b1603897d7ac9b5a56a75bed0d531569_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1603897d7ac9b5a56a75bed0d531569_JaffaCakes118
Size

2.0MB
MD5

b1603897d7ac9b5a56a75bed0d531569
SHA1

1a4647f17ef299dadde9b619584ae5533c1a51d0
SHA256

c2f6a4fb68cae66c358f63688af05ff971dce9c79a0a6c159bc907bccd2a6326
SHA512

d137ce2096fdcc80517a385b9ab413078d0ac32f9bb9bc712455dfdfe524a541bffd6c9930a983a8badedb1a2b0aabc7f27e24e8a35dc2807091073603365c25
SSDEEP

49152:0F83psumsSVdMFTIyJf6tTjBUDWAzQ0Mhm17TJ9s3h:1PPIyJcBI0E1PC

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/$PROGRAMFILES/Mozilla Firefox/plugins/npdnu.dll
unpack002/$PROGRAMFILES/Mozilla Firefox/plugins/npdnupdater2.dll
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/xml.dll
unpack003/$R5/$R0
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/xml.dll

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/$PLUGINSDIR/dnupdatersetup.exe	nsis_installer_1
static1/unpack001/$PLUGINSDIR/mapquest_toolbar_ie.exe	nsis_installer_1

Files

b1603897d7ac9b5a56a75bed0d531569_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c47392731eda8da323cadbd08e81dbff

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:df:a2:50:00:b6:ed:97:63:bf:ec:89:ab:3f:51:3c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/12/2009, 00:00

Not After

25/07/2012, 23:59

Subject

CN=AOL Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AOL Inc.,L=Dulles,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:97:d9:30:52:2a:92:2d:1d:43:77:ae:b7:83:37:c8:32:38:03:da
Signer

Actual PE Digest

38:97:d9:30:52:2a:92:2d:1d:43:77:ae:b7:83:37:c8:32:38:03:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ToolbarDetector.dll
.dll windows:5 windows x86 arch:x86

8c39145cf6479a9d8fb641b621682fa7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:df:a2:50:00:b6:ed:97:63:bf:ec:89:ab:3f:51:3c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/12/2009, 00:00

Not After

25/07/2012, 23:59

Subject

CN=AOL Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AOL Inc.,L=Dulles,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:b1:a7:6d:00:da:e2:62:70:d1:53:db:22:f2:95:41:2f:47:01:e1
Signer

Actual PE Digest

ff:b1:a7:6d:00:da:e2:62:70:d1:53:db:22:f2:95:41:2f:47:01:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cm\build\public\ToolbarDetector.1.4\toolbar\installer\plugins\ToolbarDetector\Release\ToolbarDetector.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

MultiByteToWideChar
lstrlenA
CloseHandle
Process32NextW
GetLastError
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpiW
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
DeleteFileW
lstrlenW
InterlockedIncrement
lstrcpyA
GlobalFree
GlobalAlloc
lstrcpynA
lstrcmpA
WideCharToMultiByte
FreeResource
SetFilePointer
WriteFile
GetTickCount
CompareStringW
CompareStringA
FlushFileBuffers
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
SetEnvironmentVariableA
WriteConsoleA
SetStdHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetCurrentProcessId
GetConsoleMode
GetConsoleCP
LoadLibraryA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LocalFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
RtlUnwind
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter

user32

wsprintfW

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumValueW

shell32

SHGetFolderPathW

ole32

OleRun
CoCreateInstance

oleaut32

SysStringLen
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysStringByteLen
SysAllocString
SysFreeString
GetErrorInfo
SysAllocStringByteLen

shlwapi

ord487
PathFileExistsW
PathIsDirectoryW

Exports

Exports

?EnableToolbars@@YAXPAUHWND__@@HPADPAPAU_stack_t@@@Z
DisableToolbars
GetToolbarXML

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

2457671c10c5aa708d9619798ec0139c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SetLastError
CloseHandle
GlobalFree
LocalFree
FormatMessageA
MultiByteToWideChar
GetLastError
CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
LoadLibraryA
lstrcatA
GetProcAddress
lstrcpynA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiA
lstrcpyA
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
Sleep
CreateThread
GetStartupInfoA
GetCommandLineA
GetPrivateProfileIntA
GetPrivateProfileStringA
FreeLibrary
GetModuleHandleA

user32

EnableWindow
GetWindowLongA
DestroyWindow
LoadImageA
SetWindowLongA
EndDialog
MessageBoxA
SendMessageW
DialogBoxParamA
CharNextA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
ShowWindow
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
SetWindowTextA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/dnupdatersetup.exe
.exe windows:4 windows x86 arch:x86

c47392731eda8da323cadbd08e81dbff

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:2c:1d:f2
Certificate

Issuer

CN=AOL Member CA,O=America Online Inc.,L=Dulles,ST=Virginia,C=US

Not Before

10/06/2008, 20:22

Not After

10/06/2010, 20:22

Subject

CN=AOL LLC,OU=AOL LLC,O=AOL LLC,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US

Not Before

04/06/2004, 17:26

Not After

04/06/2029, 17:26

Subject

CN=AOL Member CA,O=America Online Inc.,L=Dulles,ST=Virginia,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:c8:11:73:00:d0:1d:6e:74:00:b4:86:91:bf:bc:3d:3d:dc:94:4d
Signer

Actual PE Digest

9a:c8:11:73:00:d0:1d:6e:74:00:b4:86:91:bf:bc:3d:3d:dc:94:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$COMMONFILES/Software Update Utility/$COMMONFILES/Software Update Utility/uninstall.exe.nsis
$COMMONFILES/Software Update Utility/dnu.exe
.exe windows:4 windows x86 arch:x86

ab024b7bd0a09f00e35c0fd48824d647

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:2c:1d:f2
Certificate

Issuer

CN=AOL Member CA,O=America Online Inc.,L=Dulles,ST=Virginia,C=US

Not Before

10/06/2008, 20:22

Not After

10/06/2010, 20:22

Subject

CN=AOL LLC,OU=AOL LLC,O=AOL LLC,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US

Not Before

04/06/2004, 17:26

Not After

04/06/2029, 17:26

Subject

CN=AOL Member CA,O=America Online Inc.,L=Dulles,ST=Virginia,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:27:f3:e4:0a:b1:02:a6:86:1b:7b:ea:34:44:21:74:1f:4c:d4:54
Signer

Actual PE Digest

c8:27:f3:e4:0a:b1:02:a6:86:1b:7b:ea:34:44:21:74:1f:4c:d4:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\cm\build\public\dnUpdater_07072009_3\downloadUpdater\Release\dnUpdater.pdb

Imports

wininet

InternetConnectW
InternetOpenW
InternetReadFileExA
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetCrackUrlW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetCanonicalizeUrlW
HttpQueryInfoW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
lstrlenW
lstrcpyW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
MultiByteToWideChar
lstrcpynW
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
WaitForSingleObject
Sleep
CreateThread
CreateEventW
lstrcatW
GetCurrentThreadId
SetEvent
GetCommandLineW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetLocalTime
FormatMessageW
GetProcAddress
LoadLibraryW
OpenProcess
GetCurrentProcessId
LoadLibraryA
FindFirstFileW
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileW
LockResource
LocalFree
OutputDebugStringW
WideCharToMultiByte
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
FlushFileBuffers
HeapSize
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
VirtualQuery
SetUnhandledExceptionFilter
GetModuleFileNameA
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualAlloc
GetFileType
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoW
GetSystemTimeAsFileTime
TerminateProcess
GetModuleHandleA
GetFileAttributesW
HeapReAlloc
RtlUnwind
ExitProcess
GetVersionExA
GetStartupInfoA
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
SetEndOfFile
GetPrivateProfileStringW
IsBadReadPtr
IsBadCodePtr
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP

user32

IsWindow
RegisterClassW
LoadBitmapW
UpdateWindow
BeginPaint
EndPaint
SystemParametersInfoW
PostQuitMessage
ShowWindow
SetWindowPos
PostMessageW
MessageBoxW
PeekMessageW
IsWindowUnicode
GetMessageA
DispatchMessageA
GetDesktopWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
wsprintfW
GetClassInfoExW
PostThreadMessageW
GetMessageW
DispatchMessageW
TranslateMessage
CharUpperW
CallWindowProcW
GetWindowLongW
DefWindowProcW
SetWindowLongW
UnregisterClassW
CharNextW
GetClientRect
MsgWaitForMultipleObjects

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance
CLSIDFromProgID

oleaut32

SysAllocString
VarBstrCmp
SysStringByteLen
SysFreeString
SysAllocStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantClear
DispCallFunc
VariantInit
SysAllocStringByteLen
UnRegisterTypeLi
RegisterTypeLi

shlwapi

PathFindExtensionW

psapi

EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Mozilla Firefox/plugins/npdnu.dll
.dll windows:4 windows x86 arch:x86

e8db3094acef5bcc16fbc67c83a79728

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dnUpdater\npdnu\Release\npdnu.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

user32

SetWindowLongA
BeginPaint
EndPaint
DefWindowProcA

kernel32

GetFileType
CloseHandle
GetSystemInfo
VirtualProtect
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
InitializeCriticalSection
InterlockedExchange
VirtualQuery
SetFilePointer
LoadLibraryA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
FlushFileBuffers

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Mozilla Firefox/plugins/npdnu.xpt
$PROGRAMFILES/Mozilla Firefox/plugins/npdnupdater2.dll
.dll windows:4 windows x86 arch:x86

996628b89af7b00fec75ba717a2b85ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\downloadUpdater\npdnupdater2\Release\npdnupdater2.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA

kernel32

TerminateProcess
CloseHandle
GetSystemInfo
VirtualProtect
CreateProcessA
GetLastError
FlushFileBuffers
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
ExitProcess
HeapFree
HeapAlloc
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
SetFilePointer
LoadLibraryA
InterlockedExchange
VirtualQuery
InitializeCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar

user32

SetWindowLongA
BeginPaint
EndPaint
DefWindowProcA

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Mozilla Firefox/plugins/npdnupdater2.xpt
$PLUGINSDIR/dual.ini
$PLUGINSDIR/eula.rtf
.rtf
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/mapquest_toolbar_ie.exe
.exe windows:4 windows x86 arch:x86

c47392731eda8da323cadbd08e81dbff

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:df:a2:50:00:b6:ed:97:63:bf:ec:89:ab:3f:51:3c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/12/2009, 00:00

Not After

25/07/2012, 23:59

Subject

CN=AOL Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AOL Inc.,L=Dulles,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:2e:28:dc:1b:73:8e:cb:ad:c3:5e:16:64:fa:48:56:be:6d:0e:c9
Signer

Actual PE Digest

be:2e:28:dc:1b:73:8e:cb:ad:c3:5e:16:64:fa:48:56:be:6d:0e:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/dual.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/xml.dll
.dll windows:4 windows x86 arch:x86

b5ed5b3a951d4443ce56e5453702d536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpynA
lstrcmpA
lstrcmpiA
lstrcpyA
RtlUnwind
GetModuleFileNameA
RaiseException
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
LoadLibraryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
GetLocaleInfoA
InterlockedExchange
SetEndOfFile

Exports

Exports

_CloneNode
_Coordinate
_CreateNode
_CreateText
_CurrentAttribute
_DeclarationEncoding
_DeclarationStandalone
_DeclarationVersion
_ElementPath
_FindCloseElement
_FindNextElement
_FirstAttribute
_FirstChild
_FirstChildElement
_FreeNode
_GetAttribute
_GetNodeValue
_GetText
_GotoHandle
_GotoPath
_InsertAfterNode
_InsertBeforeNode
_InsertEndChild
_IsCDATA
_LastAttribute
_LastChild
_LoadFile
_NextAttribute
_NextSibling
_NextSiblingElement
_NoChildren
_NodeHandle
_NodeType
_Parent
_PreviousAttribute
_PreviousSibling
_RemoveAllChild
_RemoveAttribute
_RemoveNode
_ReplaceNode
_RootElement
_SaveFile
_SetAttribute
_SetAttributeName
_SetAttributeValue
_SetCDATA
_SetCondenseWhiteSpace
_SetEncoding
_SetNodeValue
_SetText
_Unload
_XPathAttribute
_XPathNode
_XPathString

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R5/$R0
.dll windows:4 windows x86 arch:x86

114d225166e9f7ba6ffd307ffc63b4cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\cm\build\public\cool_win32_x86_4_6_1b\cool\dist\Win32\release\xprt5.pdb

Imports

msvcrt

_adjust_fdiv
setlocale
_beginthreadex
_vsnwprintf
_vsnprintf
atof
atoi
mktime
gmtime
localtime
srand
malloc
realloc
free
_purecall
time
wcslen
rand
towupper
wcsftime
wcstoul
toupper
strftime
strtoul
strtok
strtol
strstr
strrchr
strchr
_strnicmp
_stricmp
strncmp
sscanf
memchr
iswalpha
iswalnum
isspace
isdigit
isalpha
isalnum
memset
memcmp
strcmp
abs
exp
log
pow
_wcsnicmp
wcsncmp
iswdigit
memmove
iswspace
memcpy
wcsstr
strlen
_wcsrev
_wcslwr
_wcsupr
tolower
towlower
_wcsicmp
wcscmp
wcschr
wcspbrk
wcsrchr
_fdopen
fprintf
clearerr
strerror
strcpy
strcat
fputc
fflush
_errno
fclose
fseek
ftell
fwrite
wcstod
wcstol
_initterm
fread
fopen
sprintf

kernel32

ExitProcess
GetSystemTimeAsFileTime
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
GetCurrentThreadId
GetExitCodeThread
ResumeThread
GetVersionExA
GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
SetEvent
WaitForSingleObject
CreateEventA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
FindClose
RemoveDirectoryW
RemoveDirectoryA
GetDriveTypeA
CreateDirectoryW
CreateDirectoryA
DeleteFileW
DeleteFileA
MoveFileW
MoveFileA
SetFileTime
SetFileAttributesW
SetFileAttributesA
CreateFileW
CreateFileA
SetEndOfFile
SetFilePointer
GetLastError
GetTempPathA
FlushFileBuffers
WriteFile
ReadFile
CloseHandle
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
GetFileSize

user32

DispatchMessageA
KillTimer
SetTimer
RegisterClassA
UnregisterClassA
TranslateMessage
DefWindowProcA
PostMessageA
GetMessageA
PeekMessageA
DestroyWindow
CreateWindowExA

advapi32

RegOpenKeyExA
RegQueryValueExA

ole32

CoTaskMemFree

oleaut32

SysFreeString
SysAllocStringLen

Exports

Exports

??0TAesCipher@XPRT@@QAE@W4ECipherOp@TCipher@1@PBEH@Z
??0TBlockCipher@XPRT@@QAE@W4ECipherOp@TCipher@1@@Z
??0TBstr@XPRT@@QAE@ABV01@@Z
??0TBstr@XPRT@@QAE@GH@Z
??0TBstr@XPRT@@QAE@PBDHPBG@Z
??0TBstr@XPRT@@QAE@PBDPBG@Z
??0TBstr@XPRT@@QAE@PBG@Z
??0TBstr@XPRT@@QAE@PBGH@Z
??0TBstr@XPRT@@QAE@XZ
??0TBufferedFile@XPRT@@QAE@H@Z
??0TCipher@XPRT@@QAE@W4ECipherOp@01@@Z
??0TConvertFromUcs2@XPRT@@QAE@PBG0@Z
??0TConvertFromUcs2@XPRT@@QAE@PBGH0@Z
??0TConvertToUcs2@XPRT@@QAE@PBDHPBG@Z
??0TConvertToUcs2@XPRT@@QAE@PBDPBG@Z
??0TFile@XPRT@@QAE@XZ
??0TFileFinder@XPRT@@QAE@XZ
??0THmac@XPRT@@QAE@AAVTMessageDigest@1@PBEH@Z
??0TInetChecksum@XPRT@@QAE@XZ
??0TLibrary@XPRT@@QAE@XZ
??0TMd4Digest@XPRT@@QAE@H@Z
??0TMd5Digest@XPRT@@QAE@H@Z
??0TMemStream@XPRT@@QAE@PBXH@Z
??0TMemStream@XPRT@@QAE@XZ
??0TMessageDigest@XPRT@@QAE@XZ
??0TPtrArray@XPRT@@QAE@XZ
??0TPtrFromPtrMap@XPRT@@QAE@H@Z
??0TPtrFromPtrMap@XPRT@@QAE@HIMMM@Z
??0TPtrList@XPRT@@QAE@H@Z
??0TSha256Digest@XPRT@@QAE@XZ
??0TShaDigest@XPRT@@QAE@XZ
??0TThread@XPRT@@QAE@XZ
??0TTimer@XPRT@@QAE@XZ
??0TXmlAttributes@XPRT@@QAE@PAPBD@Z
??0TXmlDeserializer@XPRT@@QAE@AAVTStream@1@@Z
??0TXmlParser@XPRT@@QAE@AAVTStream@1@@Z
??0TXmlParser@XPRT@@QAE@ABV01@PBDAAVTStream@1@@Z
??0TXmlWriter@XPRT@@QAE@AAVTStream@1@@Z
??0TZipArchive@XPRT@@QAE@AAVTStream@1@@Z
??1TAesCipher@XPRT@@UAE@XZ
??1TBstr@XPRT@@QAE@XZ
??1TBufferedFile@XPRT@@UAE@XZ
??1TCipher@XPRT@@UAE@XZ
??1TConvertFromUcs2@XPRT@@QAE@XZ
??1TConvertToUcs2@XPRT@@QAE@XZ
??1TFile@XPRT@@UAE@XZ
??1TFileFinder@XPRT@@UAE@XZ
??1TLibrary@XPRT@@UAE@XZ
??1TMemStream@XPRT@@UAE@XZ
??1TPtrArray@XPRT@@QAE@XZ
??1TPtrFromPtrMap@XPRT@@QAE@XZ
??1TPtrList@XPRT@@QAE@XZ
??1TThread@XPRT@@UAE@XZ
??1TTimer@XPRT@@UAE@XZ
??1TXmlDeserializer@XPRT@@UAE@XZ
??1TXmlParser@XPRT@@UAE@XZ
??1TXmlWriter@XPRT@@UAE@XZ
??1TZipArchive@XPRT@@UAE@XZ
??2TXprtAllocated@XPRT@@SAPAXI@Z
??3TXprtAllocated@XPRT@@SAXPAX@Z
??ATPtrFromPtrMap@XPRT@@QAEAAPAXPAX@Z
??_FTBufferedFile@XPRT@@QAEXXZ
??_FTMd4Digest@XPRT@@QAEXXZ
??_FTMd5Digest@XPRT@@QAEXXZ
??_FTPtrFromPtrMap@XPRT@@QAEXXZ
??_FTPtrList@XPRT@@QAEXXZ
??_UTXprtAllocated@XPRT@@SAPAXI@Z
??_VTXprtAllocated@XPRT@@SAXPAX@Z
?Add@TPtrArray@XPRT@@QAEHPAX@Z
?Add@TPtrArray@XPRT@@QAEHXZ
?AddHead@TPtrList@XPRT@@QAEPAU__POSITION@2@PAX@Z
?AddHead@TPtrList@XPRT@@QAEPAU__POSITION@2@XZ
?AddHead@TPtrList@XPRT@@QAEXABV12@@Z
?AddTail@TPtrList@XPRT@@QAEPAU__POSITION@2@PAX@Z
?AddTail@TPtrList@XPRT@@QAEPAU__POSITION@2@XZ
?AddTail@TPtrList@XPRT@@QAEXABV12@@Z
?AddTrailingSeparator@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Append@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Append@TBstr@XPRT@@QAEAAV12@G@Z
?Append@TBstr@XPRT@@QAEAAV12@PBDHPBG@Z
?Append@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Append@TBstr@XPRT@@QAEAAV12@PBG@Z
?Append@TBstr@XPRT@@QAEAAV12@PBGH@Z
?Append@TPtrArray@XPRT@@QAEHABV12@@Z
?AppendFileNameToSpec@TFile@XPRT@@SA?AVTBstr@2@PBG0@Z
?AppendFormat@TBstr@XPRT@@QAAXPBGZZ
?Assign@TBstr@XPRT@@QAEAAV12@ABV12@@Z
?Assign@TBstr@XPRT@@QAEAAV12@G@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBDHPBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBDPBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBG@Z
?Assign@TBstr@XPRT@@QAEAAV12@PBGH@Z
?Attach@TBstr@XPRT@@QAEXPAG@Z
?BerDump@TAesCipher@XPRT@@UAEHPAEH@Z
?BerInit@TAesCipher@XPRT@@UAEHPBEH@Z
?CanonicalizeSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Close@TBufferedFile@XPRT@@UAE_NXZ
?Close@TFile@XPRT@@UAE_NXZ
?Close@TFileFinder@XPRT@@QAEXXZ
?Close@TMemStream@XPRT@@UAE_NXZ
?Compare@TBstr@XPRT@@QBEHPBG@Z
?CompareNoCase@TBstr@XPRT@@QBEHPBG@Z
?CompareNormal@TBstr@XPRT@@QBEHPBG@Z
?Copy@TBstr@XPRT@@QBEPAGXZ
?Copy@TPtrArray@XPRT@@QAEXABV12@@Z
?Create@SPlex@XPRT@@SGPAU12@AAPAU12@II@Z
?Create@TThread@XPRT@@QAE_NP6AHPAX@Z0_N@Z
?CreateDirectoryA@TFile@XPRT@@SA_NPBG@Z
?CreatePath@TFile@XPRT@@SA_NPBG@Z
?CreateTempFileSpec@TFile@XPRT@@SA?AVTBstr@2@XZ
?Delete@TBstr@XPRT@@QAEHHH@Z
?Deserialize@TXmlSerializable@XPRT@@QAE_NAAVTXmlDeserializer@2@@Z
?Detach@TBstr@XPRT@@QAEPAGXZ
?DirSpecFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Empty@TBstr@XPRT@@QAEXXZ
?ExtractAt@TZipArchive@XPRT@@UAEPAVTStream@2@PAU__POSITION@2@@Z
?FileNameFromFullSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Find@TBstr@XPRT@@QBEHGH@Z
?Find@TBstr@XPRT@@QBEHPBGH@Z
?Find@TFileFinder@XPRT@@QAE_NPBGI@Z
?Find@TPtrArray@XPRT@@QBEHPAXH@Z
?Find@TPtrList@XPRT@@QBEPAU__POSITION@2@PAXPAU32@@Z
?Find@TZipArchive@XPRT@@UAEPAU__POSITION@2@PBG@Z
?FindIndex@TPtrList@XPRT@@QBEPAU__POSITION@2@H@Z
?FindNext@TFileFinder@XPRT@@QAE_NI@Z
?FindOneOf@TBstr@XPRT@@QBEHPBG@Z
?FindValue@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAXPAU32@@Z
?Finish@THmac@XPRT@@QAEHPAEH@Z
?Finish@TInetChecksum@XPRT@@QAEGXZ
?Finish@TMdXDigest@XPRT@@UAEHPAEH@Z
?Finish@TSha256Digest@XPRT@@UAEHPAEH@Z
?Finish@TShaDigest@XPRT@@UAEHPAEH@Z
?Flush@TBufferedFile@XPRT@@UAE_NXZ
?Flush@TFile@XPRT@@UAE_NXZ
?Flush@TMemStream@XPRT@@UAE_NXZ
?Format@TBstr@XPRT@@QAAXPBGZZ
?Format@TTime@XPRT@@QBE?AVTBstr@2@PBG0@Z
?Format@TTime@XPRT@@QBE?AVTBstr@2@PBG@Z
?FormatGmt@TTime@XPRT@@QBE?AVTBstr@2@PBG@Z
?FormatV@TBstr@XPRT@@QAEXPBGPAD@Z
?Free@TLibrary@XPRT@@QAE_NXZ
?FreeDataChain@SPlex@XPRT@@QAEXXZ
?FreeExtra@TPtrArray@XPRT@@QAEXXZ
?GetAt@TBstr@XPRT@@QBEGH@Z
?GetAt@TZipArchive@XPRT@@UAE_NPAU__POSITION@2@AAVTFileInfo@2@@Z
?GetAttribute@TXmlAttributes@XPRT@@QBE_NHPADH0H0H@Z
?GetBestEncoding@TBstr@XPRT@@QBE?AV12@XZ
?GetBlockSize@TAesCipher@XPRT@@UBEHXZ
?GetBstrPtr@TBstr@XPRT@@QAEPAPAGXZ
?GetCount@TXmlAttributes@XPRT@@QBEHXZ
?GetCount@TZipArchive@XPRT@@UAEHXZ
?GetCurrent@TInetChecksum@XPRT@@QAEGXZ
?GetCurrentColumn@TXmlParser@XPRT@@QBEHXZ
?GetCurrentId@TThread@XPRT@@SAIXZ
?GetCurrentLine@TXmlParser@XPRT@@QBEHXZ
?GetData@TMemStream@XPRT@@QBEPBXXZ
?GetDay@TTime@XPRT@@QBEHXZ
?GetDayOfWeek@TTime@XPRT@@QBEHXZ
?GetDigestSize@TMdXDigest@XPRT@@UBEHXZ
?GetDigestSize@TSha256Digest@XPRT@@UBEHXZ
?GetDigestSize@TShaDigest@XPRT@@UBEHXZ
?GetEncodedByteLength@TBstr@XPRT@@QBEHPBG@Z
?GetEncodedString@TBstr@XPRT@@QBEPBDPBG@Z
?GetFileSpec@TFile@XPRT@@QBEABVTBstr@2@XZ
?GetFileSpec@TFileFinder@XPRT@@QBE?AVTBstr@2@XZ
?GetFileSpec@TLibrary@XPRT@@QBEABVTBstr@2@XZ
?GetFileTime@TTime@XPRT@@QBEXAAU_FILETIME@@@Z
?GetGmtTm@TTime@XPRT@@QBE_NPAUtm@@@Z
?GetHeadPosition@TZipArchive@XPRT@@UAEPAU__POSITION@2@XZ
?GetHour@TTime@XPRT@@QBEHXZ
?GetId@TThread@XPRT@@QBEIXZ
?GetInfo@TFile@XPRT@@SA_NPBGAAVTFileInfo@2@@Z
?GetLastErrorString@TXmlParser@XPRT@@QBEPBDXZ
?GetLength@TBstr@XPRT@@QBEHXZ
?GetLength@TFile@XPRT@@UBE_JXZ
?GetLength@TMemStream@XPRT@@UBE_JXZ
?GetMinute@TTime@XPRT@@QBEHXZ
?GetMonth@TTime@XPRT@@QBEHXZ
?GetNext@TPtrFromPtrMap@XPRT@@QAEPAVTPair@12@AAPAU__POSITION@2@@Z
?GetNext@TPtrFromPtrMap@XPRT@@QBEPBVTPair@12@AAPAU__POSITION@2@@Z
?GetNext@TZipArchive@XPRT@@UAE_NAAPAU__POSITION@2@AAVTFileInfo@2@@Z
?GetNextAssoc@TPtrFromPtrMap@XPRT@@QBEXAAPAU__POSITION@2@AAPAX1@Z
?GetNextKey@TPtrFromPtrMap@XPRT@@QBEABQAXAAPAU__POSITION@2@@Z
?GetNextValue@TPtrFromPtrMap@XPRT@@QAEAAPAXAAPAU__POSITION@2@@Z
?GetNextValue@TPtrFromPtrMap@XPRT@@QBEABQAXAAPAU__POSITION@2@@Z
?GetPosition@TBufferedFile@XPRT@@UBE_JXZ
?GetPosition@TFile@XPRT@@UBE_JXZ
?GetPosition@TMemStream@XPRT@@UBE_JXZ
?GetProcAddress@TLibrary@XPRT@@QBEP6GHXZPBD@Z
?GetRawBstrPtr@TBstr@XPRT@@QAEPAPAGXZ
?GetSecond@TTime@XPRT@@QBEHXZ
?GetSpecialDirectory@TFile@XPRT@@SA?AVTBstr@2@W4ESpecialDir@12@@Z
?GetStartPosition@TPtrFromPtrMap@XPRT@@QBEPAU__POSITION@2@XZ
?GetString@TBstr@XPRT@@QBEPBGXZ
?GetTempDirectory@TFile@XPRT@@SA?AVTBstr@2@XZ
?GetTickCount@TTime@XPRT@@SA?AV12@XZ
?GetTime64@TTime@XPRT@@QBE_JXZ
?GetTimeZoneOffset@TTime@XPRT@@SA?AVTTimeSpan@2@ABV12@@Z
?GetTm@TTime@XPRT@@QBE_NPAUtm@@@Z
?GetType@TBlockCipher@XPRT@@UAE?AW4ECipherType@TCipher@2@XZ
?GetValue@TXmlAttributes@XPRT@@QBEPBDPBD0@Z
?GetYear@TTime@XPRT@@QBEHXZ
?Go@TXmlDeserializer@XPRT@@QAE_NAAVTXmlSerializable@2@@Z
?Go@TXmlParser@XPRT@@QAE_NXZ
?Init@TCondVar@XPRT@@QAEXXZ
?Init@TCritSec@XPRT@@QAEXXZ
?Init@TFileInfo@XPRT@@IAEXPBGI_JABVTTime@2@22@Z
?InitHashTable@TPtrFromPtrMap@XPRT@@QAE_NI_N@Z
?Insert@TBstr@XPRT@@QAEHHG@Z
?Insert@TBstr@XPRT@@QAEHHPBG@Z
?InsertAfter@TPtrList@XPRT@@QAEPAU__POSITION@2@PAU32@PAX@Z
?InsertAt@TPtrArray@XPRT@@QAEXHABV12@@Z
?InsertAt@TPtrArray@XPRT@@QAEXHPAXH@Z
?InsertBefore@TPtrList@XPRT@@QAEPAU__POSITION@2@PAU32@PAX@Z
?IsEmpty@TBstr@XPRT@@QBE_NXZ
?IsLoaded@TLibrary@XPRT@@QBE_NXZ
?IsOpen@TFile@XPRT@@QBE_NXZ
?IsRunning@TTimer@XPRT@@QBE_NXZ
?IsValid@TTime@XPRT@@QBE_NXZ
?Left@TBstr@XPRT@@QBE?AV12@H@Z
?Load@TLibrary@XPRT@@QAE_NPBG@Z
?Lock@TCritSec@XPRT@@QAEXXZ
?Lock@TSpinLock@XPRT@@QAEXXZ
?Lookup@TPtrFromPtrMap@XPRT@@QAEPAVTPair@12@PAX@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBEPBVTPair@12@PAX@Z
?Lookup@TPtrFromPtrMap@XPRT@@QBE_NPAXAAPAX@Z
?LookupPrefix@TXmlWriter@XPRT@@QAEPBDPBD@Z
?MakeBigEndian@TBstr@XPRT@@QAEAAV12@XZ
?MakeLower@TBstr@XPRT@@QAEAAV12@XZ
?MakeReverse@TBstr@XPRT@@QAEAAV12@XZ
?MakeUpper@TBstr@XPRT@@QAEAAV12@XZ
?MakeValidSpec@TFile@XPRT@@SA?AVTBstr@2@PBG_N@Z
?Mid@TBstr@XPRT@@QBE?AV12@H@Z
?Mid@TBstr@XPRT@@QBE?AV12@HH@Z
?MoveToHead@TPtrList@XPRT@@QAEXPAU__POSITION@2@@Z
?MoveToTail@TPtrList@XPRT@@QAEXPAU__POSITION@2@@Z
?Normalize@TBstr@XPRT@@QAEAAV12@XZ
?OnCharacterData@TXmlParser@XPRT@@MAEXPBDH@Z
?OnComment@TXmlParser@XPRT@@MAEXPBD@Z
?OnDefault@TXmlParser@XPRT@@MAEXPBDH@Z
?OnEndCdataSection@TXmlParser@XPRT@@MAEXXZ
?OnEndElement@TXmlParser@XPRT@@MAEXPBD0@Z
?OnExternalEntityRef@TXmlParser@XPRT@@MAE_NPBD000@Z
?OnProcessingInstruction@TXmlParser@XPRT@@MAEXPBD0@Z
?OnStartCdataSection@TXmlParser@XPRT@@MAEXXZ
?OnStartElement@TXmlParser@XPRT@@MAEXPBD0ABVTXmlAttributes@2@@Z
?Open@TFile@XPRT@@QAE_NPBGI_N@Z
?Pause@TXmlParser@XPRT@@QAEXXZ
?Prepare@TFifoBuffer@XPRT@@QAEPAEH@Z
?ProcessBlock@TAesCipher@XPRT@@UBEXPAE@Z
?ProcessData@TBlockCipher@XPRT@@UAEHPAEH_N@Z
?Read@TBufferedFile@XPRT@@UAEHPAXH@Z
?Read@TFifoBuffer@XPRT@@QAEHPAEH@Z
?Read@TFile@XPRT@@UAEHPAXH@Z
?Read@TMemStream@XPRT@@UAEHPAXH@Z
?Rehash@TPtrFromPtrMap@XPRT@@QAEXI@Z
?Remove@TBstr@XPRT@@QAEHG@Z
?Remove@TFile@XPRT@@SA_NPBG@Z
?RemoveAll@TPtrFromPtrMap@XPRT@@QAEXXZ
?RemoveAll@TPtrList@XPRT@@QAEXXZ
?RemoveAt@TPtrArray@XPRT@@QAEXHH@Z
?RemoveAt@TPtrList@XPRT@@QAEXPAU__POSITION@2@@Z
?RemoveAtPos@TPtrFromPtrMap@XPRT@@QAEXPAU__POSITION@2@@Z
?RemoveDirectoryA@TFile@XPRT@@SA_NPBG@Z
?RemoveHead@TPtrList@XPRT@@QAEPAXXZ
?RemoveHeadNoReturn@TPtrList@XPRT@@QAEXXZ
?RemoveKey@TPtrFromPtrMap@XPRT@@QAE_NPAX@Z
?RemoveTail@TPtrList@XPRT@@QAEPAXXZ
?RemoveTailNoReturn@TPtrList@XPRT@@QAEXXZ
?RemoveTrailingSeparator@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Rename@TFile@XPRT@@SA_NPBG0@Z
?Replace@TBstr@XPRT@@QAEHGG@Z
?Replace@TBstr@XPRT@@QAEHPBG0@Z
?Resume@TThread@XPRT@@QAE_NXZ
?Resume@TXmlParser@XPRT@@QAEXXZ
?ReverseFind@TBstr@XPRT@@QBEHG@Z
?Right@TBstr@XPRT@@QBE?AV12@H@Z
?SafeToConvert@TFile@XPRT@@SA_NPBG@Z
?Serialize@TXmlSerializable@XPRT@@QBE_NAAVTXmlWriter@2@@Z
?Set@TTime@XPRT@@QAEXABU_FILETIME@@@Z
?Set@TTime@XPRT@@QAEXHHHHHH@Z
?Set@TTime@XPRT@@QAEXN@Z
?Set@TTime@XPRT@@QAEXPBG@Z
?SetAt@TBstr@XPRT@@QAEXHG@Z
?SetAt@TPtrFromPtrMap@XPRT@@QAEPAU__POSITION@2@PAX0@Z
?SetAtGrow@TPtrArray@XPRT@@QAEXHPAX@Z
?SetAttributes@TFile@XPRT@@SA_NPBGI@Z
?SetCallback@TTimer@XPRT@@QAEXPAVTTimerCallback@2@@Z
?SetCount@TPtrArray@XPRT@@QAE_NHH@Z
?SetCurrent@TInetChecksum@XPRT@@QAEXGH@Z
?SetIndentation@TXmlWriter@XPRT@@QAEX_N@Z
?SetIv@TBlockCipher@XPRT@@QAEXPBE@Z
?SetLastWriteTime@TFile@XPRT@@SA_NPBGABVTTime@2@@Z
?SetLength@TFile@XPRT@@UAE_N_J@Z
?SetLength@TMemStream@XPRT@@UAE_N_J@Z
?SetMode@TBlockCipher@XPRT@@QAEXW4ECipherMode@12@@Z
?SetOp@TCipher@XPRT@@QAEXW4ECipherOp@12@@Z
?SetOptimalLoad@TPtrFromPtrMap@XPRT@@QAEXMMM_N@Z
?SetPosition@TBufferedFile@XPRT@@UAE_N_JH@Z
?SetPosition@TFile@XPRT@@UAE_N_JH@Z
?SetPosition@TMemStream@XPRT@@UAE_N_JH@Z
?SetTime64@TTime@XPRT@@QAEX_J@Z
?SetValueAt@TPtrFromPtrMap@XPRT@@QAEXPAU__POSITION@2@PAX@Z
?Signal@TCondVar@XPRT@@QAEXXZ
?Sleep@TThread@XPRT@@SAXI@Z
?Sort@TPtrArray@XPRT@@QAEXW4ESortOrder@2@@Z
?Sort@TPtrList@XPRT@@QAEXW4ESortOrder@2@@Z
?SpecFromUrl@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?Start@TTimer@XPRT@@QAE_NH_N@Z
?Stop@TTimer@XPRT@@QAEXXZ
?Stop@TXmlParser@XPRT@@QAEXXZ
?SwapElements@TPtrList@XPRT@@QAEXPAU__POSITION@2@0@Z
?Term@TCondVar@XPRT@@QAEXXZ
?Term@TCritSec@XPRT@@QAEXXZ
?TestAccess@TFile@XPRT@@SA_NPBGI@Z
?ToDouble@TBstr@XPRT@@QBENXZ
?ToInt@TBstr@XPRT@@QBEHH@Z
?Tokenize@TBstr@XPRT@@QBE?AV12@PBGAAH@Z
?Transform@TMd4Digest@XPRT@@EAEXQAIQBE@Z
?Transform@TMd5Digest@XPRT@@EAEXQAIQBE@Z
?Transform@TShaDigest@XPRT@@EAEXQAIQBE@Z
?TrimLeft@TBstr@XPRT@@QAEAAV12@G@Z
?TrimLeft@TBstr@XPRT@@QAEAAV12@XZ
?TrimRight@TBstr@XPRT@@QAEAAV12@G@Z
?TrimRight@TBstr@XPRT@@QAEAAV12@XZ
?Unlock@TCritSec@XPRT@@QAEXXZ
?Unlock@TSpinLock@XPRT@@QAEXXZ
?Update@THmac@XPRT@@QAEXPBEH@Z
?Update@TInetChecksum@XPRT@@QAEXPBEH@Z
?Update@TMessageDigest@XPRT@@QAEXPBEH@Z
?UrlFromSpec@TFile@XPRT@@SA?AVTBstr@2@PBG@Z
?VAdoptKey@TPtrFromGuidMap@XPRT@@MBEPAXPAX@Z
?VCompareKeys@TPtrFromGuidMap@XPRT@@MBEHPBX0@Z
?VHashKey@TPtrFromGuidMap@XPRT@@MBEIPBX@Z
?VOrphanKey@TPtrFromGuidMap@XPRT@@MBEXPAX@Z
?Wait@TCondVar@XPRT@@QAE_NH@Z
?WaitForExit@TThread@XPRT@@QAE_NPAH@Z
?Write@TBufferedFile@XPRT@@UAEHPBXH@Z
?Write@TFifoBuffer@XPRT@@QAEHPBEH@Z
?Write@TFile@XPRT@@UAEHPBXH@Z
?Write@TMemStream@XPRT@@UAEHPBXH@Z
?WriteAttribute@TXmlWriter@XPRT@@QAE_NPBD00@Z
?WriteAttribute@TXmlWriter@XPRT@@QAE_NPBD0@Z
?WriteCharacterData@TXmlWriter@XPRT@@QAE_NPBD@Z
?WriteEndDocument@TXmlWriter@XPRT@@QAE_NXZ
?WriteEndElement@TXmlWriter@XPRT@@QAE_NXZ
?WriteNamespace@TXmlWriter@XPRT@@QAE_NPBD0@Z
?WriteStartDocument@TXmlWriter@XPRT@@QAE_NXZ
?WriteStartElement@TXmlWriter@XPRT@@QAE_NPBD0@Z
?WriteStartElement@TXmlWriter@XPRT@@QAE_NPBD@Z
?kCurrentDirectory@TFileFinder@XPRT@@2QBGB
?kDirectorySeparator@TFile@XPRT@@2GB
?kLibraryExtension@TLibrary@XPRT@@2QBGB
?kParentDirectory@TFileFinder@XPRT@@2QBGB
?kUnsafeConversions@TFile@XPRT@@2QBGB
XML_DefaultCurrent
XML_ErrorString
XML_ExpatVersion
XML_ExpatVersionInfo
XML_ExternalEntityParserCreate
XML_FreeContentModel
XML_GetBase
XML_GetBuffer
XML_GetCurrentByteCount
XML_GetCurrentByteIndex
XML_GetCurrentColumnNumber
XML_GetCurrentLineNumber
XML_GetErrorCode
XML_GetFeatureList
XML_GetIdAttributeIndex
XML_GetInputContext
XML_GetParsingStatus
XML_GetSpecifiedAttributeCount
XML_MemFree
XML_MemMalloc
XML_MemRealloc
XML_Parse
XML_ParseBuffer
XML_ParserCreate
XML_ParserCreateNS
XML_ParserCreate_MM
XML_ParserFree
XML_ParserReset
XML_ResumeParser
XML_SetAttlistDeclHandler
XML_SetBase
XML_SetCdataSectionHandler
XML_SetCharacterDataHandler
XML_SetCommentHandler
XML_SetDefaultHandler
XML_SetDefaultHandlerExpand
XML_SetDoctypeDeclHandler
XML_SetElementDeclHandler
XML_SetElementHandler
XML_SetEncoding
XML_SetEndCdataSectionHandler
XML_SetEndDoctypeDeclHandler
XML_SetEndElementHandler
XML_SetEndNamespaceDeclHandler
XML_SetEntityDeclHandler
XML_SetExternalEntityRefHandler
XML_SetExternalEntityRefHandlerArg
XML_SetNamespaceDeclHandler
XML_SetNotStandaloneHandler
XML_SetNotationDeclHandler
XML_SetParamEntityParsing
XML_SetProcessingInstructionHandler
XML_SetReturnNSTriplet
XML_SetSkippedEntityHandler
XML_SetStartCdataSectionHandler
XML_SetStartDoctypeDeclHandler
XML_SetStartElementHandler
XML_SetStartNamespaceDeclHandler
XML_SetUnknownEncodingHandler
XML_SetUnparsedEntityDeclHandler
XML_SetUserData
XML_SetXmlDeclHandler
XML_StopParser
XML_UseForeignDTD
XML_UseParserAsHandlerArg
XprtTrace
XprtTrace1
XprtTrace2
_XprtAllocString@4
_XprtAllocStringLen@8
_XprtAolToIsoEncoding@8
_XprtAolToIsoLang@8
_XprtAssert@12
_XprtAtomicDecrement@4
_XprtAtomicIncrement@4
_XprtAtomicTestAndSet@4
_XprtBase64ToBin@12
_XprtBinToBase64@16
_XprtBinToHex@16
_XprtCanonicalizeScreenName@8
_XprtCompareLocale@12
_XprtCompareNoCase@8
_XprtCompareNormal@8
_XprtCompareString@8
_XprtCompareVersionsA@8
_XprtCompareWildcard@8
_XprtComputeChecksum@8
_XprtCreateThread@8
_XprtDebugBreak@0
_XprtDestroyThread@8
_XprtDispatchMessages@4
_XprtDumpMem@16
_XprtDumpText@12
_XprtEntityEscape@8
_XprtEntityUnescape@8
_XprtFlipMem@8
_XprtFreeString@4
_XprtGenerateRandom@8
_XprtGetDebugSetting@8
_XprtGetDelayLoadRoot@0
_XprtGetMessage@12
_XprtGetMessageQueue@0
_XprtGetMicroseconds64@0
_XprtGetMicroseconds@0
_XprtGetMilliseconds@0
_XprtGetSystemInfo@0
_XprtGiveMessage@12
_XprtHashFile@16
_XprtHashNoCase@4
_XprtHashNormal@4
_XprtHashString@4
_XprtHexToBin@16
_XprtHtmlToPlain@8
_XprtInetAtoN@12
_XprtInetIsNonroutable@4
_XprtInetIsValid@4
_XprtInetNtoA@8
_XprtInetNtoAEx@12
_XprtInetParse@16
_XprtInitialize@8
_XprtIsValidAddress@8
_XprtIsoToAolEncoding@8
_XprtIsoToAolLang@8
_XprtLookupMessageCallback@4
_XprtMemAlloc@4
_XprtMemDebugAlloc@12
_XprtMemDebugRealloc@16
_XprtMemFree@4
_XprtMemGetTotalSize@0
_XprtMemRealloc@8
_XprtMessageLoop@0
_XprtMultibyteToUnicode@16
_XprtPlainToHtml@8
_XprtPostMessage@16
_XprtPostQuitMessage@8
_XprtRegisterMessageCallback@8
_XprtReleaseMessageId@4
_XprtRequestMessageId@0
_XprtSeedRandom@8
_XprtSetAssertProc@4
_XprtSetDebugStringProc@4
_XprtSetDelayLoadRoot@4
_XprtSetMessageAvailableCallback@8
_XprtSetScreenNameDomains@8
_XprtStringByteLen@8

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

8dc5d8ec83864b4a8d299d8b4d06a888

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
lstrcpyA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc

user32

MapDialogRect
CharPrevA
GetPropA
GetClientRect
CallWindowProcA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
DestroyWindow

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
GetUserData
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

238a16a49edf3ab59e2f8c89449c9af7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GlobalLock
DeleteFileA
TerminateProcess
lstrlenA
lstrcatA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CloseHandle
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
GetCommandLineA
Sleep
lstrcmpiA
GetExitCodeProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/upgrade.xml
$PLUGINSDIR/xml.dll
.dll windows:4 windows x86 arch:x86

b5ed5b3a951d4443ce56e5453702d536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpynA
lstrcmpA
lstrcmpiA
lstrcpyA
RtlUnwind
GetModuleFileNameA
RaiseException
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
LoadLibraryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
GetLocaleInfoA
InterlockedExchange
SetEndOfFile

Exports

Exports

_CloneNode
_Coordinate
_CreateNode
_CreateText
_CurrentAttribute
_DeclarationEncoding
_DeclarationStandalone
_DeclarationVersion
_ElementPath
_FindCloseElement
_FindNextElement
_FirstAttribute
_FirstChild
_FirstChildElement
_FreeNode
_GetAttribute
_GetNodeValue
_GetText
_GotoHandle
_GotoPath
_InsertAfterNode
_InsertBeforeNode
_InsertEndChild
_IsCDATA
_LastAttribute
_LastChild
_LoadFile
_NextAttribute
_NextSibling
_NextSiblingElement
_NoChildren
_NodeHandle
_NodeType
_Parent
_PreviousAttribute
_PreviousSibling
_RemoveAllChild
_RemoveAttribute
_RemoveNode
_ReplaceNode
_RootElement
_SaveFile
_SetAttribute
_SetAttributeName
_SetAttributeValue
_SetCDATA
_SetCondenseWhiteSpace
_SetEncoding
_SetNodeValue
_SetText
_Unload
_XPathAttribute
_XPathNode
_XPathString

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R3/extensions/{4D1E692F-D179-413b-A987-EEEAAD85DDB3}/chrome.manifest
$R3/extensions/{4D1E692F-D179-413b-A987-EEEAAD85DDB3}/chrome/mapquesttoolbar.jar
.zip
content/XMLConfig.js
.js
content/aboutBox.xul
.js .xml polyglot
content/addbuddy.xul
.js .xml polyglot
content/aolPrefs.js
.js
content/aolQAP.js
.js
content/aolXMLIO.js
.js
content/aoltb.js
.js
content/aoltoolbar.xul
.xml
content/aoluninstall.js
.js
content/bookmark.xul
.js .xml polyglot
content/bubble.xul
.xml
content/contents.rdf
.xml
content/defaultQap.xul
.xml
content/doubleQap.xul
.xml
content/favplus_sidebar.xul
.xml
content/firsttime.xul
.js .xml polyglot
content/inbox_sidebar.xul
.xml
content/mail.js
.js
content/mapquestSearchBox.xml
.xml
content/metrics.js
.js
content/postQAP.xul
.xml
content/postTOP.xul
.xml
content/resetsurf.xul
.xml
content/searchhook.xul
.xml
content/settings.js
.js
content/settings.xul
.xml
content/surfometer.js
.js
content/tbconfig.js
.js
content/ticker/rss_right.gif
.gif
content/ticker/rss_tile.gif
.gif
content/ticker/ticker.css
content/ticker/ticker.htm
.html
content/ticker/ticker.jpg
.jpg
content/ticker/ticker.js
.js
content/upgrade.js
.js
content/util.js
.js
content/view.js
.js
content/winamp.js
.js
locale/en-US/aoltb.xml
.xml
locale/en-US/config.xml
.xml
locale/en-US/contents.rdf
.xml
locale/en-US/images/icon.png
.png
locale/en-US/images/install_banner_150.png
.png
locale/en-US/images/large_addbtn.png
.png
locale/en-US/images/large_addbtn_over.png
.png
locale/en-US/images/logo10.png
.png
locale/en-US/images/logo10_over.png
.png
locale/en-US/images/poweredby.png
.png
locale/en-US/images/search.png
.png
locale/en-US/images/search_over.png
.png
locale/en-US/images/small_addbtn.png
.png
locale/en-US/images/small_addbtn_over.png
.png
locale/en-US/images/sphere.ico
locale/en-US/images/sphere.png
.png
locale/en-US/images/web.png
.png
locale/en-US/opensearch.xml
locale/en-US/toolbar_props.properties
.js
locale/en-US/toolbar_text.dtd
skin/about.png
.png
skin/arrow-dn.png
.png
skin/arrow.png
.png
skin/arrow_click.png
.png
skin/arrow_over.png
.png
skin/bg_postqap.png
.png
skin/bg_toolbar.png
.png
skin/chevron.png
.png
skin/chevron_over.png
.png
skin/contents.rdf
.xml
skin/counter.png
.png
skin/down-arrow.gif
.gif
skin/email-icon.gif
.gif
skin/generic.gif
.gif
skin/gotoaol.png
.png
skin/help.png
.png
skin/im-icon.gif
.gif
skin/offline.png
.png
skin/online.png
.png
skin/services.png
.png
skin/settings.png
.png
skin/staf.png
.png
skin/styles.css
skin/uninstall.png
.png
skin/up-arrow.gif
.gif
$R3/extensions/{4D1E692F-D179-413b-A987-EEEAAD85DDB3}/components/IMailUtil.xpt
$R3/extensions/{4D1E692F-D179-413b-A987-EEEAAD85DDB3}/components/ImapquestUninstallObserver.xpt
$R3/extensions/{4D1E692F-D179-413b-A987-EEEAAD85DDB3}/components/MailUtil.dll
.dll windows:5 windows x86 arch:x86

18d483e08d68a6ba20514d016177924e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:df:a2:50:00:b6:ed:97:63:bf:ec:89:ab:3f:51:3c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/12/2009, 00:00

Not After

25/07/2012, 23:59

Subject

CN=AOL Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AOL Inc.,L=Dulles,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:05:6a:d1:fb:cf:14:43:e5:d3:8b:a7:41:c5:17:e1:30:b4:86:bb
Signer

Actual PE Digest

3b:05:6a:d1:fb:cf:14:43:e5:d3:8b:a7:41:c5:17:e1:30:b4:86:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cm\build\public\FirefoxMailCount_2.0.2.1\toolbar\Firefox\components_src\npMailUtil\Release\MailUtil.pdb

Imports

wininet

InternetOpenUrlA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetCanonicalizeUrlA

xpcom

NS_CStringContainerInit2
NS_CStringContainerFinish
NS_CStringContainerInit
NS_GetServiceManager
NS_CStringSetData
NS_CStringGetData
NS_GetComponentManager

kernel32

TlsAlloc
CompareStringW
CompareStringA
CreateFileA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
CloseHandle
WaitForSingleObject
CreateThread
WideCharToMultiByte
GetLocaleInfoW
ReadFile
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLastError
HeapFree
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
RtlUnwind
GetCurrentThreadId
GetCommandLineA
RaiseException
IsDebuggerPresent
DebugBreak
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
SetEnvironmentVariableA
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
FreeLibrary
GetProcessHeap
GetModuleFileNameW
VirtualQuery
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
InterlockedExchange
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale

Exports

Exports

NSGetModule
NSModule

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R3/extensions/{4D1E692F-D179-413b-A987-EEEAAD85DDB3}/components/mapquestAddonObserver.js
.js
$R3/extensions/{4D1E692F-D179-413b-A987-EEEAAD85DDB3}/components/mapquestUninstallObserver.js
.js
$R3/extensions/{4D1E692F-D179-413b-A987-EEEAAD85DDB3}/install.rdf
.xml
$R3/mapquestToolbarData/install/source.dat
$R3/mapquestToolbarData/install/upgrade.dat

Sharing

General

Malware Config

Signatures

Files

c47392731eda8da323cadbd08e81dbff

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0f:df:a2:50:00:b6:ed:97:63:bf:ec:89:ab:3f:51:3cCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

38:97:d9:30:52:2a:92:2d:1d:43:77:ae:b7:83:37:c8:32:38:03:daSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 156KB

.ndata Size: - Virtual size: 120KB

.rsrc Size: 25KB - Virtual size: 25KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 172B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0f:df:a2:50:00:b6:ed:97:63:bf:ec:89:ab:3f:51:3c
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

38:97:d9:30:52:2a:92:2d:1d:43:77:ae:b7:83:37:c8:32:38:03:da
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 156KB

.ndata
Size: - Virtual size: 120KB

.rsrc
Size: 25KB - Virtual size: 25KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0f:df:a2:50:00:b6:ed:97:63:bf:ec:89:ab:3f:51:3c
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

ff:b1:a7:6d:00:da:e2:62:70:d1:53:db:22:f2:95:41:2f:47:01:e1
Signer

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 1008B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:2c:1d:f2
Certificate

07
Certificate

9a:c8:11:73:00:d0:1d:6e:74:00:b4:86:91:bf:bc:3d:3d:dc:94:4d
Signer