ac1c564af83a4eb941c49f9f657233ad_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ac1c564af83a4eb941c49f9f657233ad_JaffaCakes118
Size

604KB
MD5

ac1c564af83a4eb941c49f9f657233ad
SHA1

8ca8d17b7393b06b6e29ad89b722439d9157f0a1
SHA256

965ca35c2cd796306bf670209addffb4bcc4d7c1cff10b4a85932b2e5a11b697
SHA512

6646fec1000adcde6c2780095441f0ebbba12d037a09d1e23bfaf75b16a20da1099dac602e61261009a76c3531241f7ddfb3812d53b3e9f4edc9afbb45886cd3
SSDEEP

12288:K9csO3x600l7UhIGMd+qwxwt9827YTriIXs04cyvrLj9:Kab6pBUmGytZQGIJ4nvrLj9

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/4.3/msvcp60.dll
unpack001/4.3/msvcrt.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

ac1c564af83a4eb941c49f9f657233ad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:e7:fc:1f:ca:14:da:7f:f0:ca:48:cf:fa:79:76:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

26/07/2006, 00:00

Not After

16/09/2009, 23:59

Subject

CN=Rediff.com India Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=India,O=Rediff.com India Limited,L=Mumbai,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
4.3/Downloader.exe
.exe windows:4 windows x86 arch:x86

adda060ecf3ab081f52346f46dfdd4b0

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:e7:fc:1f:ca:14:da:7f:f0:ca:48:cf:fa:79:76:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

26/07/2006, 00:00

Not After

16/09/2009, 23:59

Subject

CN=Rediff.com India Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=India,O=Rediff.com India Limited,L=Mumbai,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoA
InternetSetOptionA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetCrackUrlA
InternetQueryOptionA
InternetReadFile

mfc42

ord4627
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord2514
ord5265
ord4853
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord1576
ord4425
ord3597
ord1146
ord1168
ord324
ord4234
ord6199
ord2864
ord4710
ord2379
ord755
ord470
ord1105
ord540
ord941
ord537
ord823
ord800
ord3092
ord535
ord2764
ord2614
ord4376
ord6374
ord6378
ord6197
ord6380
ord6377

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_acmdln
__set_app_type
_except_handler3
_controlfp
exit
_XcptFilter
_onexit
__dllonexit
_exit
__CxxFrameHandler
_setmbcp
__p__fmode

kernel32

GetLastError
GetStartupInfoA
GetModuleHandleA
SetEvent
GetTempPathA
CreateFileA
WriteFile
CloseHandle

user32

SetTimer
SendMessageA
FindWindowA
DrawIcon
LoadIconA
GetSystemMetrics
IsIconic
KillTimer
EnableWindow
GetClientRect

shell32

ShellExecuteA

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4.3/Uninstall.exe.nsis
4.3/WhiteList.dll
.dll windows:4 windows x86 arch:x86

4d3e7fd34ec73559b928a3bc5439c348

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:e7:fc:1f:ca:14:da:7f:f0:ca:48:cf:fa:79:76:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

26/07/2006, 00:00

Not After

16/09/2009, 23:59

Subject

CN=Rediff.com India Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=India,O=Rediff.com India Limited,L=Mumbai,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LoadResource
FindResourceA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
LockResource
GetCurrentThreadId
MultiByteToWideChar
FlushInstructionCache
GetCurrentProcess
WideCharToMultiByte
InterlockedDecrement
DisableThreadLibraryCalls
LocalFree
GetLastError
lstrlenA
InterlockedIncrement
EnterCriticalSection

user32

SetWindowTextA
GetWindowTextA
SetWindowLongA
GetWindowLongA
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
CharLowerA
MessageBoxA
SetDlgItemTextA
GetParent
SetFocus
SendMessageA
GetDlgItem
GetWindowTextLengthA
EnableWindow
CharNextA
LoadStringA
EnumChildWindows

advapi32

RegSetValueExA
RegCloseKey
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA

ole32

CoCreateInstance
OleRun

oleaut32

SysStringByteLen
VariantClear
SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z

msvcrt

memcpy
??2@YAPAXI@Z
_purecall
__CxxFrameHandler
memset
wcslen
_initterm
strlen
_mbslwr
_CxxThrowException
wcstol
_adjust_fdiv
malloc
_mbscmp
_mbschr
_mbsstr
_ismbcspace
memmove
free
??1type_info@@UAE@XZ
__dllonexit
_onexit
_itoa
wcstod

Exports

Exports

IsUnicode
PlugInit
PlugTerminate
Registration
determineCommands

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4.3/alert.html
.html .js polyglot
4.3/allowpopup.xml
.xml
4.3/basis.xml
.xml
4.3/blockpopup.xml
.xml
4.3/favicon.ico
4.3/images/Icons.bmp
4.3/images/Thumbs.db
4.3/images/greenquestion.gif
.gif
4.3/images/rating.bmp
4.3/images/redifflogo.BMP
4.3/images/safe.bmp
4.3/images/sep.bmp
4.3/images/tick.gif
.gif
4.3/images/unsafe.bmp
4.3/images/yellow.gif
.gif
4.3/inst.bat
4.3/msvcp60.dll
.dll windows:4 windows x86 arch:x86

1b1839992700df52b049b87961a724e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memmove
__CxxFrameHandler
free
localeconv
_Gettnames
_Getdays
_Getmonths
__mb_cur_max
atan2
cos
exp
ldexp
log
pow
sin
sqrt
??2@YAPAXI@Z
strtoul
_errno
strtol
sprintf
strcspn
fclose
fwrite
fputc
ungetc
fgetc
fgetpos
fseek
fsetpos
setvbuf
memchr
memset
ungetwc
fgetwc
_Strftime
fopen
_iob
setlocale
malloc
realloc
__crtCompareStringA
__lc_collate_cp
_unlock
__lc_handle
_lock
__setlc_active
__unguarded_readlc_active
__crtLCMapStringA
__lc_codepage
towlower
towupper
strcmp
_pctype
_isctype
_ftol
strtod
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
memcmp
memcpy
strlen
_CxxThrowException
wcslen
??4exception@@QAEAAV0@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
fflush
?what@exception@@UBEPBDXZ
fputwc

kernel32

DisableThreadLibraryCalls
MultiByteToWideChar
DeleteCriticalSection
InterlockedExchange
LeaveCriticalSection
Sleep
EnterCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte

Exports

Exports

??0?$_Complex_base@M@std@@QAE@ABM0@Z
??0?$_Complex_base@N@std@@QAE@ABN0@Z
??0?$_Complex_base@O@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$numpunct@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@D@std@@QAE@I@Z
??0?$numpunct@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$numpunct@G@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Locinfo@std@@QAE@ABV01@@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_Winit@std@@QAE@XZ
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_alloc@std@@QAE@ABV01@@Z
??0bad_alloc@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_exception@std@@QAE@ABV01@@Z
??0bad_exception@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0domain_error@std@@QAE@ABV01@@Z
??0domain_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0facet@locale@std@@IAE@I@Z
??0ios_base@std@@IAE@XZ
??0ios_base@std@@QAE@ABV01@@Z
??0length_error@std@@QAE@ABV01@@Z
??0length_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0locale@std@@AAE@PAV_Locimp@01@@Z
??0locale@std@@QAE@ABV01@0H@Z
??0locale@std@@QAE@ABV01@@Z
??0locale@std@@QAE@ABV01@PBDH@Z
??0locale@std@@QAE@PBDH@Z
??0locale@std@@QAE@W4_Uninitialized@1@@Z
??0locale@std@@QAE@XZ
??0logic_error@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0messages_base@std@@QAE@I@Z
??0money_base@std@@QAE@I@Z
??0ostrstream@std@@QAE@PADHH@Z
??0out_of_range@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0overflow_error@std@@QAE@ABV01@@Z
??0overflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0range_error@std@@QAE@ABV01@@Z
??0range_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0runtime_error@std@@QAE@ABV01@@Z
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0strstream@std@@QAE@PADHH@Z
??0time_base@std@@QAE@I@Z
??0underflow_error@std@@QAE@ABV01@@Z
??0underflow_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$_Mpunct@D@std@@UAE@XZ
??1?$_Mpunct@G@std@@UAE@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_filebuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_fstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ofstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
??1?$codecvt@DDH@std@@UAE@XZ
??1?$codecvt@GDH@std@@UAE@XZ
??1?$collate@D@std@@UAE@XZ
??1?$collate@G@std@@UAE@XZ
??1?$ctype@D@std@@UAE@XZ
??1?$ctype@G@std@@UAE@XZ
??1?$messages@D@std@@UAE@XZ
??1?$messages@G@std@@UAE@XZ
??1?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$moneypunct@D$00@std@@UAE@XZ
??1?$moneypunct@D$0A@@std@@UAE@XZ
??1?$moneypunct@G$00@std@@UAE@XZ
??1?$moneypunct@G$0A@@std@@UAE@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$numpunct@D@std@@UAE@XZ
??1?$numpunct@G@std@@UAE@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Timevec@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_alloc@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_exception@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1codecvt_base@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??1domain_error@std@@UAE@XZ
??1facet@locale@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1istrstream@std@@UAE@XZ
??1length_error@std@@UAE@XZ
??1locale@std@@QAE@XZ
??1logic_error@std@@UAE@XZ
??1messages_base@std@@UAE@XZ
??1money_base@std@@UAE@XZ
??1ostrstream@std@@UAE@XZ
??1out_of_range@std@@UAE@XZ
??1overflow_error@std@@UAE@XZ
??1range_error@std@@UAE@XZ
??1runtime_error@std@@UAE@XZ
??1strstream@std@@UAE@XZ
??1strstreambuf@std@@UAE@XZ
??1time_base@std@@UAE@XZ
??1underflow_error@std@@UAE@XZ
??4?$_Complex_base@M@std@@QAEAAV01@ABV01@@Z
??4?$_Complex_base@N@std@@QAEAAV01@ABV01@@Z
??4?$_Complex_base@O@std@@QAEAAV01@ABV01@@Z
??4?$_Ctr@M@std@@QAEAAV01@ABV01@@Z
??4?$_Ctr@N@std@@QAEAAV01@ABV01@@Z
??4?$_Ctr@O@std@@QAEAAV01@ABV01@@Z
??4?$allocator@X@std@@QAEAAV01@ABV01@@Z
??4?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_fstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ios@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ios@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$char_traits@D@std@@QAEAAU01@ABU01@@Z
??4?$char_traits@G@std@@QAEAAU01@ABU01@@Z
??4?$complex@M@std@@QAEAAV01@ABM@Z
??4?$complex@M@std@@QAEAAV01@ABV01@@Z
??4?$complex@N@std@@QAEAAV01@ABN@Z
??4?$complex@N@std@@QAEAAV01@ABV01@@Z
??4?$complex@O@std@@QAEAAV01@ABO@Z
??4?$complex@O@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@C@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@D@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@E@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@F@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@G@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@H@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@I@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@J@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@K@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@M@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@N@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@O@std@@QAEAAV01@ABV01@@Z
??4?$numeric_limits@_N@std@@QAEAAV01@ABV01@@Z
??4Init@ios_base@std@@QAEAAV012@ABV012@@Z
??4_Locinfo@std@@QAEAAV01@ABV01@@Z
??4_Lockit@std@@QAEAAV01@ABV01@@Z
??4_Num_base@std@@QAEAAU01@ABU01@@Z
??4_Num_float_base@std@@QAEAAU01@ABU01@@Z
??4_Num_int_base@std@@QAEAAU01@ABU01@@Z
??4_Timevec@std@@QAEAAV01@ABV01@@Z
??4_Winit@std@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_alloc@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_exception@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4domain_error@std@@QAEAAV01@ABV01@@Z
??4id@locale@std@@QAEAAV012@ABV012@@Z
??4ios_base@std@@QAEAAV01@ABV01@@Z
??4length_error@std@@QAEAAV01@ABV01@@Z
??4locale@std@@QAEAAV01@ABV01@@Z
??4logic_error@std@@QAEAAV01@ABV01@@Z
??4out_of_range@std@@QAEAAV01@ABV01@@Z
??4overflow_error@std@@QAEAAV01@ABV01@@Z
??4range_error@std@@QAEAAV01@ABV01@@Z
??4runtime_error@std@@QAEAAV01@ABV01@@Z
??4underflow_error@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAF@Z
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBF@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??7ios_base@std@@QBE_NXZ
??8locale@std@@QBE_NABV01@@Z
??8std@@YA_NABMABV?$complex@M@0@@Z
??8std@@YA_NABNABV?$complex@N@0@@Z
??8std@@YA_NABOABV?$complex@O@0@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??8std@@YA_NABV?$complex@M@0@0@Z
??8std@@YA_NABV?$complex@M@0@ABM@Z
??8std@@YA_NABV?$complex@N@0@0@Z
??8std@@YA_NABV?$complex@N@0@ABN@Z
??8std@@YA_NABV?$complex@O@0@0@Z
??8std@@YA_NABV?$complex@O@0@ABO@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??9locale@std@@QBE_NABV01@@Z
??9std@@YA_NABMABV?$complex@M@0@@Z
??9std@@YA_NABNABV?$complex@N@0@@Z
??9std@@YA_NABOABV?$complex@O@0@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??9std@@YA_NABV?$complex@M@0@0@Z
??9std@@YA_NABV?$complex@M@0@ABM@Z

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4.3/msvcrt.dll
.dll windows:4 windows x86 arch:x86

799e28bcbf4e94ca50e4b0a2c283ab7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnumSystemLocalesA
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
SetEnvironmentVariableW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
RaiseException
GetUserDefaultLCID
GetLocaleInfoW
GetTimeZoneInformation
FlushFileBuffers
SetFilePointer
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
Sleep
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
HeapSize
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetSystemTimeAsFileTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctime64
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime64
_ftol
_fullpath
_futime
_futime64
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_gmtime64
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_localtime64
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_mktime64
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osplatform
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stat64
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_time64
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_utime64
_vsnprintf
_vsnwprintf
_waccess
_wasctime

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4.3/options.html
.html
4.3/redifftoolbar.crc
4.3/redifftoolbar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4733441b8698160c7532a1c94085673e

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:e7:fc:1f:ca:14:da:7f:f0:ca:48:cf:fa:79:76:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

26/07/2006, 00:00

Not After

16/09/2009, 23:59

Subject

CN=Rediff.com India Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=India,O=Rediff.com India Limited,L=Mumbai,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA
timeSetEvent
timeKillEvent

shlwapi

PathFileExistsA

wininet

InternetSetOptionA
FindCloseUrlCache
InternetOpenUrlA
InternetCrackUrlA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetQueryOptionA
DeleteUrlCacheEntry
HttpQueryInfoA
InternetReadFile
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

setupapi

SetupIterateCabinetA

kernel32

LocalFree
LocalAlloc
InterlockedExchange
GetVersionExA
RemoveDirectoryA
DeleteFileA
CloseHandle
WriteFile
CreateFileA
GetTempPathA
MoveFileExA
Sleep
GetModuleFileNameA
GetLastError
SetEvent
WaitForSingleObject
CreateMutexA
InterlockedIncrement
InterlockedDecrement
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
FreeLibrary
FindClose
FindNextFileA
GetProcAddress
FindFirstFileA
lstrcpyA
RaiseException
SetLastError
LoadLibraryA
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
TerminateThread
DebugBreak
GetCurrentThreadId
GetVersion
GetCurrentProcessId
GetTickCount
GlobalUnlock
GlobalLock
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
CopyFileA
MoveFileA
GetTempFileNameA
ReleaseMutex
ResetEvent
CreateEventA
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
lstrcmpA
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThread
HeapFree
HeapAlloc
GetProcessHeap
SetCurrentDirectoryA
DisableThreadLibraryCalls
HeapDestroy
GetShortPathNameA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
lstrcatA

user32

SendMessageA
wsprintfA
GetSysColor
CallNextHookEx
GetSubMenu
CharLowerA
GetClientRect
EndMenu
SetWindowTextA
GetSystemMetrics
IsWindow
GetParent
FillRect
ShowWindow
DestroyCursor
PostMessageA
EmptyClipboard
UnregisterClassA
TranslateMessage
SetActiveWindow
MoveWindow
EnableMenuItem
CheckMenuItem
AppendMenuA
CreatePopupMenu
LoadCursorFromFileA
GetActiveWindow
CreateWindowExA
GetDlgItem
InvalidateRgn
SetCapture
ReleaseCapture
DestroyAcceleratorTable
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
BeginPaint
EndPaint
IsChild
SetFocus
CallWindowProcA
DestroyWindow
DrawEdge
OpenClipboard
GetClipboardData
CloseClipboard
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
GetClassInfoExA
RegisterClassExA
RegisterWindowMessageA
LoadCursorA
SetWindowRgn
ReleaseDC
GetDC
OffsetRect
GetMenuItemInfoA
CopyRect
GetWindow
UnhookWindowsHookEx
IsWindowVisible
GetAsyncKeyState
CharUpperA
LoadMenuA
InsertMenuA
TrackPopupMenu
DestroyMenu
PeekMessageA
DispatchMessageA
FindWindowA
MapWindowPoints
GetWindowRect
LoadImageA
GetMessagePos
GetCursorPos
GetFocus
GetWindowLongA
SetWindowLongA
SetWindowPos
SetWindowsHookExA
LoadStringA
WindowFromPoint
SetTimer
SetCursor
ScreenToClient
PtInRect
GetKeyState
GetClassNameA
InvalidateRect
wvsprintfA
KillTimer
CharNextA
MessageBoxA

gdi32

CreateBrushIndirect
CreateSolidBrush
GetTextExtentPoint32A
CreateCompatibleBitmap
GetStockObject
GetTextExtentPointA
ExtTextOutA
DeleteObject
SelectObject
GetTextMetricsA
SetBkColor
SetBkMode
SetTextColor
CreateFontA
CreateRectRgn
GetObjectA
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleDC

shell32

DragQueryFileA
SHAddToRecentDocs
ShellExecuteA

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
ReleaseStgMedium
CoUninitialize
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
RegisterDragDrop
OleRun
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
CoTaskMemRealloc

oleaut32

GetErrorInfo
VarUI4FromStr
RegisterTypeLi
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantClear
SysAllocStringLen
VariantInit
SysStringByteLen
VariantChangeType
LoadTypeLi
VariantCopy
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector

rpcrt4

UuidFromStringA

msvcp60

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z

msvcirt

??0exception@@QAE@ABV0@@Z

msvcrt

memset
__CxxFrameHandler
memmove
memcmp
strlen
??2@YAPAXI@Z
strrchr
strcpy
strcat
fclose
fgets
fopen
strtok
strstr
free
_beginthread
memcpy
_purecall
difftime
mktime
localtime
time
atoi
_except_handler3
strcmp
_stricmp
wcslen
isdigit
sprintf
_itoa
wcsncpy
_fullpath
isspace
wcschr
wcsstr
wcscmp
rand
_mkdir
_chdir
strchr
wcscpy
strtod
srand
_CxxThrowException
realloc
wcstol
wcstod
_strlwr
fread
ftell
fseek
_wcsicmp
malloc
fwrite
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv

Exports

Exports

CanReload
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
TBStudioReg

Sections

.text
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4.3/redifftoolbar.inf
4.3/tbs_include_script_004681.js
.js
4.3/version.txt

Sharing

General

Malware Config

Signatures

Files

18bc6fa81e19f21156316b1ae696ed6b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

62:e7:fc:1f:ca:14:da:7f:f0:ca:48:cf:fa:79:76:e6Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 109KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 31KB - Virtual size: 31KB

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 104B

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 494B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

62:e7:fc:1f:ca:14:da:7f:f0:ca:48:cf:fa:79:76:e6
Certificate

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 109KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 31KB - Virtual size: 31KB

.text
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

62:e7:fc:1f:ca:14:da:7f:f0:ca:48:cf:fa:79:76:e6
Certificate

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 472B

.rsrc
Size: 4KB - Virtual size: 2KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

62:e7:fc:1f:ca:14:da:7f:f0:ca:48:cf:fa:79:76:e6
Certificate

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB