af6475616f2cc75c6fddd3e225090ddf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af6475616f2cc75c6fddd3e225090ddf_JaffaCakes118
Size

7.8MB
MD5

af6475616f2cc75c6fddd3e225090ddf
SHA1

34b40e01db4772c3ed424e66772962a1704a7ee6
SHA256

50cc720b4e04592eb290b54c9858146db50a28e2a275bd957d2bdfe3aa83bf41
SHA512

4d98deb551d997169c0f295fc580bcafe3aa044f7e210ac1a73d91394f8cb6895b38a5b7a12a2dc992b8d0792318423b36448512df203e17b7957e4844869dc0
SSDEEP

196608:MeOVpRhP3tT3VeyVooqGid30mDRuvh7wH7b3qO/2edA5turyvsreMo:xURNd70aXRidEyoJwH7b6O/jKtuyvY8

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/StartMenu.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$TEMP/fontinst.exe

Files

af6475616f2cc75c6fddd3e225090ddf_JaffaCakes118
.rar
365rili.exe
.exe windows:5 windows x86 arch:x86

1695812a40d1f74437cdc1e9322467ad

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:0b:43:d4:e3:19:e5:49:2f:7f:57:6d:91:1f:0b:80
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

12/04/2011, 00:00

Not After

11/04/2014, 23:59

Subject

CN=北京问日科技有限公司,OU=WoSign Class 3 Code Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:63:1d:8e:9f:0a:ed:c3:4b:d0:12:c1:8a:17:7a:29:1e:5b:51:55
Signer

Actual PE Digest

ad:63:1d:8e:9f:0a:ed:c3:4b:d0:12:c1:8a:17:7a:29:1e:5b:51:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 644KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

e26d7460d0c04056b9226a899477ba4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
CloseHandle
OpenProcess
LoadLibraryW
GetProcAddress
GetVersionExW
GlobalFree
lstrcpyW
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
DisableThreadLibraryCalls
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLastError
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers

Exports

Exports

FindProc

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:5 windows x86 arch:x86

b1d9539c7cfd95718179dedb471b482f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileW
lstrcatW
lstrcpyW
MulDiv
GetModuleHandleW
lstrcmpW
GlobalFree
lstrcpynW
GlobalAlloc
FindNextFileW
lstrcmpiW
FindClose

user32

PostMessageW
CallWindowProcW
GetWindowLongW
IsDialogMessageW
CheckDlgButton
ShowWindow
LoadIconW
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextW
IsDlgButtonChecked
GetWindowTextW
GetDlgItem
wsprintfW
CreateDialogParamW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
SetWindowLongW
SendMessageW

gdi32

GetTextMetricsW
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/DroidSansFallback.ttf
$TEMP/fontinst.exe
.exe windows:4 windows x86 arch:x86

d3bc0f9986c3e73e0380bb6142ce2fb2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
FindFirstFileA
ExitProcess
GetModuleFileNameA
LocalFree
LocalAlloc
GetSystemDirectoryA
GetFileAttributesA
FindClose
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
CopyFileA
GetWindowsDirectoryA
GetPrivateProfileSectionA
GetACP
WideCharToMultiByte
lstrcpyA
GetOEMCP
GetStringTypeA
GetCPInfo
WriteFile
VirtualFree
HeapFree
MoveFileExA
lstrcmpiA
GetVersionExA
WritePrivateProfileSectionA
lstrcatA
lstrlenA
GetProcessHeap
HeapAlloc
LCMapStringW
LCMapStringA
LoadLibraryA
VirtualAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapCreate
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetStringTypeW
MultiByteToWideChar
GetProcAddress
TerminateProcess
GetCurrentProcess
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetStdHandle
SetHandleCount
GetFileType
HeapDestroy

user32

PostMessageA
ReleaseDC
wsprintfA
GetDC

gdi32

GetFontData
AddFontResourceA
DeleteObject
SelectObject
CreateFontIndirectA
EnumFontFamiliesExA

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCloseKey

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 955B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/fontlist.inf
$TEMP/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

092eb6daba2f17cbda102fd1a32acd00

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d0:b8:36:c9:ae:3b:cb:20:6d:59:26:4f:5f:9c:95:6f:4b:15:75:3a
Signer

Actual PE Digest

d0:b8:36:c9:ae:3b:cb:20:6d:59:26:4f:5f:9c:95:6f:4b:15:75:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
SetEvent
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
GetVersionExA
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
CreateFileA
FindNextFileA
FindFirstFileA
CopyFileA
SetFileAttributesA
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceA
QueryDosDeviceA
GetCurrentDirectoryA
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetExitCodeProcess
CreateProcessA
ExpandEnvironmentStringsA
GetFileSize
CreateThread
CreateEventA
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
CloseHandle
DeviceIoControl
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
SetErrorMode
GetTickCount
CreateDirectoryA
GetLastError
RemoveDirectoryA
MoveFileExA
SetFilePointer
FindClose
ReadFile

msvcrt

strchr
_strnicmp
_stricmp
strrchr
_strlwr
strncpy
strstr
_snprintf
sprintf

advapi32

AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken

user32

ShowWindow
SendDlgItemMessageA
SendMessageA
DialogBoxParamA
LoadStringA
EndDialog
SetParent
MessageBoxA

ntdll

NtShutdownSystem
NtAdjustPrivilegesToken
NtClose
NtOpenProcessToken

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.2MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
365日历.exe
.exe windows:5 windows x86 arch:x86

93254e3fd6537dda59bf0307661dc7fb

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:0b:43:d4:e3:19:e5:49:2f:7f:57:6d:91:1f:0b:80
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

12/04/2011, 00:00

Not After

11/04/2014, 23:59

Subject

CN=北京问日科技有限公司,OU=WoSign Class 3 Code Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

e3:c5:ae:8b:29:8a:38:e7:a9:c0:67:a5:34:31:3f:5d:11:bb:f3:a4
Signer

Actual PE Digest

e3:c5:ae:8b:29:8a:38:e7:a9:c0:67:a5:34:31:3f:5d:11:bb:f3:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\实习\SVN\trunk\testMFC\Release\365日历.pdb

Imports

sqlite3

sqlite3_close
sqlite3_last_insert_rowid
sqlite3_column_text16
sqlite3_column_int64
sqlite3_column_int
sqlite3_step
sqlite3_finalize
sqlite3_prepare16_v2
sqlite3_open16

crashrpt

ord7
ord9
ord10
ord12

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ziparchive

?Seek@CZipMemFile@@UAE_K_JH@Z
?Read@CZipMemFile@@UAEIPAXI@Z
?Write@CZipMemFile@@UAEXPBXI@Z
?GetRuntimeClass@CZipMemFile@@UBEPAUCRuntimeClass@@XZ
?GetFileInfo@CZipArchive@@QAEPAVCZipFileHeader@@G@Z
?Open@CZipArchive@@QAE_NAAVCZipAbstractFile@@H_N@Z
?CloseFile@CZipArchive@@QAEHPB_W_N@Z
?ReadFile@CZipArchive@@QAEKPAXK@Z
?OpenFile@CZipArchive@@QAE_NG@Z
?FindFile@CZipArchive@@QAEGPB_WH_N@Z
??1CZipArchive@@UAE@XZ
??0CZipArchive@@QAE@XZ
?SetLength@CZipMemFile@@UAEX_K@Z

mfc90u

ord3355
ord6411
ord1493
ord4660
ord5664
ord3286
ord3654
ord595
ord710
ord462
ord6667
ord4442
ord4324
ord6760
ord6807
ord6577
ord985
ord441
ord3071
ord5553
ord6114
ord5737
ord946
ord300
ord6830
ord4516
ord1556
ord690
ord4544
ord6579
ord6831
ord1183
ord6604
ord4774
ord5938
ord3187
ord5770
ord5008
ord1938
ord1599
ord3220
ord285
ord6630
ord1607
ord3500
ord582
ord784
ord2069
ord2597
ord1108
ord1357
ord2596
ord2130
ord4512
ord2282
ord3577
ord2593
ord2537
ord4000
ord5632
ord4631
ord5167
ord5324
ord1810
ord1809
ord1675
ord3353
ord6408
ord1754
ord1751
ord4345
ord1492
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord5653
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord1026
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord3140
ord4910
ord4682
ord3515
ord374
ord639
ord2699
ord951
ord6732
ord4465
ord6079
ord2315
ord3020
ord3013
ord4211
ord6482
ord1156
ord1186
ord813
ord5979
ord4405
ord821
ord5980
ord4406
ord818
ord2208
ord265
ord2084
ord2447
ord612
ord794
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord1937
ord5830
ord4213
ord2087
ord3217
ord5674
ord1719
ord4347
ord4996
ord5680
ord5663
ord6018
ord2771
ord2983
ord1484
ord2475
ord6683
ord2981
ord2927
ord3368
ord6673
ord5966
ord4926
ord4788
ord2344
ord6782
ord4163
ord6601
ord3066
ord5102
ord4617
ord1444
ord1752
ord370
ord2337
ord638
ord3793
ord3959
ord3963
ord4131
ord1678
ord654
ord3528
ord611
ord2274
ord1665
ord4652
ord3489
ord4530
ord2904
ord2478
ord310
ord4518
ord2539
ord3993
ord5677
ord4997
ord6019
ord3673
ord593
ord796
ord1884
ord2448
ord6187
ord6094
ord4128
ord4130
ord4543
ord6095
ord4541
ord4410
ord586
ord4527
ord1533
ord3741
ord2901
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord3670
ord589
ord1188
ord1204
ord4967
ord4043
ord1254
ord1250
ord1248
ord266
ord601
ord316
ord782
ord698
ord580
ord446
ord404
ord5535
ord1552
ord663
ord335
ord799
ord1137
ord5939
ord909
ord296
ord2479
ord811
ord286
ord3185
ord1047
ord2360
ord790
ord938
ord935
ord3537
ord3488
ord1354
ord3622
ord2106
ord3543
ord4398
ord6780
ord3933
ord5974
ord2758
ord6063
ord6572
ord6060
ord6566
ord600
ord280
ord6510
ord801
ord4784
ord3999
ord5007
ord3082
ord6295
ord2885
ord2170
ord4287
ord4579
ord6569
ord6372
ord6547
ord6183
ord6096
ord6101
ord6040
ord5863
ord5850
ord3085
ord4066
ord4074
ord2283
ord778
ord744
ord5194
ord524
ord4044
ord5851
ord2694
ord287
ord1272
ord4519
ord899
ord2326
ord3794
ord6311
ord6829
ord3421
ord3422
ord820
ord3221
ord305
ord1608
ord6065
ord6013
ord6808
ord6806
ord6805
ord615
ord2103
ord1601
ord4510
ord2277
ord1667
ord4654
ord3496
ord6550
ord4045
ord633
ord1674
ord3511
ord2702
ord3423
ord5676
ord2057
ord6741
ord5841
ord6418
ord6174
ord3899
ord1064
ord3226
ord1603
ord3952

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
__RTDynamicCast
fgets
strrchr
towlower
_stricmp
wcspbrk
strtoul
strtol
atoi
strncat
tolower
strstr
strncmp
vfprintf
vprintf
exit
_vsnprintf
_vscprintf
vsprintf
realloc
_strdup
calloc
isspace
_strnicmp
strchr
sscanf
__iob_func
fprintf
_snprintf
rand
srand
wcsftime
swscanf
swscanf_s
sscanf_s
_wtoi
sprintf
strncpy
_wfopen
fseek
ftell
fread
fflush
wcsncpy
fclose
fwrite
wcschr
wcsncmp
wcstol
memmove
_vswprintf
floor
ceil
printf
_time64
memmove_s
vswprintf_s
strcpy_s
vsprintf_s
_localtime64_s
memset
_recalloc
_purecall
wcscat_s
wcsncpy_s
wcscpy_s
memcpy_s
free
malloc
wcsstr
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
memcpy
__CxxFrameHandler3
?what@exception@std@@UBEPBDXZ

kernel32

FormatMessageW
GetCurrentProcess
SetProcessWorkingSetSize
WinExec
Sleep
GetPrivateProfileIntW
WritePrivateProfileStringW
lstrcpyW
GetPrivateProfileStringW
CreateMutexW
GetModuleFileNameA
ReleaseMutex
GetCurrentThreadId
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
CreateDirectoryW
WideCharToMultiByte
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
DeleteFileW
FindFirstFileW
GetFileAttributesW
FindNextFileW
FindClose
GetLocalTime
GetTimeZoneInformation
LoadLibraryW
CreateThread
WaitForSingleObject
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
CloseHandle
GetTickCount
GetACP

user32

GetSubMenu
SendMessageW
PostMessageW
GetSystemMenu
IsIconic
RemoveMenu
InvalidateRect
SetTimer
KillTimer
GetDesktopWindow
SetForegroundWindow
EnableWindow
BringWindowToTop
ModifyMenuW
CheckMenuItem
AppendMenuW
LoadMenuW
MessageBoxW
SystemParametersInfoW
wsprintfW
PostThreadMessageW
DrawIconEx
ReleaseCapture
ShowCursor
TrackMouseEvent
GetSysColor
WindowFromPoint
SetCapture
MapWindowPoints
FillRect
GetSysColorBrush
InflateRect
CreateIconIndirect
ReleaseDC
GetIconInfo
CharNextW
DestroyIcon
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetLayeredWindowAttributes
GetWindowLongW
SetWindowLongW
GetDC
GetWindow
UpdateLayeredWindow
ShowWindow
GetClassNameW
SetWindowPos
DefWindowProcW
RegisterClassExW
CreateWindowExW
GetCaretPos
GetFocus
ScreenToClient
ClientToScreen
DestroyWindow
UnregisterClassW
LoadCursorW
SetCursor
GetParent
GetClientRect
GetWindowRect
PtInRect
GetCursorPos
IsWindow
RegisterWindowMessageW
LoadIconW

gdi32

SetDIBits
Escape
GetDIBits
CreatePen
CreateSolidBrush
Rectangle
ExtTextOutW
TextOutW
RectVisible
CreateFontW
CreateFontIndirectW
PtVisible
SetBoundsRect
CreateDIBSection
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject
GetTextExtentPoint32W
GetObjectW

advapi32

CryptDecrypt
CryptEncrypt
CryptSetKeyParam
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CryptDestroyKey

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

SHDeleteKeyW

wininet

InternetErrorDlg
InternetGoOnlineW
InternetQueryOptionW
InternetSetOptionW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpSendRequestW
HttpQueryInfoW
HttpOpenRequestW

ole32

CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoCreateGuid
CreateStreamOnHGlobal
CoGetClassObject
CoInitialize
StringFromGUID2
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SystemTimeToVariantTime
SysAllocString
LoadTypeLi
RegisterTypeLi
SysFreeString
VarUdateFromDate
SysStringLen
VariantTimeToSystemTime
VarUI4FromStr

urlmon

URLDownloadToFileW
CoInternetGetSession

gdiplus

GdipMeasureString
GdipGraphicsClear
GdipCloneBrush
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeleteBrush
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCreateStringFormat
GdipLoadImageFromStream
GdipDrawImageRectI
GdipDrawLineI
GdipSetSmoothingMode
GdipReleaseDC
GdipCreateBitmapFromHBITMAP
GdipGetImageHeight
GdipGetImageWidth
GdipDeletePen
GdipCreatePen1
GdipCloneImage
GdipDrawImageI
GdipDrawImageRect
GdipDrawString
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipDeleteGraphics
GdipDeleteStringFormat
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipDrawImagePointRectI

msvcp90

?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?quiet_NaN@?$numeric_limits@N@std@@SANXZ
?infinity@?$numeric_limits@N@std@@SANXZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?capacity@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

Sections

.text
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
365日历.url
CrashRpt.dll
.dll windows:5 windows x86 arch:x86

d3d8e61eaff580cf13184ad9dcccb9dc

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:0b:43:d4:e3:19:e5:49:2f:7f:57:6d:91:1f:0b:80
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

12/04/2011, 00:00

Not After

11/04/2014, 23:59

Subject

CN=北京问日科技有限公司,OU=WoSign Class 3 Code Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

94:60:fc:05:58:7c:c6:65:74:72:83:7e:d7:d1:83:04:24:a2:c8:f9
Signer

Actual PE Digest

94:60:fc:05:58:7c:c6:65:74:72:83:7e:d7:d1:83:04:24:a2:c8:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\实习\Third\CrashReport\CrashRpt_v.1.2.10_r1203\bin\CrashRpt.pdb

Imports

rpcrt4

UuidToStringA
RpcStringFreeA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shell32

SHGetSpecialFolderPathW

kernel32

InterlockedExchange
IsDebuggerPresent
QueryPerformanceCounter
Sleep
InterlockedCompareExchange
UnhandledExceptionFilter
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
InterlockedDecrement
lstrlenW
MultiByteToWideChar
lstrlenA
InterlockedIncrement
DebugBreak
OutputDebugStringW
WaitForSingleObject
CloseHandle
CreateProcessW
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
GetCurrentProcess
CreateEventW
FreeLibrary
LoadLibraryW
CreateFileW
WideCharToMultiByte
RaiseException
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetSystemInfo
GetModuleFileNameW
GetPrivateProfileStringW
GlobalFree
GlobalAlloc
GetFileAttributesW
GetLastError
CreateDirectoryW
TerminateProcess
GetSystemTimeAsFileTime

user32

LoadStringW
CharNextW
wvsprintfW
MessageBoxW

advapi32

RegCloseKey
RegOpenKeyExW

ole32

CoCreateGuid

msvcp90

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr90

_set_error_mode
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_except_handler4_common
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
??3@YAXPAX@Z
signal
_set_invalid_parameter_handler
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_set_purecall_handler
memcpy
??2@YAPAXI@Z
memset
memmove
??_V@YAXPAX@Z
wcsrchr
wcsstr
iswdigit
iswspace
wcscmp
_wtoi
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
__CxxFrameHandler3
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
wcslen
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
__pxcptinfoptrs
_set_abort_behavior
?_set_new_mode@@YAHH@Z
_wstat64i32
_purecall
_controlfp_s
_clearfp
strcpy
memmove_s
wcsncpy_s
strcpy_s
raise
abort
?terminate@@YAXXZ
?unexpected@@YAXXZ
printf
wcschr
wcscspn
free
_encode_pointer

Exports

Exports

AddFileA
AddFileW
GenerateErrorReport
InstallA
InstallW
Uninstall
crAddFile2A
crAddFile2W
crAddFileA
crAddFileW
crAddPropertyA
crAddPropertyW
crAddRegKeyA
crAddRegKeyW
crAddScreenshot
crAddScreenshot2
crEmulateCrash
crExceptionFilter
crGenerateErrorReport
crGetLastErrorMsgA
crGetLastErrorMsgW
crInstallA
crInstallToCurrentThread
crInstallToCurrentThread2
crInstallW
crUninstall
crUninstallFromCurrentThread

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CrashSender.exe
.exe windows:5 windows x86 arch:x86

3e6f4326fcaa44874169e2842dcb41ae

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:0b:43:d4:e3:19:e5:49:2f:7f:57:6d:91:1f:0b:80
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

12/04/2011, 00:00

Not After

11/04/2014, 23:59

Subject

CN=北京问日科技有限公司,OU=WoSign Class 3 Code Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:bb:7d:ff:05:a0:d5:6f:7d:9b:a6:00:57:75:be:34:ee:25:ec:fc
Signer

Actual PE Digest

b4:bb:7d:ff:05:a0:d5:6f:7d:9b:a6:00:57:75:be:34:ee:25:ec:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\实习\Third\CrashReport\CrashRpt_v.1.2.10_r1203\bin\CrashSender.pdb

Imports

ws2_32

inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
WSACleanup
htonl
getservbyname
WSAStartup
socket
connect
closesocket
send
recv
WSASetLastError
getservbyport
ntohs
gethostbyaddr
htons

dnsapi

DnsQuery_W
DnsFree

wininet

InternetOpenW
HttpOpenRequestW
HttpSendRequestExW
HttpEndRequestW
InternetWriteFile
InternetCloseHandle
InternetConnectW
InternetReadFile

rpcrt4

UuidToStringA
RpcStringFreeA

gdi32

SetLayout
CreateDCW
GetDIBits
CreateFontW
TextOutW
CreateRectRgn
SelectClipRgn
BitBlt
SelectPalette
RealizePalette
SetStretchBltMode
DeleteObject
SelectObject
GetObjectW
SetBkMode
StretchBlt
DeleteDC
CreateFontIndirectW
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
Polygon
CreateSolidBrush
SetBkColor
CreateHalftonePalette
CreatePalette
GetDIBColorTable
SetDIBits
SetViewportOrgEx
SetTextColor

shell32

ExtractIconW
CommandLineToArgvW
SHGetFileInfoW
Shell_NotifyIconW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetProcessMemoryInfo

kernel32

UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
Sleep
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
CreateDirectoryW
FormatMessageW
GlobalFree
GetPrivateProfileStringW
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetTempPathW
GetTempFileNameW
SystemTimeToFileTime
WritePrivateProfileStringW
GetSystemDirectoryA
LoadLibraryA
SetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
lstrlenW
ResetEvent
InterlockedIncrement
CreateEventW
lstrcpyW
FindNextFileW
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
lstrlenA
DebugBreak
OutputDebugStringW
GetSystemTime
FileTimeToSystemTime
GetProcessTimes
FreeLibrary
GetProcAddress
LoadLibraryW
OpenProcess
SystemTimeToTzSpecificLocalTime
GetFileSizeEx
CreateFileW
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
RaiseException
GetLastError
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
GetModuleHandleW
lstrcmpiW
MulDiv
CompareStringW
lstrcmpW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
CreateMutexW
GetCommandLineW
GetVersionExW
lstrcpynW
CreateProcessW
ReadFile
GetFileInformationByHandle
WriteFile
CreateThread
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetSystemInfo
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcessId
OpenFileMappingW

user32

DrawTextExA
CharUpperW
SetScrollInfo
GetScrollInfo
PostMessageW
DialogBoxParamW
PostQuitMessage
LoadIconW
CopyRect
AdjustWindowRectEx
IsDialogMessageW
EnableWindow
KillTimer
SetTimer
MoveWindow
GetMenu
GetIconInfo
DrawTextExW
DrawIcon
GetActiveWindow
GetSubMenu
TrackPopupMenu
LoadMenuW
GetWindow
MonitorFromWindow
MonitorFromPoint
UnregisterClassA
DestroyMenu
SetMenuItemInfoW
CheckMenuRadioItem
DeleteMenu
EndDialog
MessageBoxW
SetProcessDefaultLayout
LoadImageW
GetDesktopWindow
GetSysColorBrush
GetKeyState
CreateDialogParamW
GetClassNameW
LoadCursorW
GetSysColor
EnumDisplayMonitors
OffsetRect
GetCapture
ReleaseCapture
AnimateWindow
EndPaint
BeginPaint
GetCursorPos
SetCursor
DrawFocusRect
FillRect
DrawTextW
PtInRect
CallWindowProcW
IsWindow
GetDlgCtrlID
GetParent
SetFocus
SetCapture
IsWindowEnabled
UpdateWindow
ScreenToClient
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateWindowExW
DestroyWindow
SetRectEmpty
MapWindowPoints
GetDlgItem
RedrawWindow
IsWindowVisible
ShowWindow
InvalidateRect
SendMessageW
GetWindowRect
SetWindowPos
GetWindowLongW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowLongW
DestroyIcon
GetGuiResources
CharNextW
wvsprintfW
LoadStringW
GetCursorInfo
GetWindowThreadProcessId
EnableMenuItem
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
ReleaseDC
IntersectRect
EnumWindows
GetFocus
GetDC
GetMonitorInfoW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateGuid
CoTaskMemAlloc

oleaut32

VarUI4FromStr
VarDateFromStr
VarI4FromStr
VarR8FromStr
VarDecFromStr
VarDecCmp
SysFreeString

comctl32

_TrackMouseEvent
ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr90

strtod
longjmp
__iob_func
strncpy
strcpy
_gmtime64
fabs
abs
pow
abort
sprintf
isalpha
tolower
isspace
strncmp
atof
fseek
ftell
ferror
fopen_s
_vsnprintf_s
sscanf_s
fputc
swprintf_s
strftime
_wdupenv_s
_time64
_gmtime64_s
wcscspn
strcat_s
strtoul
strncpy_s
calloc
strcpy_s
strchr
__CxxLongjmpUnwind
fprintf
atoi
wcsncmp
_wtol
_setjmp3
rewind
fflush
_lock
fwprintf
sprintf_s
_wstat64i32
feof
fread
wcscpy_s
wcschr
wcsncpy_s
memcpy_s
malloc
wcsstr
_recalloc
_wcsicmp
free
_purecall
strcmp
_wfopen_s
fclose
memcmp
wcslen
_wtoi
wcscmp
iswspace
iswdigit
wcsrchr
memmove
memmove_s
strlen
isalnum
??2@YAPAXI@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??_V@YAXPAX@Z
memcpy
memset
_CxxThrowException
??3@YAXPAX@Z
exit
_fseeki64
_ftelli64
srand
rand
tmpfile
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
getenv
fwrite
sscanf
_wfopen
fopen
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_onexit
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer

Sections

.text
Size: 447KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Theme/default.skn
.zip
edit_note/background.png
.png
edit_note/close.png
.png
edit_note/save.png
.png
edit_note/skin.xml
edit_schedule/back.png
.png
edit_schedule/close.png
.png
edit_schedule/edit.png
.png
edit_schedule/save.png
.png
edit_schedule/skin.xml
main/add.png
.png
main/background.png
.png
main/close.png
.png
main/line_back0.png
.png
main/line_back1.png
.png
main/minimize.png
.png
main/next.png
.png
main/normal.png
.png
main/note.png
.png
main/prev.png
.png
main/sched.png
.png
main/scroll_bottom.png
.png
main/scroll_down.png
.png
main/scroll_repeat.png
.png
main/scroll_top.png
.png
main/scroll_up.png
.png
main/select.png
.png
main/setting.png
.png
main/skin.xml
main/today.png
.png
main/today_button.png
.png
note/back.png
.png
note/close.png
.png
note/delete.png
.png
note/edit.png
.png
note/scroll_bottom.png
.png
note/scroll_down.png
.png
note/scroll_repeat.png
.png
note/scroll_top.png
.png
note/scroll_up.png
.png
note/skin.xml
note/star.png
.png
notes/add.png
.png
notes/background.png
.png
notes/close.png
.png
notes/line_back0.png
.png
notes/line_back1.png
.png
notes/scroll_bottom.png
.png
notes/scroll_down.png
.png
notes/scroll_repeat.png
.png
notes/scroll_top.png
.png
notes/scroll_up.png
.png
notes/skin.xml
notes/star.png
.png
schedule/back.png
.png
schedule/close.png
.png
schedule/delete.png
.png
schedule/edit.png
.png
schedule/scroll_bottom.png
.png
schedule/scroll_down.png
.png
schedule/scroll_repeat.png
.png
schedule/scroll_top.png
.png
schedule/scroll_up.png
.png
schedule/skin.xml
select_calendar/back.png
.png
select_calendar/close.png
.png
select_calendar/next_page.png
.png
select_calendar/prev_page.png
.png
select_calendar/skin.xml
setting/back.png
.png
setting/close.png
.png
setting/skin.xml
ZipArchive.dll
.dll windows:5 windows x86 arch:x86

c10988204b6c8199faca77a61464e78e

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:0b:43:d4:e3:19:e5:49:2f:7f:57:6d:91:1f:0b:80
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

12/04/2011, 00:00

Not After

11/04/2014, 23:59

Subject

CN=北京问日科技有限公司,OU=WoSign Class 3 Code Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

e9:3a:5b:aa:5d:63:70:d3:a1:70:7c:7f:20:6c:f0:c2:12:ba:e1:de
Signer

Actual PE Digest

e9:3a:5b:aa:5d:63:70:d3:a1:70:7c:7f:20:6c:f0:c2:12:ba:e1:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\实习\SVN\trunk\testMFC\ZipArchive\Release\ZipArchive.pdb

Imports

msvcr90

__CppXcptFilter
_crt_debugger_hook
_adjust_fdiv
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
memset
memcpy
_amsg_exit
_initterm_e
_initterm
_encoded_null
_decode_pointer
_malloc_crt
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
__CxxFrameHandler3
iswascii
_wchdir
_wsplitpath_s
malloc
realloc
_localtime64_s
_mktime64
_errno
wcsncpy_s
rand
srand
memmove
_time64
qsort
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
_findclose
_wfindnext64
_wfindfirst64
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_purecall
??_U@YAPAXI@Z
_wtoi64
free
memmove_s
??2@YAPAXI@Z
memcpy_s
??_V@YAXPAX@Z
_except_handler4_common
??3@YAXPAX@Z
_CxxThrowException

mfc90u

ord3020
ord2954
ord3631
ord3589
ord3220
ord285
ord1607
ord6692
ord6691
ord6698
ord4490
ord938
ord935
ord899
ord1599
ord4405
ord4518
ord1581
ord1579
ord2326
ord5938
ord2694
ord3810
ord399
ord3811
ord6697
ord4235
ord5851
ord1603
ord605
ord1274
ord321
ord1241
ord1239
ord1264
ord1180
ord1233
ord391
ord1152
ord1273
ord1271
ord1145
ord1076
ord1137
ord951
ord802
ord1088
ord4465
ord3013
ord5767
ord1243
ord6811
ord1707
ord2571
ord5778
ord6822
ord554
ord5886
ord5894
ord2484
ord758
ord1041
ord2537
ord933
ord811
ord404
ord1248
ord286
ord1552
ord663
ord403
ord4159
ord5535
ord400
ord3534
ord2953
ord2955
ord5943
ord296
ord813
ord6813
ord5770
ord3187
ord6079
ord6359
ord322
ord6732
ord3406
ord1250
ord280
ord2084
ord600
ord2315
ord3017
ord2525
ord2699

kernel32

CreateFileMappingW
UnmapViewOfFile
CloseHandle
GetLastError
FormatMessageW
LocalFree
GetDiskFreeSpaceExW
GetTempPathW
GetTempFileNameW
GetCurrentDirectoryW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
FindClose
CreateFileW
SetFileTime
GetDriveTypeW
SetVolumeLabelW
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
GetShortPathNameW
MoveFileW
CreateDirectoryW
LocalAlloc
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
MapViewOfFile

shell32

SHFileOperationW

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

??0?$CMap@HHPAUCOptions@CZipCompressor@@PAU12@@@QAE@H@Z
??0?$CMap@W4CallbackType@CZipActionCallback@@W412@PAU2@PAU2@@@QAE@H@Z
??0?$CZipMap@HPAUCOptions@CZipCompressor@@@@QAE@XZ
??0?$CZipMap@W4CallbackType@CZipActionCallback@@PAU2@@@QAE@XZ
??0CBaseLibCompressor@ZipArchiveLib@@QAE@PAVCZipStorage@@@Z
??0CBitFlag@ZipArchiveLib@@QAE@H@Z
??0CBitFlag@ZipArchiveLib@@QAE@XZ
??0CDeflateCompressor@ZipArchiveLib@@QAE@PAVCZipStorage@@@Z
??0CDirEnumerator@ZipArchiveLib@@IAE@PB_W_N@Z
??0CDirEnumerator@ZipArchiveLib@@QAE@ABV01@@Z
??0CFileFilter@ZipArchiveLib@@QAE@ABV01@@Z
??0CFileFilter@ZipArchiveLib@@QAE@_N@Z
??0CFileInfo@ZipArchiveLib@@QAE@XZ
??0CGroupFileFilter@ZipArchiveLib@@QAE@W4GroupType@01@_N1@Z
??0CInfo@CZipCentralDir@@QAE@ABU01@@Z
??0CInfo@CZipCentralDir@@QAE@XZ
??0CNameFileFilter@ZipArchiveLib@@QAE@ABV01@@Z
??0CNameFileFilter@ZipArchiveLib@@QAE@PB_W_NH1@Z
??0COptions@CBaseLibCompressor@ZipArchiveLib@@QAE@ABU012@@Z
??0COptions@CBaseLibCompressor@ZipArchiveLib@@QAE@XZ
??0COptions@CDeflateCompressor@ZipArchiveLib@@QAE@ABU012@@Z
??0COptions@CDeflateCompressor@ZipArchiveLib@@QAE@XZ
??0COptions@CZipCompressor@@QAE@ABU01@@Z
??0COptions@CZipCompressor@@QAE@XZ
??0COptionsMap@CZipCompressor@@QAE@XZ
??0CWildcard@ZipArchiveLib@@QAE@ABV01@@Z
??0CWildcard@ZipArchiveLib@@QAE@PB_W_N@Z
??0CWildcard@ZipArchiveLib@@QAE@XZ
??0CZipAbstractFile@@QAE@ABV0@@Z
??0CZipAbstractFile@@QAE@XZ
??0CZipActionCallback@@QAE@ABU0@@Z
??0CZipActionCallback@@QAE@XZ
??0CZipAddNewFileInfo@@QAE@ABU0@@Z
??0CZipAddNewFileInfo@@QAE@PAVCZipAbstractFile@@PB_W@Z
??0CZipAddNewFileInfo@@QAE@PB_W0@Z
??0CZipAddNewFileInfo@@QAE@PB_W_N@Z
??0CZipArchive@@QAE@XZ
??0CZipAutoBuffer@@QAE@ABV0@@Z
??0CZipAutoBuffer@@QAE@K_N@Z
??0CZipAutoBuffer@@QAE@XZ
??0CZipBinSplitNamesHandler@@QAE@ABV0@@Z
??0CZipBinSplitNamesHandler@@QAE@XZ
??0CZipCallback@@QAE@ABU0@@Z
??0CZipCallback@@QAE@XZ
??0CZipCallbackProvider@ZipArchiveLib@@QAE@XZ
??0CZipCentralDir@@QAE@ABV0@@Z
??0CZipCentralDir@@QAE@XZ
??0CZipCompressor@@IAE@PAVCZipStorage@@@Z
??0CZipCompressor@@QAE@ABV0@@Z
??0CZipCrc32Cryptograph@@QAE@ABV0@@Z
??0CZipCrc32Cryptograph@@QAE@XZ
??0CZipCryptograph@@QAE@ABV0@@Z
??0CZipCryptograph@@QAE@XZ
??0CZipException@@QAE@AAV0@@Z
??0CZipException@@QAE@HPB_W@Z
??0CZipExtraData@@QAE@ABV0@@Z
??0CZipExtraData@@QAE@G@Z
??0CZipExtraData@@QAE@XZ
??0CZipExtraField@@QAE@ABV0@@Z
??0CZipExtraField@@QAE@XZ
??0CZipFile@@QAE@PB_WI@Z
??0CZipFile@@QAE@XZ
??0CZipFileHeader@@IAE@PAVCZipCentralDir@@@Z
??0CZipFileHeader@@QAE@ABV0@@Z
??0CZipFileHeader@@QAE@XZ
??0CZipFindFast@CZipCentralDir@@QAE@PAVCZipFileHeader@@G@Z
??0CZipFindFast@CZipCentralDir@@QAE@XZ
??0CZipMemFile@@QAE@AAV0@@Z
??0CZipMemFile@@QAE@J@Z
??0CZipMemFile@@QAE@PAEIJ@Z
??0CZipPathComponent@@QAE@ABV0@@Z
??0CZipPathComponent@@QAE@PB_W@Z
??0CZipPathComponent@@QAE@XZ
??0CZipRegularSplitNamesHandler@@QAE@ABV0@@Z
??0CZipRegularSplitNamesHandler@@QAE@XZ
??0CZipSegmCallback@@QAE@ABU0@@Z
??0CZipSegmCallback@@QAE@XZ
??0CZipSplitNamesHandler@@QAE@ABV0@@Z
??0CZipSplitNamesHandler@@QAE@XZ
??0CZipStorage@@QAE@XZ
??1?$CMap@HHPAUCOptions@CZipCompressor@@PAU12@@@UAE@XZ
??1?$CMap@W4CallbackType@CZipActionCallback@@W412@PAU2@PAU2@@@UAE@XZ
??1?$CZipMap@HPAUCOptions@CZipCompressor@@@@UAE@XZ
??1?$CZipMap@W4CallbackType@CZipActionCallback@@PAU2@@@UAE@XZ
??1CBaseLibCompressor@ZipArchiveLib@@UAE@XZ
??1CDeflateCompressor@ZipArchiveLib@@UAE@XZ
??1CDirEnumerator@ZipArchiveLib@@UAE@XZ
??1CFileFilter@ZipArchiveLib@@UAE@XZ
??1CGroupFileFilter@ZipArchiveLib@@UAE@XZ
??1CInfo@CZipCentralDir@@QAE@XZ
??1CNameFileFilter@ZipArchiveLib@@UAE@XZ
??1COptions@CBaseLibCompressor@ZipArchiveLib@@UAE@XZ
??1COptions@CDeflateCompressor@ZipArchiveLib@@UAE@XZ
??1COptions@CZipCompressor@@UAE@XZ
??1COptionsMap@CZipCompressor@@UAE@XZ
??1CWildcard@ZipArchiveLib@@UAE@XZ
??1CZipAbstractFile@@UAE@XZ
??1CZipActionCallback@@UAE@XZ
??1CZipAddNewFileInfo@@QAE@XZ
??1CZipArchive@@UAE@XZ
??1CZipAutoBuffer@@UAE@XZ
??1CZipBinSplitNamesHandler@@UAE@XZ
??1CZipCallback@@UAE@XZ
??1CZipCallbackProvider@ZipArchiveLib@@UAE@XZ
??1CZipCentralDir@@UAE@XZ
??1CZipCompressor@@UAE@XZ
??1CZipCrc32Cryptograph@@UAE@XZ
??1CZipCryptograph@@UAE@XZ
??1CZipException@@UAE@XZ
??1CZipExtraData@@QAE@XZ
??1CZipExtraField@@QAE@XZ
??1CZipFile@@UAE@XZ
??1CZipFileHeader@@UAE@XZ
??1CZipMemFile@@UAE@XZ
??1CZipPathComponent@@UAE@XZ
??1CZipRegularSplitNamesHandler@@UAE@XZ
??1CZipSegmCallback@@UAE@XZ
??1CZipSplitNamesHandler@@UAE@XZ
??1CZipStorage@@UAE@XZ
??4CBitFlag@ZipArchiveLib@@QAEAAU01@ABU01@@Z
??4CBytesWriter@ZipArchiveLib@@QAEAAV01@ABV01@@Z
??4CDirEnumerator@ZipArchiveLib@@QAEAAV01@ABV01@@Z
??4CFileFilter@ZipArchiveLib@@QAEAAV01@ABV01@@Z
??4CFileInfo@ZipArchiveLib@@QAEAAU01@ABU01@@Z
??4CInfo@CZipCentralDir@@QAEAAU01@ABU01@@Z
??4CMultiActionsInfo@CZipActionCallback@@QAEAAU01@ABU01@@Z
??4CNameFileFilter@ZipArchiveLib@@QAEAAV01@ABV01@@Z
??4COptions@CBaseLibCompressor@ZipArchiveLib@@QAEAAU012@ABU012@@Z
??4COptions@CDeflateCompressor@ZipArchiveLib@@QAEAAU012@ABU012@@Z
??4COptions@CZipCompressor@@QAEAAU01@ABU01@@Z
??4CWildcard@ZipArchiveLib@@QAEAAV01@ABV01@@Z
??4CZipAbstractFile@@QAEAAV0@ABV0@@Z
??4CZipActionCallback@@QAEAAU0@ABU0@@Z
??4CZipAddNewFileInfo@@QAEAAU0@ABU0@@Z
??4CZipAutoBuffer@@QAEAAV0@ABV0@@Z
??4CZipBinSplitNamesHandler@@QAEAAV0@ABV0@@Z
??4CZipCallback@@QAEAAU0@ABU0@@Z
??4CZipCentralDir@@QAEAAV0@ABV0@@Z
??4CZipCompressor@@QAEAAV0@ABV0@@Z
??4CZipCrc32Cryptograph@@QAEAAV0@ABV0@@Z
??4CZipCryptograph@@QAEAAV0@ABV0@@Z
??4CZipExtraData@@QAEAAV0@ABV0@@Z
??4CZipExtraField@@QAEAAV0@ABV0@@Z
??4CZipFileHeader@@QAEAAV0@ABV0@@Z
??4CZipFindFast@CZipCentralDir@@QAEAAU01@ABU01@@Z
??4CZipPathComponent@@QAEAAV0@ABV0@@Z
??4CZipRegularSplitNamesHandler@@QAEAAV0@ABV0@@Z
??4CZipSegmCallback@@QAEAAU0@ABU0@@Z
??4CZipSplitNamesHandler@@QAEAAV0@ABV0@@Z
??8CBitFlag@ZipArchiveLib@@QAE_NABU01@@Z
??8CBitFlag@ZipArchiveLib@@QAE_NH@Z
??8CZipExtraData@@QAE_NABV0@@Z
??9CZipExtraData@@QAE_NABV0@@Z
??A?$CMap@HHPAUCOptions@CZipCompressor@@PAU12@@@QAEAAPAUCOptions@CZipCompressor@@H@Z
??A?$CMap@W4CallbackType@CZipActionCallback@@W412@PAU2@PAU2@@@QAEAAPAUCZipActionCallback@@W4CallbackType@1@@Z
??ACGroupFileFilter@ZipArchiveLib@@QAEPAVCFileFilter@1@H@Z
??ACGroupFileFilter@ZipArchiveLib@@QBEPBVCFileFilter@1@H@Z
??ACZipArchive@@QAEPAVCZipFileHeader@@G@Z
??ACZipArchive@@QBEPBVCZipFileHeader@@G@Z
??ACZipCentralDir@@QAEPAVCZipFileHeader@@G@Z
??ACZipCentralDir@@QBEPBVCZipFileHeader@@G@Z
??BCBitFlag@ZipArchiveLib@@QBEHXZ
??BCWildcard@ZipArchiveLib@@QAEPB_WXZ
??BCZipAutoBuffer@@QAEPADXZ
??BCZipAutoBuffer@@QBEPBDXZ
??BCZipFile@@QAEPAXXZ
??MCZipExtraData@@QAE_NABV0@@Z
??NCZipExtraData@@QAE_NABV0@@Z
??OCZipExtraData@@QAE_NABV0@@Z
??PCZipExtraData@@QAE_NABV0@@Z
??_7?$CMap@HHPAUCOptions@CZipCompressor@@PAU12@@@6B@
??_7?$CMap@W4CallbackType@CZipActionCallback@@W412@PAU2@PAU2@@@6B@
??_7?$CZipMap@HPAUCOptions@CZipCompressor@@@@6B@
??_7?$CZipMap@W4CallbackType@CZipActionCallback@@PAU2@@@6B@
??_7CBaseLibCompressor@ZipArchiveLib@@6B@
??_7CDeflateCompressor@ZipArchiveLib@@6B@
??_7CDirEnumerator@ZipArchiveLib@@6B@
??_7CFileFilter@ZipArchiveLib@@6B@
??_7CGroupFileFilter@ZipArchiveLib@@6B@
??_7CNameFileFilter@ZipArchiveLib@@6B@
??_7COptions@CBaseLibCompressor@ZipArchiveLib@@6B@
??_7COptions@CDeflateCompressor@ZipArchiveLib@@6B@
??_7COptions@CZipCompressor@@6B@
??_7COptionsMap@CZipCompressor@@6B@
??_7CWildcard@ZipArchiveLib@@6B@
??_7CZipAbstractFile@@6B@
??_7CZipActionCallback@@6B@
??_7CZipArchive@@6B@
??_7CZipAutoBuffer@@6B@
??_7CZipBinSplitNamesHandler@@6B@
??_7CZipCallback@@6B@
??_7CZipCallbackProvider@ZipArchiveLib@@6B@
??_7CZipCentralDir@@6B@
??_7CZipCompressor@@6B@
??_7CZipCrc32Cryptograph@@6B@
??_7CZipCryptograph@@6B@
??_7CZipException@@6B@
??_7CZipFile@@6BCFile@@@
??_7CZipFile@@6BCZipAbstractFile@@@
??_7CZipFileHeader@@6B@
??_7CZipMemFile@@6BCFile@@@
??_7CZipMemFile@@6BCZipAbstractFile@@@
??_7CZipPathComponent@@6B@
??_7CZipRegularSplitNamesHandler@@6B@
??_7CZipSegmCallback@@6B@
??_7CZipSplitNamesHandler@@6B@
??_7CZipStorage@@6B@
??_F?$CMap@HHPAUCOptions@CZipCompressor@@PAU12@@@QAEXXZ
??_F?$CMap@W4CallbackType@CZipActionCallback@@W412@PAU2@PAU2@@@QAEXXZ
??_FCFileFilter@ZipArchiveLib@@QAEXXZ
??_FCGroupFileFilter@ZipArchiveLib@@QAEXXZ
??_FCNameFileFilter@ZipArchiveLib@@QAEXXZ
??_FCZipException@@QAEXXZ
??_FCZipMemFile@@QAEXXZ
?Accept@CFileFilter@ZipArchiveLib@@MAE_NPB_W0ABUCFileInfo@2@@Z
?Accept@CGroupFileFilter@ZipArchiveLib@@MAE_NPB_W0ABUCFileInfo@2@@Z
?Accept@CNameFileFilter@ZipArchiveLib@@MAE_NPB_W0ABUCFileInfo@2@@Z
?Add@CGroupFileFilter@ZipArchiveLib@@QAEXPAVCFileFilter@2@@Z
?Add@CZipExtraField@@QAEHPAVCZipExtraData@@@Z
?AddNewFile@CZipArchive@@QAE_NAAUCZipAddNewFileInfo@@@Z
?AddNewFile@CZipArchive@@QAE_NAAVCZipAbstractFile@@PB_WHHK@Z
?AddNewFile@CZipArchive@@QAE_NPB_W0HHK@Z
?AddNewFile@CZipArchive@@QAE_NPB_WH_NHK@Z
?AddNewFile@CZipCentralDir@@QAEPAVCZipFileHeader@@ABV2@GH_N@Z
?AddNewFiles@CZipArchive@@QAE_NPB_W0_NH1HK@Z
?AddNewFiles@CZipArchive@@QAE_NPB_WAAVCFileFilter@ZipArchiveLib@@_NH2HK@Z
?AddPrefix@CZipPathComponent@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N@Z
?AddPrefix@CZipPathComponent@@SAXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_N@Z
?AdjustLocalComprSize@CZipFileHeader@@IAEXAAK@Z
?AdjustLocalComprSize@CZipFileHeader@@IAEXXZ
?Allocate@CZipAutoBuffer@@QAEPADK_N@Z
?AnsiOem@ZipPlatform@@YAXAAVCZipAutoBuffer@@_N@Z
?AppendSeparator@CZipPathComponent@@SAXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?AppliesToType@CNameFileFilter@ZipArchiveLib@@QAE_NH@Z
?AssureFree@CZipStorage@@QAEKK@Z
?Attach@CZipMemFile@@QAEXPAEIJ@Z
?BuildFindFastArray@CZipCentralDir@@IAEX_N@Z
?CacheSizes@CZipStorage@@AAEXXZ
?CacheStepSize@CZipActionCallback@@IAEXXZ
?CalculateBytesBeforeZip@CInfo@CZipCentralDir@@AAEKXZ
?CallCallback@CZipActionCallback@@MAE_NK@Z
?CallCallback@CZipStorage@@IAEXKHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?CallbackEnd@CZipActionCallback@@UAEXXZ
?CanHandle@CZipCrc32Cryptograph@@UAE_NH@Z
?CanHandle@CZipCryptograph@@UAE_NH@Z
?CanModify@CZipArchive@@QAE_N_N0@Z
?CanProcess@CDeflateCompressor@ZipArchiveLib@@UAE_NG@Z
?Change@CBitFlag@ZipArchiveLib@@QAEXH_N@Z
?ChangeDirectory@ZipPlatform@@YA_NPB_W@Z
?ChangeSpannedRead@CZipStorage@@IAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?ChangeSplitRead@CZipStorage@@IAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?ChangeVolume@CZipStorage@@QAEXG@Z
?ChangeVolume@CZipStorage@@QAEXXZ
?ChangeVolumeDec@CZipStorage@@QAEXXZ
?ChangeWithCheck@CBitFlag@ZipArchiveLib@@QAE_NH_N@Z
?CheckDataDescriptor@CZipFileHeader@@IBE_NPAVCZipStorage@@@Z
?CheckForError@CBaseLibCompressor@ZipArchiveLib@@IAEXH@Z
?CheckIfOK_1@CInfo@CZipCentralDir@@AAE_NXZ
?CheckIfOK_2@CInfo@CZipCentralDir@@AAE_NXZ
?CheckLengths@CZipFileHeader@@IBE_N_N@Z
?Clear@CBitFlag@ZipArchiveLib@@QAEXH@Z
?Clear@CGroupFileFilter@ZipArchiveLib@@QAEXXZ
?Clear@CZipExtraField@@IAEXXZ
?ClearCachedSizes@CZipStorage@@AAEXXZ
?ClearCompressor@CZipArchive@@IAEXXZ
?ClearCryptograph@CZipArchive@@IAEXXZ
?ClearFileName@CZipFileHeader@@AAEXXZ
?ClearFindFastArray@CZipCentralDir@@IAEXXZ
?ClearSplitNames@CZipStorage@@AAEXXZ
?ClearWithCheck@CBitFlag@ZipArchiveLib@@QAE_NH@Z
?Clone@COptions@CDeflateCompressor@ZipArchiveLib@@UBEPAU1CZipCompressor@@XZ
?Close@CZipArchive@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H_N@Z
?Close@CZipCentralDir@@QAEXXZ
?Close@CZipFile@@UAEXXZ
?Close@CZipMemFile@@UAEXXZ
?Close@CZipStorage@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_N0@Z
?CloseFile@CZipArchive@@QAEHAAVCZipFile@@@Z
?CloseFile@CZipArchive@@QAEHPB_W_N@Z
?CloseFile@CZipCentralDir@@QAEX_N@Z
?CloseNewFile@CZipArchive@@QAE_N_N@Z
?CloseNewFile@CZipCentralDir@@QAEXXZ
?Combine@CZipPathComponent@@SAXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@Z
?CommitChanges@CZipArchive@@QAE_NXZ
?CompareElement@CZipCentralDir@@IBEHPB_WG@Z
?CompareFindFastCollate@CZipCentralDir@@KAHPBX0@Z
?CompareFindFastCollateNoCase@CZipCentralDir@@KAHPBX0@Z
?CompareHeaders@CZipCentralDir@@KAHPBX0@Z
?Compress@CDeflateCompressor@ZipArchiveLib@@UAEXPBXK@Z
?CompressionEfficient@CZipFileHeader@@QAE_NXZ
?ConvertBufferToString@ZipCompatibility@@YAXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABVCZipAutoBuffer@@I@Z
?ConvertComment@CZipFileHeader@@ABEXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ConvertComment@CZipFileHeader@@ABEXAAVCZipAutoBuffer@@@Z
?ConvertFileName@CZipFileHeader@@ABEXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?ConvertFileName@CZipFileHeader@@ABEXAAVCZipAutoBuffer@@@Z
?ConvertInternalError@CDeflateCompressor@ZipArchiveLib@@MBEHH@Z
?ConvertInternalError@CZipCompressor@@MBEHH@Z
?ConvertStringToBuffer@ZipCompatibility@@YAXPB_WAAVCZipAutoBuffer@@I@Z
?ConvertToSystem@ZipCompatibility@@YAKKHH@Z
?Copy@CZipMemFile@@QAEXAAV1@@Z
?CreateCompressor@CZipArchive@@MAEXG@Z
?CreateCompressor@CZipCompressor@@SAPAV1@GPAVCZipStorage@@@Z
?CreateCryptograph@CZipArchive@@MAEXH@Z
?CreateCryptograph@CZipCryptograph@@SAPAV1@H@Z
?CreateNew@CZipExtraField@@QAEPAVCZipExtraData@@G@Z
?CreateNew@CZipExtraField@@QAEPAVCZipExtraData@@GAAH@Z
?CreateNewDirectory@ZipPlatform@@YA_NPB_W@Z
?CreateSharedData@CZipCentralDir@@IAEXXZ
?CryptCRC32@CZipCrc32Cryptograph@@AAEKKD@Z
?CryptDecode@CZipCrc32Cryptograph@@AAEXAAD@Z
?CryptDecryptByte@CZipCrc32Cryptograph@@AAEDXZ
?CryptEncode@CZipCrc32Cryptograph@@AAEXAAD@Z
?CryptInitKeys@CZipCrc32Cryptograph@@AAEXAAVCZipAutoBuffer@@@Z
?CryptUpdateKeys@CZipCrc32Cryptograph@@AAEXD@Z
?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ
?Decode@CZipCrc32Cryptograph@@UAEXPADK@Z
?Decompress@CDeflateCompressor@ZipArchiveLib@@UAEKPAXK@Z
?Defaults@CZipAddNewFileInfo@@QAEXXZ
?DestroySharedData@CZipCentralDir@@IAEXXZ
?Detach@CZipMemFile@@QAEPAEXZ
?EmptyPtrList@CBaseLibCompressor@ZipArchiveLib@@IAEXXZ
?EmptyWriteBuffer@CZipStorage@@IAEXXZ
?EnableFindFast@CZipArchive@@QAEX_N@Z
?EnableFindFast@CZipCentralDir@@QAEX_N0@Z
?Encode@CZipCrc32Cryptograph@@UAEXPADK@Z
?EncryptAllFiles@CZipArchive@@QAE_NXZ
?EncryptFileW@CZipArchive@@QAE_NG@Z
?EncryptFiles@CZipArchive@@QAE_NAAV?$CZipArray@G@@@Z
?EncryptFilesInternal@CZipArchive@@IAE_NPAV?$CZipArray@G@@@Z
?EnsureSplitNames@CZipStorage@@AAEXXZ
?EnterDirectory@CDirEnumerator@ZipArchiveLib@@MAEXXZ
?Evaluate@CFileFilter@ZipArchiveLib@@QAE_NPB_W0ABUCFileInfo@2@@Z
?ExitDirectory@CDirEnumerator@ZipArchiveLib@@MAEXXZ
?ExtractFile@CZipArchive@@QAE_NGAAVCZipAbstractFile@@_NK@Z
?ExtractFile@CZipArchive@@QAE_NGPB_W_N0W4DeleteFileMode@ZipPlatform@@K@Z
?FileExists@ZipPlatform@@YAHPB_W@Z
?FillBuffer@CZipCompressor@@IAEKXZ
?Finalize@CZipArchive@@QAE_N_N@Z
?FinalizeSegm@CZipStorage@@QAEXXZ
?FindFile@CZipArchive@@QAEGPB_WH_N@Z
?FindFile@CZipCentralDir@@QAEGPB_W_N11@Z
?FindFileNameIndex@CZipCentralDir@@QBEGPB_W@Z
?FindMatches@CZipArchive@@QAEXPB_WAAV?$CZipArray@G@@_N@Z
?FinishCompression@CDeflateCompressor@ZipArchiveLib@@UAEX_N@Z
?FinishCompression@CZipCompressor@@UAEX_N@Z
?FinishDecode@CZipCryptograph@@UAEXAAVCZipFileHeader@@AAVCZipStorage@@@Z
?FinishDecompression@CDeflateCompressor@ZipArchiveLib@@UAEX_N@Z
?FinishDecompression@CZipCompressor@@UAEX_N@Z
?FinishEncode@CZipCryptograph@@UAEXAAVCZipFileHeader@@AAVCZipStorage@@@Z
?Flush@CZipFile@@UAEXXZ
?Flush@CZipMemFile@@UAEXXZ
?Flush@CZipStorage@@QAEXXZ
?FlushBuffers@CZipArchive@@QAEXXZ
?FlushBuffers@CZipStorage@@QAEXXZ
?FlushFile@CZipStorage@@QAEXXZ
?FlushWriteBuffer@CZipCompressor@@IAEXXZ
?ForceDirectory@ZipPlatform@@YA_NPB_W@Z
?Free@CZipMemFile@@IAEXXZ
?FreeAssoc@?$CMap@HHPAUCOptions@CZipCompressor@@PAU12@@@IAEXPAVCAssoc@1@@Z
?FreeAssoc@?$CMap@W4CallbackType@CZipActionCallback@@W412@PAU2@PAU2@@@IAEXPAVCAssoc@1@@Z
?Get@COptionsMap@CZipCompressor@@QBEPAUCOptions@2@H@Z
?Get@CZipCallbackProvider@ZipArchiveLib@@QAEPAUCZipActionCallback@@W4CallbackType@3@@Z
?GetAdvanced@CZipArchive@@QAEXPAH00@Z
?GetAppliesToTypes@CNameFileFilter@ZipArchiveLib@@QAEHXZ
?GetArchive@CZipCentralDir@@QAEPAVCZipArchive@@XZ
?GetArchivePath@CZipArchive@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetAsInternalAttributes@ZipCompatibility@@YAKKH@Z
?GetAssocAt@?$CMap@HHPAUCOptions@CZipCompressor@@PAU12@@@IBEPAVCAssoc@1@HAAI0@Z
?GetAssocAt@?$CMap@W4CallbackType@CZipActionCallback@@W412@PAU2@PAU2@@@IBEPAVCAssoc@1@W4CallbackType@CZipActionCallback@@AAI1@Z
?GetAt@CGroupFileFilter@ZipArchiveLib@@QAEPAVCFileFilter@2@H@Z
?GetAt@CGroupFileFilter@ZipArchiveLib@@QBEPBVCFileFilter@2@H@Z
?GetAt@CZipExtraField@@QBEPAVCZipExtraData@@H@Z
?GetAutoFinalize@CZipArchive@@QBE_NXZ
?GetBuffer@CZipAutoBuffer@@QBEPBDXZ
?GetBytesBeforeZip@CZipArchive@@QBEKXZ
?GetCRCTable@CZipCrc32Cryptograph@@SAPBKXZ
?GetCZipStrCompFunc@@YAP8?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@BEHPB_W@Z_N1@Z
?GetCachedSize@CZipStorage@@AAE_KG@Z
?GetCallback@CZipArchive@@QAEPAUCZipActionCallback@@W4CallbackType@2@@Z
?GetCaseSensitivity@CZipArchive@@QBE_NXZ
?GetCentralDirInfo@CZipArchive@@QBEXAAUCInfo@CZipCentralDir@@@Z
?GetCentralDirSize@CZipArchive@@QBEK_N@Z
?GetComment@CZipCentralDir@@QBEXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetComment@CZipFileHeader@@QAEABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_N@Z
?GetCommitMode@CZipArchive@@QBEHXZ
?GetCompressionLevel@CZipFileHeader@@QBEHXZ
?GetCompressionMethod@CZipArchive@@QBEGXZ
?GetCompressionRatio@CZipFileHeader@@QAEMXZ
?GetCount@?$CMap@HHPAUCOptions@CZipCompressor@@PAU12@@@QBEHXZ
?GetCount@?$CMap@W4CallbackType@CZipActionCallback@@W412@PAU2@PAU2@@@QBEHXZ
?GetCount@CZipArchive@@QAEG_N@Z
?GetCount@CZipArchive@@QBEGXZ
?GetCount@CZipCentralDir@@QBEHXZ
?GetCount@CZipExtraField@@QBEHXZ
?GetCrcAndSizes@CZipFileHeader@@ABEXPAD@Z
?GetCurrentCompressor@CZipArchive@@QBEPBVCZipCompressor@@XZ
?GetCurrentDirectoryW@CDirEnumerator@ZipArchiveLib@@QBEPB_WXZ
?GetCurrentDirectoryW@ZipPlatform@@YA_NAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetCurrentVolume@CZipArchive@@QBEGXZ
?GetCurrentVolume@CZipStorage@@QBEGXZ
?GetDataDescriptorSize@CZipFileHeader@@QBEGPBVCZipStorage@@@Z
?GetDataDescriptorSize@CZipFileHeader@@QBEG_N@Z
?GetDataSize@CZipFileHeader@@QBEK_N@Z
?GetDefaultAttributes@ZipPlatform@@YAKXZ
?GetDefaultCommentCodePage@CZipFileHeader@@ABEIXZ
?GetDefaultCommentCodePage@ZipCompatibility@@YAIH@Z
?GetDefaultCommentCodePage@ZipCompatibility@@YAIXZ
?GetDefaultDirAttributes@ZipPlatform@@YAKXZ
?GetDefaultFileNameCodePage@CZipFileHeader@@ABEIXZ
?GetDefaultNameCodePage@ZipCompatibility@@YAIH@Z
?GetDefaultNameCodePage@ZipCompatibility@@YAIXZ
?GetDefaultPasswordCodePage@ZipCompatibility@@YAIH@Z
?GetDeviceFreeSpace@ZipPlatform@@YA_KPB_W@Z
?GetDirectory@CDirEnumerator@ZipArchiveLib@@QBEPB_WXZ
?GetEncryptedInfoSize@CZipCryptograph@@SAKH@Z
?GetEncryptedInfoSize@CZipFileHeader@@QBEKXZ
?GetEncryptedInfoSizeAfterData@CZipCrc32Cryptograph@@SAKXZ
?GetEncryptedInfoSizeAfterData@CZipCryptograph@@SAKH@Z
?GetEncryptedInfoSizeBeforeData@CZipCrc32Cryptograph@@SAKXZ
?GetEncryptedInfoSizeBeforeData@CZipCryptograph@@SAKH@Z
?GetEncryptionMethod@CZipArchive@@QBEHXZ
?GetEncryptionMethod@CZipFileHeader@@QBEHXZ
?GetErrorDescription@CZipException@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetErrorMessage@CZipException@@UAEHPA_WIPAI@Z
?GetFileAttr@ZipPlatform@@YA_NPB_WAAK@Z
?GetFileDrive@CZipPathComponent@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetFileExt@CZipPathComponent@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetFileInfo@CZipArchive@@QAEPAVCZipFileHeader@@G@Z
?GetFileInfo@CZipArchive@@QBEPBVCZipFileHeader@@G@Z
?GetFileInfo@CZipArchive@@QBE_NAAVCZipFileHeader@@G@Z
?GetFileModTime@ZipPlatform@@YA_NPB_WAA_J@Z
?GetFileName@CZipFileHeader@@QAEABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_N@Z
?GetFileName@CZipPathComponent@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetFilePath@CZipFile@@UBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetFilePath@CZipMemFile@@UBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetFilePath@CZipPathComponent@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetFileSize@ZipPlatform@@YA_NPB_WAAK@Z
?GetFileTitle@CZipPathComponent@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetFindFastIndex@CZipArchive@@QBEGG@Z
?GetFindFastIndex@CZipCentralDir@@QBEGG@Z
?GetFreeInBuffer@CZipStorage@@IBEKXZ
?GetFreeVolumeSpace@CZipStorage@@IBEKXZ
?GetFromArchive@CZipArchive@@AAE_NAAV1@GPB_WG_NPAUCZipActionCallback@@@Z
?GetFromArchive@CZipArchive@@QAE_NAAV1@AAV?$CZipArray@G@@_N@Z
?GetFromArchive@CZipArchive@@QAE_NAAV1@AAVCStringArray@@_N@Z
?GetFromArchive@CZipArchive@@QAE_NAAV1@GPB_WG_N@Z
?GetFullPath@CZipPathComponent@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetGlobalComment@CZipArchive@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetHashTableSize@?$CMap@HHPAUCOptions@CZipCompressor@@PAU12@@@QBEIXZ
?GetHashTableSize@?$CMap@W4CallbackType@CZipActionCallback@@W412@PAU2@PAU2@@@QBEIXZ
?GetHeaderID@CZipExtraData@@QBEGXZ
?GetIgnoredConsistencyChecks@CZipArchive@@QBEHXZ
?GetIndexes@CZipArchive@@QAEXABVCStringArray@@AAV?$CZipArray@G@@@Z
?GetInfo@CZipCentralDir@@QBEXAAUCInfo@1@@Z
?GetInternalErrorDescription@CZipException@@IAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H_N@Z
?GetLastDataOffset@CZipStorage@@IAEKXZ
?GetLastIndexAdded@CZipArchive@@QBEGXZ
?GetLastIndexAdded@CZipCentralDir@@QBEGXZ
?GetLength@CZipFile@@UBE_KXZ
?GetLength@CZipMemFile@@UBE_KXZ
?GetLocalSize@CZipFileHeader@@QBEK_N@Z
?GetMultiActionsInfo@CZipActionCallback@@QAEPAUCMultiActionsInfo@1@XZ
?GetNextAssoc@?$CMap@HHPAUCOptions@CZipCompressor@@PAU12@@@QBEXAAPAU__POSITION@@AAHAAPAUCOptions@CZipCompressor@@@Z
?GetNextAssoc@?$CMap@W4CallbackType@CZipActionCallback@@W412@PAU2@PAU2@@@QBEXAAPAU__POSITION@@AAW4CallbackType@CZipActionCallback@@AAPAU4@@Z
?GetNoDrive@CZipPathComponent@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetOccupiedSpace@CZipArchive@@QBEKXZ
?GetOccupiedSpace@CZipStorage@@QBEKXZ
?GetOptions@CDeflateCompressor@ZipArchiveLib@@UBEPBUCOptions@CZipCompressor@@XZ
?GetOptions@CZipCompressor@@UBEPBUCOptions@1@XZ
?GetOriginalAttributes@CZipFileHeader@@QBEKXZ
?GetPassword@CZipArchive@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetPosition@CZipFile@@UBE_KXZ
?GetPosition@CZipMemFile@@UBE_KXZ
?GetPosition@CZipStorage@@QBEKXZ
?GetRootPath@CZipArchive@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetRuntimeClass@CZipException@@UBEPAUCRuntimeClass@@XZ
?GetRuntimeClass@CZipFile@@UBEPAUCRuntimeClass@@XZ
?GetRuntimeClass@CZipMemFile@@UBEPAUCRuntimeClass@@XZ
?GetSize@?$CMap@HHPAUCOptions@CZipCompressor@@PAU12@@@QBEHXZ
?GetSize@?$CMap@W4CallbackType@CZipActionCallback@@W412@PAU2@PAU2@@@QBEHXZ
?GetSize@CGroupFileFilter@ZipArchiveLib@@QAEHXZ
?GetSize@CZipAutoBuffer@@QBEKXZ
?GetSize@CZipCentralDir@@QBEK_N@Z
?GetSize@CZipFileHeader@@QBEKXZ
?GetSpecialFlags@CZipArchive@@QBEHXZ
?GetSplitNamesHandler@CZipStorage@@QAEPAVCZipSplitNamesHandler@@XZ
?GetSplitNamesHandler@CZipStorage@@QBEPBVCZipSplitNamesHandler@@XZ
?GetSplitVolumeName@CZipStorage@@AAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@_N@Z
?GetStartPosition@?$CMap@HHPAUCOptions@CZipCompressor@@PAU12@@@QBEPAU__POSITION@@XZ
?GetStartPosition@?$CMap@W4CallbackType@CZipActionCallback@@W412@PAU2@PAU2@@@QBEPAU__POSITION@@XZ
?GetState@CZipFileHeader@@QBEABUCBitFlag@ZipArchiveLib@@XZ
?GetState@CZipStorage@@QAEAAUCBitFlag@ZipArchiveLib@@XZ
?GetStepSize@CZipActionCallback@@UAEHXZ
?GetStorage@CZipArchive@@QAEPAVCZipStorage@@XZ
?GetStorage@CZipCentralDir@@QAEPAVCZipStorage@@XZ
?GetSystemAttr@CZipFileHeader@@QAEKXZ
?GetSystemCaseSensitivity@ZipPlatform@@YA_NXZ
?GetSystemCompatibility@CZipArchive@@QBEHXZ
?GetSystemCompatibility@CZipFileHeader@@QBEHXZ
?GetSystemErrorDescription@CZipException@@IAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetSystemID@ZipPlatform@@YAHXZ

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.ini
crashrpt_lang.ini
data/data.cal
data/lunar.db
dbghelp.dll
.dll windows:6 windows x86 arch:x86

3f5a00ef2a36f3cd8924690a5a1d6f3c

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:0b:43:d4:e3:19:e5:49:2f:7f:57:6d:91:1f:0b:80
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

12/04/2011, 00:00

Not After

11/04/2014, 23:59

Subject

CN=北京问日科技有限公司,OU=WoSign Class 3 Code Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

bf:18:b5:d8:36:d5:03:90:4b:8d:d1:1f:b3:91:e5:ba:23:df:bc:92
Signer

Actual PE Digest

bf:18:b5:d8:36:d5:03:90:4b:8d:d1:1f:b3:91:e5:ba:23:df:bc:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
??3@YAXPAX@Z
_fileno
_read
__pioinfo
__badioinfo
ferror
wctomb
_snprintf
isleadbyte
mbtowc
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_amsg_exit
_initterm
_XcptFilter
memmove
_iob
__mb_cur_max
strchr
_vsnwprintf
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
time
_wctime
_ltoa
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
_strlwr
free
wcsrchr
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??2@YAPAXI@Z
iswprint
atol
fclose
__unDName
iswdigit
_CxxThrowException
bsearch
_wfsopen
fread
fseek
wcstol
_wfullpath
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
_wsopen

kernel32

HeapReAlloc
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageW
DelayLoadFailureHook
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
GetVersion
GetSystemInfo
LoadLibraryExA
InterlockedCompareExchange
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
DuplicateHandle
VirtualAlloc
VirtualProtect
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
SetFilePointer
IsDBCSLeadByte
HeapFree
HeapAlloc
GetVersionExA
InitializeCriticalSection
HeapCreate
HeapDestroy
FindClose
LocalAlloc
SetLastError
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
FreeLibrary
LoadLibraryA
TlsAlloc
TlsFree
DeleteCriticalSection
FlushViewOfFile

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 979KB - Virtual size: 979KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
desktop.dll
.dll windows:5 windows x86 arch:x86

f7ab662f15f895a6b7f61ff13843ec5c

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:0b:43:d4:e3:19:e5:49:2f:7f:57:6d:91:1f:0b:80
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

12/04/2011, 00:00

Not After

11/04/2014, 23:59

Subject

CN=北京问日科技有限公司,OU=WoSign Class 3 Code Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3c:e4:9f:43:1c:f9:0d:36:e7:59:a5:88:5a:42:a7:10:7d:8a:90:37
Signer

Actual PE Digest

3c:e4:9f:43:1c:f9:0d:36:e7:59:a5:88:5a:42:a7:10:7d:8a:90:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\实习\SVN\trunk\testMFC\desktop\Release\desktop.pdb

Imports

user32

UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
CallNextHookEx
FindWindowW
PostMessageW

msvcr90

_amsg_exit
_adjust_fdiv
_initterm_e
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
__CppXcptFilter

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
SetUnhandledExceptionFilter

Exports

Exports

HookEnd
HookStart

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sqlite3.dll
.dll windows:4 windows x86 arch:x86

e2d500e2f3fcb36b5a74e547ae1102b6

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8c:0b:43:d4:e3:19:e5:49:2f:7f:57:6d:91:1f:0b:80
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

12/04/2011, 00:00

Not After

11/04/2014, 23:59

Subject

CN=北京问日科技有限公司,OU=WoSign Class 3 Code Signing,O=北京问日科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

16:ea:77:e6:46:9b:2f:db:36:fd:13:58:93:23:c7:9c:c8:fc:ab:f9
Signer

Actual PE Digest

16:ea:77:e6:46:9b:2f:db:36:fd:13:58:93:23:c7:9c:c8:fc:ab:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile

msvcrt

atoi
free
isalnum
isspace
localtime
malloc
memcpy
memmove
memset
qsort
realloc
strcmp
strncmp
tolower

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 720B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

1695812a40d1f74437cdc1e9322467ad

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

8c:0b:43:d4:e3:19:e5:49:2f:7f:57:6d:91:1f:0b:80Certificate

Extended Key Usages

Key Usages

ad:63:1d:8e:9f:0a:ed:c3:4b:d0:12:c1:8a:17:7a:29:1e:5b:51:55Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 452KB

.ndata Size: - Virtual size: 644KB

.rsrc Size: 31KB - Virtual size: 31KB

.reloc Size: 4KB - Virtual size: 3KB

e26d7460d0c04056b9226a899477ba4d

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 1KB

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

b1d9539c7cfd95718179dedb471b482f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

8c:0b:43:d4:e3:19:e5:49:2f:7f:57:6d:91:1f:0b:80
Certificate

ad:63:1d:8e:9f:0a:ed:c3:4b:d0:12:c1:8a:17:7a:29:1e:5b:51:55
Signer

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 452KB

.ndata
Size: - Virtual size: 644KB

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 1024B - Virtual size: 955B

.data
Size: 5KB - Virtual size: 5KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 2KB - Virtual size: 1KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:b2:9b:00:00:00:00:00:15
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

d0:b8:36:c9:ae:3b:cb:20:6d:59:26:4f:5f:9c:95:6f:4b:15:75:3a
Signer

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 68KB

.rsrc
Size: 4.2MB - Virtual size: 5KB