ord6091
ord6372
ord6574
ord367
ord636
ord3486
ord2758
ord3953
ord6183
ord525
ord8476
ord9360
ord6942
ord6761
ord3513
ord6174
ord6418
ord5850
ord5863
ord6040
ord5974
ord6101
ord6547
ord6569
ord4579
ord6566
ord6060
ord6572
ord6063
ord2274
ord1665
ord4652
ord3489
ord611
ord3537
ord4398
ord6780
ord4527
ord1533
ord2097
ord6169
ord553
ord757
ord3922
ord4895
ord4031
ord567
ord768
ord1630
ord3060
ord3058
ord4640
ord1052
ord2300
ord763
ord6496
ord6605
ord5624
ord2260
ord5020
ord7638
ord2232
ord3819
ord4727
ord7634
ord4054
ord8713
ord7467
ord10020
ord5371
ord5096
ord4693
ord1440
ord3681
ord5601
ord4378
ord5293
ord5296
ord4800
ord4805
ord4802
ord4820
ord4823
ord4807
ord5209
ord4590
ord5418
ord5224
ord4866
ord4109
ord3500
ord784
ord582
ord712
ord5869
ord8519
ord9411
ord9443
ord12963
ord3687
ord6494
ord3686
ord6075
ord5322
ord4774
ord2483
ord5883
ord5892
ord3590
ord6131
ord480
ord5845
ord1360
ord390
ord652
ord3054
ord6513
ord4485
ord1650
ord4494
ord447
ord699
ord446
ord698
ord3322
ord4476
ord5879
ord2485
ord5896
ord5880
ord4477
ord905
ord443
ord695
ord901
ord5894
ord4099
ord904
ord5918
ord2901
ord6659
ord1102
ord5938
ord7600
ord7629
ord7631
ord7601
ord7612
ord9518
ord6865
ord7160
ord8812
ord9979
ord9998
ord590
ord795
ord10509
ord6866
ord8395
ord10055
ord12999
ord12902
ord10016
ord10008
ord7066
ord12731
ord8366
ord9771
ord8374
ord8190
ord8202
ord12799
ord8346
ord8692
ord8832
ord13123
ord9983
ord4507
ord8708
ord8536
ord1116
ord1220
ord12242
ord8466
ord13255
ord7927
ord7435
ord7030
ord7503
ord6967
ord12864
ord7408
ord7436
ord12896
ord13083
ord12978
ord12929
ord6986
ord13034
ord7027
ord12871
ord12497
ord2600
ord9457
ord2146
ord8428
ord12883
ord8426
ord12055
ord12789
ord9475
ord9478
ord9981
ord9480
ord9476
ord9479
ord13009
ord9477
ord9923
ord9648
ord1145
ord10459
ord1067
ord10471
ord11943
ord7818
ord9776
ord9789
ord12450
ord12420
ord8488
ord12951
ord1138
ord1182
ord4207
ord11883
ord12361
ord7021
ord12868
ord7434
ord12443
ord13238
ord9438
ord12962
ord5930
ord1007
ord5886
ord10438
ord13112
ord11246
ord12981
ord10181
ord8859
ord2496
ord12615
ord9890
ord9963
ord9488
ord12275
ord10009
ord10584
ord5388
ord13285
ord9729
ord2071
ord2652
ord980
ord6382
ord6380
ord3232
ord10224
ord10546
ord5452
ord12116
ord2080
ord1733
ord9664
ord7548
ord11569
ord7851
ord13207
ord11876
ord7426
ord10454
ord11936
ord7541
ord9935
ord12582
ord8811
ord1783
ord1716
ord3651
ord775
ord6697
ord1884
ord3952
ord593
ord796
ord2448
ord3993
ord3115
ord6019
ord5663
ord5680
ord4997
ord4347
ord5677
ord5674
ord2087
ord6945
ord7216
ord8385
ord8370
ord13076
ord4543
ord2351
ord6074
ord1087
ord6493
ord6495
ord6106
ord9283
ord8843
ord8694
ord7451
ord12646
ord12876
ord7135
ord7329
ord13003
ord8356
ord8988
ord12268
ord10483
ord12305
ord12451
ord8828
ord12874
ord8332
ord10426
ord11341
ord11060
ord7999
ord10549
ord11995
ord1674
ord3511
ord633
ord1934
ord1935
ord1937
ord9449
ord7039
ord7256
ord9577
ord7848
ord11241
ord11237
ord7844
ord12266
ord13283
ord10407
ord8448
ord580
ord782
ord6691
ord406
ord665
ord2490
ord2501
ord4322
ord9385
ord6930
ord7203
ord398
ord662
ord4010
ord10519
ord2356
ord5893
ord6350
ord6353
ord9446
ord4262
ord2469
ord3155
ord3061
ord2431
ord3685
ord12228
ord2763
ord333
ord8316
ord3165
ord5497
ord6334
ord2100
ord1010
ord5933
ord1365
ord6813
ord2077
ord1420
ord6218
ord6514
ord579
ord781
ord5543
ord5793
ord1565
ord1064
ord4167
ord6511
ord6167
ord8669
ord9858
ord13001
ord3826
ord5201
ord3323
ord5908
ord12263
ord4658
ord10484
ord9748
ord936
ord7606
ord3150
ord3948
ord588
ord793
ord4042
ord1441
ord5294
ord5297
ord5210
ord4599
ord1696
ord7110
ord7309
ord10069
ord7047
ord7263
ord9365
ord12906
ord9523
ord6868
ord7161
ord11132
ord10697
ord12635
ord9651
ord8802
ord8248
ord12849
ord13152
ord12278
ord5977
ord12258
ord12243
ord7773
ord10872
ord11036
ord10550
ord571
ord6727
ord4454
ord6088
ord3187
ord5770
ord3674
ord4890
ord4897
ord4043
ord7138
ord7332
ord6861
ord7156
ord4211
ord1186
ord1098
ord6482
ord4441
ord9747
ord9767
ord9761

msvcr90

_stricmp
strchr
swscanf
_waccess
_chdir
_wsplitpath
_itow
_localtime64_s
_invalid_parameter_noinfo
__RTDynamicCast
malloc
calloc
_time64
_wtoi
memcpy_s
_purecall
fscanf
fgets
getc
fputc
ferror
feof
fflush
ftell
_snwprintf
mbstowcs
_wcsicmp
free
_read
_write
_lseek
_unlink
_close
_open
_setmode
fseek
fwrite
fread
_CIlog10
fclose
wcschr
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
strtod
_snprintf
getenv
exit
_strnicmp
isupper
tmpfile
perror
fgetc
_errno
_getcwd
fopen
sscanf
putc
_mktime64
_gmtime64
strstr
atan2
fabs
sqrt
log
exp
pow
strcpy
strlen
strtok
vfprintf
isalpha
atoi
atof
isdigit
isspace
memmove
strrchr
vsprintf
tmpnam
abort
strncmp
_swab
_CIfmod
ceil
_CIatan2
ldiv
_CIsin
_CIcos
_CIacos
_CxxThrowException
_CIpow
sprintf
_CIsqrt
printf
_CIexp
strncpy
__iob_func
fprintf
_CIlog
__CxxLongjmpUnwind
_setjmp3
floor
__CxxFrameHandler3
longjmp
memset
realloc
memcpy
_except_handler3
isxdigit
isprint
vswprintf_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
swscanf_s
iswxdigit
wcsncmp
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
iswlower
iswupper
_wcsdup
qsort
towlower
towupper
iswalnum
iswalpha
iswdigit
swprintf_s
__wargv
__argc
wcsncat_s
wcscat_s
_vsprintf_s_l
_vswprintf_s_l
wcscpy_s
iswprint
iswspace
wcsncpy_s
rand
srand
memmove_s
wcsstr
_wtof
localeconv
_wfopen

kernel32

CreateEventW
ResetEvent
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
FileTimeToLocalFileTime
FileTimeToSystemTime
CloseHandle
WaitForSingleObject
ResumeThread
Sleep
QueryPerformanceCounter
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLocaleInfoW
GetNumberFormatW
FreeLibrary
GetDiskFreeSpaceW
GetVolumeInformationW
GetVersionExW
CreateDirectoryW
lstrcatW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
lstrlenW
GetCurrentDirectoryW
GetDriveTypeW
GetTickCount
lstrcpyW
lstrcmpW
GetSystemTime
CopyFileW
GetFileAttributesW
DeleteFileW
SetFileAttributesW
GlobalUnlock
HeapFree
GetProcessHeap
GlobalLock
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetEvent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
SetFilePointer
CreateFileA
LoadLibraryA
GetCurrentProcess
lstrcpynW
ReadFile
GetFileSize
WriteFile
CreateFileW
CompareStringW
lstrlenA
GetTempPathW
CreateMutexW
WideCharToMultiByte
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationW
GlobalSize
GlobalFree
GetModuleFileNameW
MultiByteToWideChar
GetWindowsDirectoryW
GlobalAlloc
LocalFree
FormatMessageW
MulDiv
SetLastError

user32

HideCaret
InvalidateRect
LoadIconW
GetDC
ReleaseDC
SendMessageW
DrawMenuBar
EnableWindow
EnableScrollBar
SetScrollInfo
CreateCaret
DragDetect
SetCaretPos
SetWindowPos
GetScrollInfo
DestroyCaret
GetScrollPos
GetWindowLongW
ScrollWindow
RegisterHotKey
GetCaretPos
InsertMenuW
InsertMenuItemW
SetScrollRange
SetScrollPos
CharUpperW
MessageBeep
IsMenu
BringWindowToTop
FindWindowW
LoadAcceleratorsW
MapWindowPoints
ShowScrollBar
UnionRect
TrackPopupMenu
RemoveMenu
ModifyMenuW
CheckMenuItem
GetAsyncKeyState
GetMenuDefaultItem
CreatePopupMenu
DrawIconEx
CharLowerW
RegisterWindowMessageW
wsprintfW
AdjustWindowRectEx
PeekMessageW
UnregisterHotKey
SetClipboardData
EmptyClipboard
IsIconic
SetForegroundWindow
GetClassNameW
GetDesktopWindow
CloseClipboard
GetClipboardData
OpenClipboard
DestroyIcon
SetMenuItemInfoW
GetWindow
GetNextDlgGroupItem
CopyIcon
ShowCaret
PtInRect
PostMessageW
UpdateWindow
IsChild
SystemParametersInfoW
GetSystemMetrics
KillTimer
GetMessagePos
SetTimer
GrayStringW
DrawTextExW
TabbedTextOutW
RedrawWindow
GetMenuItemInfoW
GetMenuState
SetWindowLongW
GetParent
CallWindowProcW
IsClipboardFormatAvailable
GetKeyState
MessageBoxW
GetWindowRect
DrawTextW
GetFocus
DispatchMessageW
TranslateMessage
ClientToScreen
GetCursorPos
IsWindowVisible
IsWindow
LoadImageW
EnableMenuItem
LoadMenuW
ScreenToClient
GetCapture
DrawFocusRect
SetCursor
ReleaseCapture
SetCapture
LoadCursorW
SetRect
IntersectRect
IsRectEmpty
EqualRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
OffsetRect
FillRect
GetSysColor
InflateRect
SetRectEmpty
RegisterClipboardFormatW
GetClientRect
CopyRect

gdi32

Escape
GetObjectW
CreateFontIndirectW
CreateDIBSection
SelectObject
DeleteObject
GetPixel
CreateBitmap
UnrealizeObject
SetBrushOrgEx
TextOutW
RectVisible
PtVisible
BitBlt
GetBkColor
DPtoLP
GetMapMode
CreateCompatibleBitmap
LPtoDP
CreateCompatibleDC
SetPixelV
LineDDA
GetDeviceCaps
CreatePen
GetStockObject
FrameRgn
GetDIBits
GetTextMetricsW
StretchBlt
CreateRectRgnIndirect
SetRectRgn
CreateICW
DeleteDC
CreateFontW
SetTextColor
SetBkMode
RectInRegion
CreatePolygonRgn
CreateEllipticRgnIndirect
CreateRoundRectRgn
Ellipse
RoundRect
Rectangle
CreatePenIndirect
CreateBrushIndirect
PatBlt
GetTextExtentPoint32W
CreateSolidBrush
ExtTextOutW
GetEnhMetaFilePaletteEntries
CreatePalette
SelectPalette
PlayEnhMetaFile
SetEnhMetaFileBits
GetEnhMetaFileHeader
DeleteEnhMetaFile
SetWinMetaFileBits
StretchDIBits
SetBkColor
SaveDC
GetClipBox
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
RestoreDC
RealizePalette
GetCharWidthW
SetBoundsRect
GetTextColor

comdlg32

GetFileTitleW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
GetUserNameW

shell32

ord716
SHGetFolderPathW
SHFreeNameMappings
SHFileOperationW
SHGetFileInfoW
Shell_NotifyIconW
SHGetDesktopFolder
ShellExecuteW
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteExW
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx
ImageList_GetIcon
ImageList_Draw
ImageList_GetIconSize
ImageList_SetBkColor
ImageList_Create
ImageList_GetImageInfo
ImageList_Destroy
ImageList_Add

shlwapi

PathIsNetworkPathW
PathIsDirectoryW
PathIsRelativeW
PathAddBackslashW
PathIsRootW

ole32

DoDragDrop
CoInitialize
CoLockObjectExternal
RevokeDragDrop
CoCreateInstance
RegisterDragDrop
ReleaseStgMedium
OleSetClipboard

oleaut32

VariantTimeToSystemTime
SysFreeString
VariantClear
VarBstrFromDate
SystemTimeToVariantTime

gdiplus

GdipCreateFromHDC
GdipDrawPath
GdipFillPath
GdipAddPathClosedCurveI
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawImageI

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

ws2_32

ntohs
htonl
htons
ntohl

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxImageJPG@@QAE@ABV0@@Z
??0CxImageTIF@@QAE@ABV0@@Z
??0CxImageTIF@@QAE@XZ
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxExifInfo@CxImageJPG@@QAEAAV01@ABV01@@Z
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxImageJPG@@QAEAAV0@ABV0@@Z
??4CxImageTIF@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxImageJPG@@6B@
??_7CxImageTIF@@6B@
??_7CxMemFile@@6B@
??_FCxExifInfo@CxImageJPG@@QAEXXZ
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXAAV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Decode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Decode@CxImageTIF@@QAE_NPAU_iobuf@@@Z
?DecodeExif@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Encode@CxImageJPG@@QAE_NPAU_iobuf@@@Z
?Encode@CxImageTIF@@QAE_NPAU_iobuf@@PAPAVCxImage@@H@Z
?Encode@CxImageTIF@@QAE_NPAU_iobuf@@_N@Z
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPB_W0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Viewlet.exe.manifest
.xml
WiaUtils.dll
.dll windows:5 windows x86 arch:x86

617169707a008e516849130ce94a83e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\3PI Studio\Work\azsoft\Viewlet_vc9\src\Release_unicode\WiaUtils.pdb

Imports

msvcr90

_except_handler4_common
_onexit
_crt_debugger_hook
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_encode_pointer
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxQueryExceptionSize
__CxxUnregisterExceptionObject
_cexit
__FrameUnwindFilter

kernel32

GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcm90

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z

mscoree

_CorDllMain

Exports

Exports

AddImage
CanPrint
InitPrint
PrintImage
StartPrint

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 594B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 27KB - Virtual size: 27KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

c4d5288cc0f629fc5c7869b66bfe2953

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

msvcrt

advapi32

gdi32

gdiplus

kernel32

ole32

oleaut32

shell32

shlwapi

user32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 188KB

.data Size: 24KB - Virtual size: 24KB

.rsrc Size: 78KB - Virtual size: 78KB

.reloc Size: 17KB - Virtual size: 17KB

092eb6daba2f17cbda102fd1a32acd00

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

.text
Size: 188KB - Virtual size: 188KB

.data
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 78KB - Virtual size: 78KB

.reloc
Size: 17KB - Virtual size: 17KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

8f:b4:88:77:65:2e:d1:f9:20:49:04:a3:aa:4d:40:5e:81:0c:7e:15
Signer

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 68KB

.rsrc
Size: 3.9MB - Virtual size: 7KB

.text
Size: 36KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 864B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 2KB

.SYSHELP
Size: 512B - Virtual size: 20B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 5KB - Virtual size: 4KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate